On Thursday 19 June 2003 16.14, Jason Moreton wrote: > I have an accelerator box on a DMZ which I wish to forward all http > and https requests to an internal Exchange box. Do I need to > define the following in my conf file obviously appended to suit my > network? > > acl INSIDE_IP dst 1.2.3.0/24 > always_direct allow INSIDE_IP > never_direct allow all > > Sorry if this is the second posting having afew issues with > Hotmail.
The accelerator box should be used as accelerator only. To forward https requests to Exchange you need to use Squid-3. This functionality is not supported in Squid-2.5 accelerator mode. It may be possible with the SSL update to Squid-2.5 but to do this proper other accelerator related features of Squid-3 is also needed. A small Squid-3 accelerator configuration example: http_port 80 accel defaultsite=the.official.domain https_port 443 accel defaultsite=the.official.domain cache_peer ip.of.exchange.server parent 80 0 no-query originserver name=exchange-http cache_peer ip.of.exchange.server parent 443 0 no-query originserver ssl name=exchange-https acl http protocol http cache_peer_access exchange-http allow http acl https protocol https cache_peer_access exchange-https allow https never_direct allow all Alternatively, if you do not use https on the exchange server, but wishes to do so on the accelerator: https_port 443 accel defaultsite=the.official.domain cache_peer ip.of.exchange.server parent 80 0 no-query originserver front-end-https=auto never_direct allow all If you wish to send different domains to different servers then use cache_peer_access to control which server is used for which request. Note: Squid-3 is not yet classified as stable for production use, but you are welcome to try it out regardless. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
