• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2354
  • Last Modified:

Access Remote Desktop Web Access through Squid Reverse Proxy

I am trying to publish a Remote Desktop Web Access portal through a squid reverse proxy.  I use squid mainly to send the urls to the specific web server.  mail.company.com goes to the mail server and rdp.company.com goes to the Remote Web site.  Everything works internally, and everything works if I forward the 443 port directly to the RDP website.

When going through squid everything goes fine until I click on a RemotApp icon.  When I click on the icon it tries to connect and never brings up the application.  If I change the roter to forward 443 directly to my rdp web portal then I can successfully run the app.  The funny thing is, while the app is running, I can go ahead and change the router back to forward packets to the rdp portal and the connection to the remote app does not break.  I can even start more remote apps without a problem as long as I don't logout of the portal.  Once I logout, the problem returns.

This is the rule I am using in the Squid.conf file to publish the rdp site:


cache_peer internal.name.local parent 443 0 no-query originserver login=PASS connection-auth=on ssl sslflags=DONT_VERIFY_PEER sslcafile=/etc/ssl/certs/gd_bundle-g2-g1.crt sslversion=3 name=creative

acl internal.name.local dstdomain external.name.com
0
maacevedo
Asked:
maacevedo
  • 2
  • 2
2 Solutions
 
Wilder_AdminCommented:
The point is that squid is too strict in security issues and its depending which version you are using. I had the same and the only solution was to use a different reverse proxy. In my case we use now citrix netscaler. I spent more then a month to solve this with squid or apache both with no result.
0
 
Cliff GaliherCommented:
Keep in mind that clicking on a remoteapp in RDWA sends an .rdp file with an RDGateway configuration. RDG and RDWA are two different things. And while both use 443 so a simple firewall rule works, RDG does not present web forms for authentication so a strict HTML reverse proxy will break RDG and its ability to authenticate and then proxy RDP traffic. Unless things have changed recently, squid does not have any support for proxying RDG traffic and is not application-aware. You could put RDWA behind squid and run RDG on a different server (since it is, itself, a proxy for RDP traffic) and have a simple port forwarding rule for RDG. That'll work. But putting a reverse-proxy in front of RDG is tricky at best.

-Cliff
0
 
maacevedoAuthor Commented:
Has anyone tried to use the Windows 2012 R2 Web Application Proxy with RD Web and RDG?
0
 
Cliff GaliherCommented:
Yes. It works.
0
 
maacevedoAuthor Commented:
I decided to use the Web Application Proxy and it worked perfectly.  Thanks for the input!!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now