Solved

Access Remote Desktop Web Access through Squid Reverse Proxy

Posted on 2014-10-29
5
1,678 Views
Last Modified: 2014-11-01
I am trying to publish a Remote Desktop Web Access portal through a squid reverse proxy.  I use squid mainly to send the urls to the specific web server.  mail.company.com goes to the mail server and rdp.company.com goes to the Remote Web site.  Everything works internally, and everything works if I forward the 443 port directly to the RDP website.

When going through squid everything goes fine until I click on a RemotApp icon.  When I click on the icon it tries to connect and never brings up the application.  If I change the roter to forward 443 directly to my rdp web portal then I can successfully run the app.  The funny thing is, while the app is running, I can go ahead and change the router back to forward packets to the rdp portal and the connection to the remote app does not break.  I can even start more remote apps without a problem as long as I don't logout of the portal.  Once I logout, the problem returns.

This is the rule I am using in the Squid.conf file to publish the rdp site:


cache_peer internal.name.local parent 443 0 no-query originserver login=PASS connection-auth=on ssl sslflags=DONT_VERIFY_PEER sslcafile=/etc/ssl/certs/gd_bundle-g2-g1.crt sslversion=3 name=creative

acl internal.name.local dstdomain external.name.com
0
Comment
Question by:maacevedo
  • 2
  • 2
5 Comments
 
LVL 8

Assisted Solution

by:Wilder_Admin
Wilder_Admin earned 150 total points
ID: 40410356
The point is that squid is too strict in security issues and its depending which version you are using. I had the same and the only solution was to use a different reverse proxy. In my case we use now citrix netscaler. I spent more then a month to solve this with squid or apache both with no result.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40414547
Keep in mind that clicking on a remoteapp in RDWA sends an .rdp file with an RDGateway configuration. RDG and RDWA are two different things. And while both use 443 so a simple firewall rule works, RDG does not present web forms for authentication so a strict HTML reverse proxy will break RDG and its ability to authenticate and then proxy RDP traffic. Unless things have changed recently, squid does not have any support for proxying RDG traffic and is not application-aware. You could put RDWA behind squid and run RDG on a different server (since it is, itself, a proxy for RDP traffic) and have a simple port forwarding rule for RDG. That'll work. But putting a reverse-proxy in front of RDG is tricky at best.

-Cliff
0
 

Author Comment

by:maacevedo
ID: 40414660
Has anyone tried to use the Windows 2012 R2 Web Application Proxy with RD Web and RDG?
0
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 350 total points
ID: 40414674
Yes. It works.
0
 

Author Closing Comment

by:maacevedo
ID: 40417028
I decided to use the Web Application Proxy and it worked perfectly.  Thanks for the input!!
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Let’s list some of the technologies that enable smooth teleworking. 
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now