?
Solved

Access Remote Desktop Web Access through Squid Reverse Proxy

Posted on 2014-10-29
5
Medium Priority
?
2,087 Views
Last Modified: 2014-11-01
I am trying to publish a Remote Desktop Web Access portal through a squid reverse proxy.  I use squid mainly to send the urls to the specific web server.  mail.company.com goes to the mail server and rdp.company.com goes to the Remote Web site.  Everything works internally, and everything works if I forward the 443 port directly to the RDP website.

When going through squid everything goes fine until I click on a RemotApp icon.  When I click on the icon it tries to connect and never brings up the application.  If I change the roter to forward 443 directly to my rdp web portal then I can successfully run the app.  The funny thing is, while the app is running, I can go ahead and change the router back to forward packets to the rdp portal and the connection to the remote app does not break.  I can even start more remote apps without a problem as long as I don't logout of the portal.  Once I logout, the problem returns.

This is the rule I am using in the Squid.conf file to publish the rdp site:


cache_peer internal.name.local parent 443 0 no-query originserver login=PASS connection-auth=on ssl sslflags=DONT_VERIFY_PEER sslcafile=/etc/ssl/certs/gd_bundle-g2-g1.crt sslversion=3 name=creative

acl internal.name.local dstdomain external.name.com
0
Comment
Question by:maacevedo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 8

Assisted Solution

by:Wilder_Admin
Wilder_Admin earned 600 total points
ID: 40410356
The point is that squid is too strict in security issues and its depending which version you are using. I had the same and the only solution was to use a different reverse proxy. In my case we use now citrix netscaler. I spent more then a month to solve this with squid or apache both with no result.
0
 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 40414547
Keep in mind that clicking on a remoteapp in RDWA sends an .rdp file with an RDGateway configuration. RDG and RDWA are two different things. And while both use 443 so a simple firewall rule works, RDG does not present web forms for authentication so a strict HTML reverse proxy will break RDG and its ability to authenticate and then proxy RDP traffic. Unless things have changed recently, squid does not have any support for proxying RDG traffic and is not application-aware. You could put RDWA behind squid and run RDG on a different server (since it is, itself, a proxy for RDP traffic) and have a simple port forwarding rule for RDG. That'll work. But putting a reverse-proxy in front of RDG is tricky at best.

-Cliff
0
 

Author Comment

by:maacevedo
ID: 40414660
Has anyone tried to use the Windows 2012 R2 Web Application Proxy with RD Web and RDG?
0
 
LVL 59

Accepted Solution

by:
Cliff Galiher earned 1400 total points
ID: 40414674
Yes. It works.
0
 

Author Closing Comment

by:maacevedo
ID: 40417028
I decided to use the Web Application Proxy and it worked perfectly.  Thanks for the input!!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question