Solved

Access Remote Desktop Web Access through Squid Reverse Proxy

Posted on 2014-10-29
5
1,953 Views
Last Modified: 2014-11-01
I am trying to publish a Remote Desktop Web Access portal through a squid reverse proxy.  I use squid mainly to send the urls to the specific web server.  mail.company.com goes to the mail server and rdp.company.com goes to the Remote Web site.  Everything works internally, and everything works if I forward the 443 port directly to the RDP website.

When going through squid everything goes fine until I click on a RemotApp icon.  When I click on the icon it tries to connect and never brings up the application.  If I change the roter to forward 443 directly to my rdp web portal then I can successfully run the app.  The funny thing is, while the app is running, I can go ahead and change the router back to forward packets to the rdp portal and the connection to the remote app does not break.  I can even start more remote apps without a problem as long as I don't logout of the portal.  Once I logout, the problem returns.

This is the rule I am using in the Squid.conf file to publish the rdp site:


cache_peer internal.name.local parent 443 0 no-query originserver login=PASS connection-auth=on ssl sslflags=DONT_VERIFY_PEER sslcafile=/etc/ssl/certs/gd_bundle-g2-g1.crt sslversion=3 name=creative

acl internal.name.local dstdomain external.name.com
0
Comment
Question by:maacevedo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 8

Assisted Solution

by:Wilder_Admin
Wilder_Admin earned 150 total points
ID: 40410356
The point is that squid is too strict in security issues and its depending which version you are using. I had the same and the only solution was to use a different reverse proxy. In my case we use now citrix netscaler. I spent more then a month to solve this with squid or apache both with no result.
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40414547
Keep in mind that clicking on a remoteapp in RDWA sends an .rdp file with an RDGateway configuration. RDG and RDWA are two different things. And while both use 443 so a simple firewall rule works, RDG does not present web forms for authentication so a strict HTML reverse proxy will break RDG and its ability to authenticate and then proxy RDP traffic. Unless things have changed recently, squid does not have any support for proxying RDG traffic and is not application-aware. You could put RDWA behind squid and run RDG on a different server (since it is, itself, a proxy for RDP traffic) and have a simple port forwarding rule for RDG. That'll work. But putting a reverse-proxy in front of RDG is tricky at best.

-Cliff
0
 

Author Comment

by:maacevedo
ID: 40414660
Has anyone tried to use the Windows 2012 R2 Web Application Proxy with RD Web and RDG?
0
 
LVL 58

Accepted Solution

by:
Cliff Galiher earned 350 total points
ID: 40414674
Yes. It works.
0
 

Author Closing Comment

by:maacevedo
ID: 40417028
I decided to use the Web Application Proxy and it worked perfectly.  Thanks for the input!!
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Like many organizations, your foray into cloud computing may have started with an ancillary or security service, like email spam and virus protection. For some, the first or second step into the cloud was moving email off-premise. For others, a clou…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question