next »

[trendchiller]

Hi !

the squid-reverse package is a replacement for the "normal" squi package since pfSense 2.0 and combines reverse functionality with the normal squid caching proxy.

you can use the squid-reverse package to replace the squid package when you're using squid in pfSense 2.0. the configuration should be kept.

squid-reverse is not available in pfSense 1.x.

i'll bump the squid version in squid-reverse to squid 3.x when squid 3.x is running stable...

[Sam0r]

Could you post a sample configuration?

I've been trying on and off to get this working for months, and still can't.

Everything looks right, but it just won't forward anything!

[trendchiller]

Hi !
You are trying to use the reverse part and it does not work ?
First:
Did you add Firewall-Rules from ANY to WAN-Address for 80 / 443 ?

The three config fields are as follows:

HOST_SSL;192.168.1.1;443;HTTPS
HOST;192.168.1.1;80;HTTP

WEBAPP_SSL;faq;https://gw.domainname.com
WEBAPP;faq;http://gw.domainname.com

HOST_SSL;WEBAPP_SSL
HOST;WEBAPP

here it works great !

[gtr33m]

Are there instructions anywhere, or do I simply follow something like this? http://wiki.squid-cache.org/SquidFaq/ReverseProxy

Thanks,

Mark

[trendchiller]

Hi !
the packages should be self-explanatory, under each input field there are explanations...

for further held, please ask ;-)

[Sam0r]

I've configured it like you suggested, and all I get when I try to browse to a page on it is:

While trying to retrieve the URL: http://wi.atlantis.me.uk/

The following error was encountered:

Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

[trendchiller]

is your subnet allowed under access control ?
or any destimation blocked ?

[Sam0r]

Ive left everything on default except the reverse proxy section, should i change anything on the other tabs?

Also, on your URI Definitions, what does the faq part mean?

[trendchiller]

you should check the access tab if your subnet is allowed and if there are any sites blocked...

the faq reflects the uri- after the fqdn http://server.domain.tld: for http://server.domain.tld/faq

FAQ_HTTP;faq;http://server.domain.tld will be http://server.domain.tld/faq

[Sam0r]

Sorted it.

I was trying to publish the root of the site.

Turns out you have to put a * in there for that.

So, my config looks like this:

Peer Definitions:
prometheushttp;192.1.22.6;80;HTTP

URI Definitions:
atlantisweb;*;http://www.atlantis.me.uk
atlantisweb;*;http://atlantis.me.uk
atlantiswi;*;http://wi.atlantis.me.uk

ACL Definitions:
prometheushttp;atlantisweb
prometheushttp;atlantiswi

I added my subnet into the top box in access control.

Then I enabled logging in the general settings, SSH'd to the box and entered the shell.

I ran tail -F /var/squid/logs/access.log so i could see all the incoming HTTP requests.

Now to get OWA, Outlook anywhere and active sync working over HTTPS.

Any ideas if this can do other HTTPS streaming things? I have a citrix secure gateway server that uses HTTPS to connect on port 443. It's not a web page though. I guess it's similar to activesync. At the moment it's running on 4430 but i'd like to run that through squid too.

[marcelloc]

I have a citrix secure gateway server that uses HTTPS to connect on port 443. It's not a web page though. I guess it's similar to activesync.

If its not http, you may need to use haproxy or native pfSense load balancer to balance tcp connections.

[Sam0r]

Actually I've just realised a day after getting it working that it doesn't support Exchange 2010 Web Services, this makes the package totally useless for me.

I just want a reverse proxy, like in forefront TMG/ISA Server!

[marcelloc]

Actually I've just realised a day after getting it working that it doesn't support Exchange 2010 Web Services, this makes the package totally useless for me.

I just want a reverse proxy, like in forefront TMG/ISA Server!

I have it working with varnish, haproxy and apache.

To get balance with https without having certificate issues, you may need a wildcard certificate.

Varnish does all http balance/cache
Haproxy does the https balance
Apache has the certificates and mod_security

[Sam0r]

I think I'll just go back to using Forefront TMG.

As good as pfsense  is, it does't work for me. I need something up and running, and with documentation, not something put together by people in their spare time with next to no documentation.

No offence to the community, it's a great work in progress, but its not for me.

thanks for your time.

[jimp]

I think I'll just go back to using Forefront TMG.

As good as pfsense  is, it does't work for me. I need something up and running, and with documentation, not something put together by people in their spare time with next to no documentation.

No offence to the community, it's a great work in progress, but its not for me.

thanks for your time.

There are so many things wrong with that statement I don't know where to begin. But you are right, there is no one perfect solution for everyone, use whatever works best for you.