Re: [squid-users] Squid as reverse proxy with outlook web access

Killing-Time@gmx.de wrote:
> Hello everybody,
>
> I'm trying to use squid in the following way at the company where I work:
>
> [Internet] --SSL connection--> [Squid Reverse Proxy] --HTTP connection--> [Outlook Web Access Server]
> [Internet] <--SSL connection-- [Squid Reverse Proxy] <--HTTP connection-- [Outlook Web Access Server]
>
> As I'm new to squid, I tried using the configuration example which I found here:
> http://wiki.squid-cache.org/ConfigExamples/SquidAndOutlookWebAccess
>
> If I'm getting this right, the aforementioned configuration should do exactly what I'm looking for. So I tried using the configuration file (adjusted to our system/network of course), but instead of getting through to Outlook, I get an error page:
>
> (I entered https://squidserver/exchange into the browser on another machine to test it)
>

Which is where your error lies...

>
>> ERROR
>> The requested URL could not be retrieved
>> ----------------------------------------
>> While trying to retrieve the URL: https://owaserver/exchange
>> The following error was encountered:
>> - Access denied.
>> Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.
>>
>> Your cache administrator is webmaster.
>> ----------------------------------------
>> Generated Fri, 26 Oct 2007 13:25:09 by squidserver.local.myCompany.com (squid/2.6.STABLE16)
>>
>
> Here's my squid.conf file:
>
>
>> # Added because of "ACL name 'all' not defined!" error on squid startup
>> acl all src 0.0.0.0/0.0.0.0
>>
>> https_port xxx.xxx.xxx.xxx:443 cert=c:/squid/share/cert/cert.pem key=c:/squid/share/cert/key.pem defaultsite=owaserver
>>
>> cache_peer yyy.yyy.yyy.yyy parent 80 0 no-query originserver login=PASS >front-end-https=on name=owaserver
>>
>> acl OWAip dst yyy.yyy.yyy.yyy
>> acl OWA dstdomain owaserver
>> cache_peer_access owaserver allow OWA
>> never_direct allow OWAip
>>
>> http_access allow OWAip
>> http_access deny all
>>

You are only allowing accesses to yyy.yyy.yyy.yyy, but what you
requested was http://squidserver/exchange which translates to
https://xxx.xxx.xxx.xxx (and is therefore denied). Change the host file
on the client, so owaserver points to xxx.xxx.xxx.xxx and then try
surfing to https://owaserver/exchange. You should have better luck.

>> miss_access allow OWAip
>> miss_access deny all
>>
>
> Explanation:
> - xxx.xxx.xxx.xxx is the IP of the machine with squid running on it.
> - yyy.yyy.yyy.yyy is the IP of the Outlook Web Access Server
> - "owaserver" is the name of the Outlook Web Access Server in our company network
>
> I am using squid/2.6.STABLE16 with SSL support on Windows XP Pro.
>
> Can anybody help?
> Kind regards,
> - Patrick
>
>

Chris
Received on Fri Oct 26 2007 - 16:09:46 MDT