On Mon, 3 May 2004, [iso-8859-2] Hegedüs Ervin wrote:
> here is an ascii art picture:
>
>
> client ---> HTTPS ---> [Squid outside - SQUID - Squid inside] ---> HTTPS ---> OWA/WEBDAV/anything servers
>
> where Squid outside is exactly one IP address, and the key is
> just for this hostname. user wants to use with IE, and doesn't
> want to all time accept the ssl-warning...
Ok. This is a clear description.
For this you need Squid-3 or Squid-2.5 + ssl update. Squid-2.5.STABLE as
distributed can not initiate SSL connections to the backend systems as
this functionality became available after 2.5.STABLE was released.
You also need a redirector helper to clean up the accelerated URLs and map
them accordingly.
However, be warned that there is a ugly can of worms when mapping servers
in this manner. OWA is notoriously picky in how it is called and the URL
sent to OWA must exacly match what the user typed in his browser,
including hostname.
<commercial plug>
If you want to avoid most of the pain in how to properly build and
configure this kind of solution I would recommend looking into the eMARA
product from MARA Systems AB <sales@marasystems.com>. This product is the
origin of the SSL update and reworked accelerator functions of Squid-3
among many other things.
</commercial plug>
Regards
Henrik
Received on Mon May 03 2004 - 09:47:30 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Jun 01 2004 - 12:00:01 MDT