On 09/09/11 02:29, Sidnei Moreira wrote:
> hello,
>
> i have configured squid to reverse-proxy an internet connection going
> into my internal exchange server.
> the squid configuration section is like this one:
>
> ##############################
> # ip 10.0.1.1 - squid server
> # ip 10.0.1.2 - ms-exchange server
> https_port 10.0.1.1:443 cert=/etc/squid3/geotrust_cert.pem
> defaultsite=mail.my-domain.com
All requests entering through this port are re-written with the domain
name "mail.my-domain.com".
Update your EXCH ACL to permit "mail.my-domain.com" and ensure that the
exchange server believes its public domain name is "mail.my-domain.com".
> cache_peer 10.0.1.2 parent 443 0 no-query originserver login=PASS ssl
> sslcert=/etc/squid3/selfsigned.pem name=exchangeServer
>
> acl EXCH dstdomain .rpc_domain_name
> cache_peer_access exchangeServer allow EXCH
> cache_peer_access exchangeServer deny all
>
> never_direct allow EXCH
> http_access allow EXCH
> http_access deny all
> miss_access allow EXCH
> miss_access deny all
> ##############################
>
> but, when i try to connect from the internet i receive a denying page,
> and the cache log says:
> TCP_DENIED/403 3861 GET https://mail.my-domain.com/owa - NONE/- text/html
>
That looks like an OWA request.
They require some different peer configuration than RPC.
http://wiki.squid-cache.org/ConfigExamples/Reverse/OutlookWebAccess
IIRC it had something to do with OWA doing client certificate verification.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.15 Beta testers wanted for 3.2.0.11Received on Fri Sep 09 2011 - 01:07:43 MDT
This archive was generated by hypermail 2.2.0 : Fri Sep 09 2011 - 12:00:02 MDT