Hello list,
i want to use my squid in accelerator mode to secure the access to our
Exchange Server (Outlook Webaccess).
If i use port 80 to connect to the squid, it works fine. All traffic to the
Exchange Server will be routed to the squid. With netstat -an i can see it.
If i connect with port 443 to the squid, i see a message like this:
the side contains secure and unsecure objects. Do you want to display the
unsecure objects ?
When i press the YES button, my workstation connect to the Exchange Server
direct. I see it with
netstat -an.
This is my configuration:
Debian GNU Linux woody
Squid-2.5.Stable7
Usersystem ----HTTPS---------------- Squid
-----------------HTTP---------------- Exchange Server
owa.testnetz.de
exchange.testnetz.de
Request: 192.168.20.10
192.168.20.20
https://owa.testnetz.de/exchange Certificate is
generated for
owa.testnetz.de
/opt/squid/etc/squid.conf
http_port 80
https_port 443 cert=/opt/squid/etc/server.crt key=/opt/squid/etc/server.key
httpd_accel_host 192.168.20.20
httpd_accel_port 80
httpd_accel_uses_host_header on
httpd_accel_single_host off
cache_mgr hotline@testnet.de
visible_hostname owa.testnetz.de
dns_testnames owa.testnetz.de
debug_options ALL,2
logfile_rotate 5
cache_log /opt/squid/var/logs/cache.log
cache_access_log /opt/squid/var/logs/access.log
cache_store_log /opt/squid/var/logs/store.log
coredump_dir /opt/squid/var/logs/
pid_filename /opt/squid/var/logs/squid.pid
error_directory /opt/squid/share/errors/German
cache_replacement_policy lru
cache_dir ufs /opt/squid/var/cache 1024 64 256
cache_swap_low 90
cache_swap_high 95
maximum_object_size 2046 MB
store_dir_select_algorithm least-load
cache_mem 64 MB
maximum_object_size_in_memory 64 KB
memory_replacement_policy lru
mime_table /opt/squid/etc/mime.conf
ipcache_size 10000
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
refresh_pattern . 0 20% 4320
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl Exchange_IP dst 192.168.20.20
acl SSL_ports port 443
acl Safe_ports port 443 # https
acl Safe_ports port 80 # http
acl Exchange_Port port 80
acl CONNECT method CONNECT
always_direct allow all
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access allow all Exchange_IP
http_access deny all
http_reply_access allow all
icp_access deny all
cache_effective_user squid
cache_effective_group squid
/etc/hosts
edm:~# cat /etc/hosts
127.0.0.1 localhost
192.168.20.20 owa.testnetz.de owa
can anyone help me ??
tino
Mit freundlichen Grüssen
Tino Glatzel
badenIT
Innovationstechnologie für Ihre Zukunft
Tino Glatzel
badenIT GmbH
System Support
Tullastr. 70
D-79108 Freiburg
Tel. +49 761 279-2804
Fax +49 761 279-572804
mailto:tino.glatzel@badenIT.de
www.badenIT.de
Received on Thu Dec 16 2004 - 02:19:36 MST
This archive was generated by hypermail pre-2.1.9 : Sat Jan 01 2005 - 12:00:02 MST