Solved

Access Remote Desktop Web Access through Squid Reverse Proxy

Posted on 2014-10-29
5
2,005 Views
Last Modified: 2014-11-01
I am trying to publish a Remote Desktop Web Access portal through a squid reverse proxy.  I use squid mainly to send the urls to the specific web server.  mail.company.com goes to the mail server and rdp.company.com goes to the Remote Web site.  Everything works internally, and everything works if I forward the 443 port directly to the RDP website.

When going through squid everything goes fine until I click on a RemotApp icon.  When I click on the icon it tries to connect and never brings up the application.  If I change the roter to forward 443 directly to my rdp web portal then I can successfully run the app.  The funny thing is, while the app is running, I can go ahead and change the router back to forward packets to the rdp portal and the connection to the remote app does not break.  I can even start more remote apps without a problem as long as I don't logout of the portal.  Once I logout, the problem returns.

This is the rule I am using in the Squid.conf file to publish the rdp site:


cache_peer internal.name.local parent 443 0 no-query originserver login=PASS connection-auth=on ssl sslflags=DONT_VERIFY_PEER sslcafile=/etc/ssl/certs/gd_bundle-g2-g1.crt sslversion=3 name=creative

acl internal.name.local dstdomain external.name.com
0
Comment
Question by:maacevedo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 8

Assisted Solution

by:Wilder_Admin
Wilder_Admin earned 150 total points
ID: 40410356
The point is that squid is too strict in security issues and its depending which version you are using. I had the same and the only solution was to use a different reverse proxy. In my case we use now citrix netscaler. I spent more then a month to solve this with squid or apache both with no result.
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40414547
Keep in mind that clicking on a remoteapp in RDWA sends an .rdp file with an RDGateway configuration. RDG and RDWA are two different things. And while both use 443 so a simple firewall rule works, RDG does not present web forms for authentication so a strict HTML reverse proxy will break RDG and its ability to authenticate and then proxy RDP traffic. Unless things have changed recently, squid does not have any support for proxying RDG traffic and is not application-aware. You could put RDWA behind squid and run RDG on a different server (since it is, itself, a proxy for RDP traffic) and have a simple port forwarding rule for RDG. That'll work. But putting a reverse-proxy in front of RDG is tricky at best.

-Cliff
0
 

Author Comment

by:maacevedo
ID: 40414660
Has anyone tried to use the Windows 2012 R2 Web Application Proxy with RD Web and RDG?
0
 
LVL 58

Accepted Solution

by:
Cliff Galiher earned 350 total points
ID: 40414674
Yes. It works.
0
 

Author Closing Comment

by:maacevedo
ID: 40417028
I decided to use the Web Application Proxy and it worked perfectly.  Thanks for the input!!
0

Featured Post

Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question