[squid-users] squid as a reverse proxy and exchange 2007- Mandating access with the certificate

From: Erwan Le Du <erwanledu_at_gmail.com>
Date: Sat, 28 Aug 2010 16:24:13 +0200

Hi,
I'm using "squid" as a reverse proxy to allow the users to connect to
exchange 2007 from the outside. All is ok(OWA and RPC overs https) but
I would like to know if we can secure the connections with a
certificate. I would like that the users must have inevitably the
certificate to connect to the Outlook web access. For the moment if I
have not the certificate I have a warning from the internet browser
(because it 's a self signed certificate ) but I can continue and
finally "catch" the owa interface" ... With apache I can use
SSLVerifyClient but I don't know if it's possible with squid as a
reverse proxy. Otherwise I can enable the option "client certificate
require" in the ssl settings for the folder "owa" in IIS 7 but I would
like to connect to outlook web access from the internal network
without certificate.

Below my squid configuration :

visible_hostname "hostname"
debug_options ALL,1
extension_methods RPC_IN_DATA RPC_OUT_DATA
https_port 443  cert=/path/certif.crt key=/path/certif.key cafile=/path/ca.crt \
defaultsite="hostname"
cache_peer "exchange_internal_ip" parent 443 0 no-query proxy-only
originserver \
login=PASS ssl sslflags=DONT_VERIFY_PEER front-end-https=on
name="exchange_hostname"
acl all src 0.0.0.0/0.0.0.0
acl owa dstdomain "hostname"
cache_peer_access "exchange_hostname" allow owa
never_direct allow owa
http_access allow owa
http_access deny all
miss_access allow owa
miss_access deny all
access_log /var/log/squid3/access.log squid

Sorry for my english..
Thanks in advance.

Regards.
Received on Sat Aug 28 2010 - 14:24:15 MDT

This archive was generated by hypermail 2.2.0 : Sun Aug 29 2010 - 12:00:07 MDT