[squid-users] Frontpage via Reverse Proxy

From: Mike Withers <M.withers@dont-contact.us>
Date: Mon, 01 May 2006 19:39:35 +1000

Hi everyone

I have a problem with windows client machines connecting to a Dot Net
enabled server via a squid redirector. When I connect directly to the
windows (2000) server I can upload a dotnet web project using the frontpage
extensions but via the redirector it will not make the connection.

I have three machines which for the purposes of anonymity I have given the
following IP addresses:

client: aaa.bbb.ee.ff
proxy: "concrete.no.org" at aaa.bbb.cc.dd
server: "server" at 192.168.1.149

The headers sent are as follows:

****** CLIENT **********

GET /wg/test2/Apr27B/get_aspx_ver.aspx HTTP/1.1
Accept: */*
User-Agent: Microsoft-Visual-Studio.NET/7.10.3077
Host: AAA.BBB.CCC.DD
Connection: Keep-Alive
Cache-Control: no-cache

HTTP/1.0 401 Unauthorized
Server: Microsoft-IIS/5.0
Date: Thu, 27 Apr 2006 05:27:02 GMT
WWW-Authenticate: Basic realm="aaa.bbb.cc.dd"
Content-Length: 4431
Content-Type: text/html
X-Cache: MISS from concrete
Connection: keep-alive

**** PROXY ( concrete) ********

GET /wg/test2/Apr27B/get_aspx_ver.aspx HTTP/1.1
Accept: */*
User-Agent: Microsoft-Visual-Studio.NET/7.10.3077
Host: aaa.bbb.cc.dd
Connection: Keep-Alive
Cache-Control: no-cache

HTTP/1.0 401 Unauthorized
Server: Microsoft-IIS/5.0
Date: Thu, 27 Apr 2006 05:27:02 GMT
WWW-Authenticate: Basic realm="aaa.bbb.cc.dd"
Content-Length: 4431
Content-Type: text/html
X-Cache: MISS from concrete.no.org
Connection: keep-alive

********** SERVER ********

GET /wg/test2/Apr27B/get_aspx_ver.aspx HTTP/1.0
Accept: */*
User-Agent: Microsoft-Visual-Studio.NET/7.10.3077
Host: aaa.bbb.cc.dd
Via: 1.1 concrete.no.org:80 (squid/2.5.STABLE9)
X-Forwarded-For: aaa.bbb.ee.ff
Cache-Control: no-cache, max-age=259200
Connection: keep-alive

HTTP/1.1 401 Access Denied
Server: Microsoft-IIS/5.0
Date: Thu, 27 Apr 2006 05:27:02 GMT
WWW-Authenticate: Basic realm="aaa.bbb.cc.dd"
Content-Length: 4431
Content-Type: text/html

The only thing I can see from the dumps is that the client sends a request
in HTTP 1.1 and
the proxy is sending an HTTP 1.0 request to the server which then responds
with a HTTP 1.0
header back to the client via the proxy.

Dot Net uses frontpage extensions to upload if it cannot make netbios
connection - which it can't.
I have checked that the site is using basic (plaintext) authentication and
I recompiled squid with
the following:

./configure
--enable-icmp
--enable-useragent-log
--enable-referer-log
--enable-arp-acl
--enable-ipf-transparent
--sysconfdir=/etc
--enable-internal-dns
--disable-wccp

options
The config file has:

http_port 137.154.86.33:80
icp_port 0
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

useragent_log /usr/local/squid/var/logs/useragent.log

redirect_program /usr/local/squid/bin/redirector
redirect_rewrites_host_header off

auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager

http_access deny !Safe_ports
http_access allow all
http_reply_access allow all

icp_access allow all

tcp_outgoing_address 192.168.1.1

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_single_host off

The redirect script is a perl script structured as follows:

#! /usr/bin/perl

$|=1;
while (1) {
         $_ = <stdin>;

                 s|http://aaa.bbb.cc.dd/weng|http://192.168.1.149|g;

     print;
}

Have I missed something?
Any assistance would be appreciated.

Mike
Received on Mon May 01 2006 - 03:39:50 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Jun 01 2006 - 12:00:01 MDT