On 09/09/11 02:29, Sidnei Moreira wrote:
hello,
i have configured squid to reverse-proxy an internet connection going
into my internal exchange server.
the squid configuration section is like this one:
##############################
# ip 10.0.1.1 - squid server
# ip 10.0.1.2 - ms-exchange server
https_port 10.0.1.1:443 cert=/etc/squid3/geotrust_cert.pem
defaultsite=mail.my-domain.com
All requests entering through this port are re-written with the domain
name "mail.my-domain.com".
Update your EXCH ACL to permit "mail.my-domain.com" and ensure that the
exchange server believes its public domain name is "mail.my-domain.com".
cache_peer 10.0.1.2 parent 443 0 no-query originserver login=PASS ssl
sslcert=/etc/squid3/selfsigned.pem name=exchangeServer
acl EXCH dstdomain .rpc_domain_name
cache_peer_access exchangeServer allow EXCH
cache_peer_access exchangeServer deny all
never_direct allow EXCH
http_access allow EXCH
http_access deny all
miss_access allow EXCH
miss_access deny all
##############################
but, when i try to connect from the internet i receive a denying page,
and the cache log says:
TCP_DENIED/403 3861 GET https://mail.my-domain.com/owa - NONE/- text/html
That looks like an OWA request.
They require some different peer configuration than RPC.
http://wiki.squid-cache.org/ConfigExamples/Reverse/OutlookWebAccess
IIRC it had something to do with OWA doing client certificate verification.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.15
Beta testers wanted for 3.2.0.11