• Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Chaining to a Squid server

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> General >> Chaining to a Squid server Page: [1]
Message << Older Topic   Newer Topic >>
Chaining to a Squid server - 28.Nov.2002 5:11:00 PM   


Posts: 126
Joined: 20.Feb.2001
From: Portugal
Status: offline
Is it possible to chaining firewall requests to a Squid server without problems?
And redirecting Web proxy requests?
I have tried that some time ago and didnŠt work? Did I miss some trick??

Jose Ramada
Post #: 1
RE: Chaining to a Squid server - 5.Dec.2002 3:29:00 AM   


Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Ramada,

All it should require is a Web Routing Rule.


(in reply to ramada)
Post #: 2
RE: Chaining to a Squid server - 19.Jun.2006 5:39:19 PM   


Posts: 56
Joined: 4.Dec.2002
Status: offline
I'm trying to do the same thing I have it mostly working, but I'm getting some url problems.  For example on google.com the groups url becomes groups.ipaddress instead of groups.google.com.  I'm not sure if this issue is with ISA or with Squid.  I'm actually using DansGuardian on top of Squid.  I'll do some more testing.

(in reply to ramada)
Post #: 3
RE: Chaining to a Squid server - 11.Jul.2006 9:10:52 AM   


Posts: 4
Joined: 9.Oct.2002
Status: offline
I'm chaining an ISA server through squid and it works fine setting it as an upstream proxy to redirect requests to. The problem I am having is that the ISA server believes that the squid proxy becomes unavailable and uses the bypass route to go dorect to the internet, even though the squid proxy is never unavailable
This appears to be happening as ISA server cant get the array information from the upstream squid proxy.
Is there a way to turn this request off and have ISA blindly pass the request to the squid box?

(in reply to wasserja)
Post #: 4
RE: Chaining to a Squid server - 28.Jul.2006 11:23:29 AM   


Posts: 14
Joined: 13.Mar.2003
From: Truro, Cornwall, UK
Status: offline
I've got similar issues with chaining an ISA 2004 box to an upstream Squid. We get regular routing/chaining alerts saying that the ISA can not contact the Squid when its definately available and we also get issues with SNAT clients and various URLS such as hotmail.com (same issue as wasserja where urls end up containing IP addresses and not names).

(in reply to ramada)
Post #: 5
RE: Chaining to a Squid server - 23.Oct.2006 4:17:41 PM   


Posts: 56
Joined: 4.Dec.2002
Status: offline
We are using ISA 2004 with web chaining to a Linux server running DansGuardian and Squid.  Everything seems to work fine except some clients send the IP address as the URL instead of the dns name which is causing some problems.  We've tried clearing the cache on the ISA server and on Squid but the problem seems to lie with the user account in Windows.  For example trying to access a site http://my.homepage.com would be sent to the upstream proxy as  This only happens with a few sites so it's difficult to nail down.  Other than that this solution is working great and provides inexpensive fast content filtering.  

(in reply to selsworthy)
Post #: 6
RE: Chaining to a Squid server - 13.Nov.2006 11:19:39 AM   


Posts: 56
Joined: 4.Dec.2002
Status: offline
We are still having the same problems with some of our clients, particularly our VPN clients.  It is sending the IP address instead of the URL through the ISA server to the upstream proxy server.  Does anybody have any suggestions?

(in reply to wasserja)
Post #: 7
RE: Chaining to a Squid server - 22.Jan.2007 6:17:14 AM   


Posts: 34
Joined: 29.Nov.2005
From: Paul Welsh
Status: offline
This is a route I'm considering going down.  I see that Kaspersky do an anti-virus for Squid proxy servers - http://www.kaspersky.com/anti-virus_linux_proxy_server - and, given Linux and Squid are open source then it doesn't seem a bad route to go down in terms of cost.  The main advantage I can see is that it means I wouldn't have to install SurfControl and an anti-virus package like Kaspersky for ISA Server onto the ISA server.  I can just envisage performance / reliability problems going down this road.

Currently we use a service that MessageLabs provides for scanning web sites.  It's called scansafe and costs over GBP20 per user per year.  This involves chaining our ISA 2004 server with MessageLabs's remote proxy.  Wonder if their proxies are running Squid?

The squid server could also act as a mail scanning server using www.mailscanner.info plus spamassassin and Clam anti-virus (open source) plus a commercial anti-virus scanner.  Now that really would constitute a big saving compared to MessageLabs.

As I see it, we'd just be replacing the scansafe proxy with an in-house proxy server; all that would change on the ISA box is the IP of the server to chain to.  The squid / smtp server would sit in the DMZ with a separate public IP to the ISA box.  It could even have a separate, relatively inexpensive, high speed ADSL connection.

Does anyone have any experience regarding the ease of use of Squid?  Is it something that can be configured and more or less left alone on a day-to-day basis?

(in reply to wasserja)
Post #: 8
RE: Chaining to a Squid server - 26.Sep.2007 3:05:52 AM   


Posts: 1
Joined: 26.Sep.2007
Status: offline

I am have an exactly replication of your problems RE: page redirection to the webserver's root page.

Was there every a resolution to this ? I am using ISA 2006, on 2003 SP2, FP1.

Wisdom required.


(in reply to wasserja)
Post #: 9

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> General >> Chaining to a Squid server Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts