I have:
1) Linux Mandrake v10.1
2) Linux Mandrake SQUID RPM v2.5-STABLE6
3) OutlookWebAccess on Windows Server 2003
Here you have my configuration files.
I'd like to use Squid as a reverse proxy in this way:
WEB -> SSL SQUID PROXY -> OWA (HTTP) (exchange)
Is my configuration OK!?
Can you help me?
Regards.
--------------------------
Michele Ratti
1) squid.conf
# TAG: https_port
# Usage: [ip:]port cert=certificate.pem [key=key.pem]
[options...]
#
# The socket address where Squid will listen for HTTPS client
# requests.
#
# This is really only useful for situations where you are running
# squid in accelerator mode and you want to do the SSL work at
the
# accelerator level.
#
# You may specify multiple socket addresses on multiple lines,
# each with their own SSL certificate and/or options.
#
# Options:
#
# cert= Path to SSL certificate (PEM format)
#
# key= Path to SSL private key file (PEM format)
# if not specified, the certificate file is
# assumed to be a combined certificate and
# key file
#
# version= The version of SSL/TLS supported
# 1 automatic (default)
# 2 SSLv2 only
# 3 SSLv3 only
# 4 TLSv1 only
#
# cipher= Colon separated list of supported ciphers
#
# options= Varions SSL engine options. The most important
# being:
# NO_SSLv2 Disallow the use of SSLv2
# NO_SSLv3 Disallow the use of SSLv3
# NO_TLSv1 Disallow the use of TLSv1
# See src/ssl_support.c or OpenSSL documentation
# for a more complete list.
#
#Default:
# none
https_port 443 cert=/etc/squid/key.crt key=/etc/squid/key.key
httpd_accel_host 89.0.4.128
httpd_accel_port 80
#httpd_accel_single_host off
httpd_accel_with_proxy on
httpd_accel_uses_host_header off
redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
visible_hostname OwaMailMan
[THE REST IS DEFAULT]
2) squidGuard.conf
#----------------------------------------------------------------
# SquidGuard CONFIGURATION FILE
#----------------------------------------------------------------
# CONFIGURATION DIRECTORIES
dbhome /usr/share/squidGuard-1.2.0/db
logdir /var/log/squidGuard
# TIME RULES:
# abbrev for weekdays:
# s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat
time workhours {
weekly s 09:30-12:00 13:00-19:00
weekly m 09:00-12:00 13:00-19:00
weekly t 09:00-11:00 12:00-19:00
weekly w 09:00-12:00 12:00-18:00
weekly h 09:00-13:00 13:00-18:00
weekly f 09:00-12:00 13:30-18:00
weekly a 08:20-13:00 13:30-19:00
}
# SOURCE ADDRESSES:
src privilegedsource {
iplist privilegedsource/ips
}
src bannedsource {
iplist bannedsource/ips
}
src lansource {
iplist lansource/lan
}
# DESTINATION CLASSES:
dest porn {
domainlist porn/domains
urllist porn/urls
expressionlist porn/expressions
}
dest adult {
domainlist adult/domains
urllist adult/urls
expressionlist adult/expressions
}
dest audio-video {
domainlist audio-video/domains
urllist audio-video/urls
}
dest forums {
domainlist forums/domains
urllist forums/urls
expressionlist forums/expressions
}
dest hacking {
domainlist hacking/domains
urllist hacking/urls
}
dest redirector {
domainlist redirector/domains
urllist redirector/urls
expressionlist redirector/expressions
}
dest warez {
domainlist warez/domains
urllist warez/urls
}
dest ads {
domainlist ads/domains
urllist ads/urls
}
dest aggressive {
domainlist aggressive/domains
urllist aggressive/urls
}
dest drugs {
domainlist drugs/domains
urllist drugs/urls
}
dest gambling {
domainlist gambling/domains
urllist gambling/urls
}
dest publicite {
domainlist publicite/domains
urllist publicite/urls
expressionlist publicite/expressions
}
dest violence {
domainlist violence/domains
urllist violence/urls
expressionlist violence/expressions
}
dest banneddestination {
domainlist banneddestination/domains
urllist banneddestination/urls
expressionlist banneddestination/expressions
}
dest advertising {
domainlist advertising/domains
urllist advertising/urls
redirect http://127.0.0.1/cgi-bin/nulbanner.png
log /var/log/squidGuard/advertising.log
}
dest exploit {
expressionlist exploit/expressions
}
# ACLs
acl {
privilegedsource {
pass !advertising all
redirect
http://127.0.0.1/cgi-bin/squidGuard.cgi?clientaddr=%a&srcclass=%s&target
class=%t&url=%u
}
# bannedsource {
# pass none
# redirect
http://127.0.0.1/cgi-bin/squidGuard.cgi?clientaddr=%a&srcclass=%s&target
class=%t&url=%u
#
# }
lansource {
pass !adult !audio-video !forums !hacking !redirector
!warez !ads !aggressive !drugs !gambling !publicite !violence
!banneddestination !advertising all
redirect
http://127.0.0.1/cgi-bin/squidGuard.cgi?clientaddr=%a&srcclass=%s&target
class=%t&url=%u
}
default {
pass !exploit all
redirect
http://127.0.0.1:81/cgi-bin/squidGuard.cgi?clientaddr=%a&srcclass=%s&tar
getclass=%t&url=%u
}
}
Received on Wed Dec 22 2004 - 11:49:36 MST
This archive was generated by hypermail pre-2.1.9 : Sat Jan 01 2005 - 12:00:02 MST
