Re: [squid-users] Is it possible to have squid as do Proxy and OWA/RPCoHTTPS accelerator? from Amos Jeffries on 2008-06-01 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sun, 01 Jun 2008 22:38:49 +1200

Odhiambo Washington wrote:
> Hello gurus,
>
> I have been trying the whole day to get Squid to work as a reverse
> proxy/accelerator for OWA and RPC-over-https with no sucess. I believe
> I've come to my /etc on this!
> I have read the Wiki entries and this thread:
> http://www.nabble.com/Forwarding-Denied-when-using-dst-cache_peer-in-acl-td15123146.html
>

Not that the article references two Squid wiki articles. All the configs
doing OWA using "dst" ACL were relevant only up to 2.5 and fatally
flawed with a required but unstated DNS hack.
The wiki presently has updated configs which work with all current Squid.

> However, I seem to still miss a critical point.
> My Squid (2.7RC) is first and foremost being used as a LAN proxy. This
> in itself has posed a challenge to me in terms of specifying who is
> allowed to use it as a proxy.
> I have an M$ Exchange server which is is self-contained, with
> self-signed certificate.
> Can I configure Squid as a proxy for the LAN as well as an accelerator
> for several backend website(s)? I've found this challenging in terms
> of ordering the ACLs.

Yes. With some access control tweaking two 'components' can be kept
seperate. see below.

>
> I can see from the above thread that Wouter de Jong-2 actually/finally
> managed to configure Squid to accelerate OWA as well as do the
> RPC-over-HTTP(s) but he does not mention is the squid instance is also
> being used as a proxy.
> Does someone have a sample config for squid being used as LAN proxy
> and accelerator, especially for M$ Exchange OWA and RPCoHTTPS?

Should be no need. All the current squid releases support multiple
http_port entries. That is the first important part.

Near the top of your config above your ALL of yoru regular proxy port
and _access controls. Setup the OWA/RPC acceleration as listed in the
wiki. Omitting the controls which do blanket 'deny all'.

http://wiki.squid-cache.org/ConfigExamples/SquidAndOutlookWebAccess
http://wiki.squid-cache.org/ConfigExamples/SquidAndRPCOverHttp

Then following that setup your main proxy port and controls.

Amos

-- 
Please use Squid 2.7.STABLE1 or 3.0.STABLE6

Received on Sun Jun 01 2008 - 10:38:55 MDT

This archive was generated by hypermail 2.2.0 : Tue Jun 17 2008 - 12:00:03 MDT