[squid-users] Reverse Proxy and OWA
Hi All, I am a newbie about squid. I am interested about squid as reverse proxy for Outlook Web App and Activesync for Exchange 2010 Did Someone have experience about this? Is it possible to use at the same time squid as proxy and reverse proxy ? Thank You Andrea
[squid-users] reverse proxy for OWA 2010 - firts issue
Hi, I installed ubuntu server (latest) with squid 2.7. I am following this example config: http://wiki.squid-cache.org/ConfigExamples/Reverse/OutlookWebAccess but on first command "https_port" squid returns the error "unrecognired" Where is the problem? thanks
[squid-users] compiling with enable-ssl
Hi, I have many problems to compiling squid 3.1.1 with --enable-ssl switch. OpenSSL is installed already on Ubuntu Server, but ./configure returns many errors and make not works What is the best linux distribution or OS for squid?? tnx -- Andrea Gallazzi http://andreagx.blogspot.com
[squid-users] OWA 2010 - Reverse Proxy -- continue
After little problem I installed squid 3.1.1 with openssl on my ubuntu server 9.10. Now i have my ssl certificate (.cer) on my exchange server but squid (or openssl ?) require a .pem certificate. I have doubts about this. Is the certificate the same of exchange ? (if yes) The same certificate will installed on squid and on exchange? How to make the .pem certificate for squid? thanks Andrea
[squid-users] Reverse and SSL cert
After little problem I installed squid 3.1.1 with openssl on my ubuntu server 9.10. Now i have my ssl certificate (.cer) on my exchange server but squid (or openssl ?) require a .pem certificate. I have doubts about this. Is the certificate the same of exchange ? (if yes) The same certificate will installed on squid and on exchange? How to make the .pem certificate for squid? thanks -- Andrea Gallazzi http://andreagx.blogspot.com
Re: [squid-users] Reverse and SSL cert
Thanks Jakob for your reply. As usual I do not agree with digital certificate. :-) (in theory and with yours help) My goal is demonstrate wich is possible to use squid for reverse proxy instead of ISA or TMG and write an article on my blog. I would get this topology: Squid as reverse proxy for exchange 2010 owa and activesync. Exchange 2010 have a certificate released from my internal CA. I am following this example config: http://wiki.squid-cache.org/ConfigExamples/Reverse/OutlookWebAccess On real world: I must configure or request a new certificate to my internal CA for squid reverse proxy or install the same certificate of exchange? tnx -- From: "Jakob Curdes" Sent: Wednesday, March 31, 2010 11:59 PM To: "Squid Mailing List" Cc: "Andrea Gallazzi" Subject: Re: [squid-users] Reverse and SSL cert Is the certificate the same of exchange ? (if yes) The same certificate will installed on squid and on exchange? How to make the .pem certificate for squid? You need to tell us more about your setup. Probably you want to terminate a SSL connection on the reverse-proxy and forward the request to an internal server that happens to run SSL. In this case the certificate the the external client will get is the one configured in the https_port directive. For the second SSL connection (presumably to Exchange) you need a second certificate, which is defined in the cache_peer directive. This cert is just used to identify squid the the exchange server. Another problem arises: if we are talking about OWA or RPCvia HTTP access to exchange, you need to make sure that the domain for the requests is the same all the time, i.e. the external client is requesting owa.domain.com which you are forwarding, say, to exchange.company.local. You must make sure that the these two domains map to one in DNS, otherwise the requests will fail. Plus the certificates need to reflect this ... there are commercial certificates where you can enter two different domain names into one cert.Look for "Subject Alternative Names (SAN)" certificates. You can use such a cert on squid and the exchange server. Remark, not sure if it applies: If using Outlook as RPCvia HTTPS client, you will have trouble with self-signed certs. Outlook does not display a warning but just rejects the connection unless a self-signed cert has been accepted into the certificate store of the operating system e.g. by going through an IE certificate dialogue. HTH, Jakob Curdes
[squid-users] ACL NCSA and user
Hi, Can I prevent to access only some web site at only some user ? i.e. user1 can only go on www.website1.com user2 can only go on www.website2.com user1 and user2 was authenticated by nsca. thank you
[squid-users] user based ACLs
Hi, Can I prevent to access only some web site at only some user ? i.e. user1 can only go on www.website1.com user2 can only go on www.website2.com user1 and user2 was authenticated by nsca. thank you
[squid-users] proxy autoconfiguration
Hello all, my scenario: The proxy address was setted by group policy. Windows 2003 , Windows 2008 r2 , Windows 7 , Windows XP Problem: Some notebooks should be able to surfing internet from out of office but the client that was setted with proxy address then the user can not access Question: Can I configure proxy address by DHCP, automatically? Is there some other method? Thank You
Re: [squid-users] proxy autoconfiguration
The users must be authenticated. :( -- From: "Jeff Pang" Sent: Thursday, April 22, 2010 2:26 PM To: "Squid Users" Subject: Re: [squid-users] proxy autoconfiguration On Thu, Apr 22, 2010 at 7:55 PM, Andrea Gallazzi wrote: Question: Can I configure proxy address by DHCP, automatically? Is there some other method? What you wanted is transparnet proxy, try find the config samples on: http://wiki.squid-cache.org/ConfigExamples -- Jeff Pang http://home.arcor.de/pangj/