On Thursday 19 June 2003 16.14, Jason Moreton wrote:
> I have an accelerator box on a DMZ which I wish to forward all http
> and https requests to an internal Exchange box.  Do I need to
> define the following in my conf file obviously appended to suit my
> network?
>
> acl INSIDE_IP dst 1.2.3.0/24
> always_direct allow INSIDE_IP
> never_direct allow all
>
> Sorry if this is the second posting having afew issues with
> Hotmail.

The accelerator box should be used as accelerator only.

To forward https requests to Exchange you need to use Squid-3. This 
functionality is not supported in Squid-2.5 accelerator mode. It may 
be possible with the SSL update to Squid-2.5 but to do this proper 
other accelerator related features of Squid-3 is also needed.


A small Squid-3 accelerator configuration example:

   http_port 80 accel defaultsite=the.official.domain
   https_port 443 accel defaultsite=the.official.domain

   cache_peer ip.of.exchange.server parent 80 0 no-query originserver 
name=exchange-http
   cache_peer ip.of.exchange.server parent 443 0 no-query originserver 
ssl name=exchange-https

   acl http protocol http
   cache_peer_access exchange-http allow http

   acl https protocol https
   cache_peer_access exchange-https allow https

   never_direct allow all


Alternatively, if you do not use https on the exchange server, but 
wishes to do so on the accelerator:

   https_port 443 accel defaultsite=the.official.domain
   
   cache_peer ip.of.exchange.server parent 80 0 no-query originserver 
front-end-https=auto

   never_direct allow all


If you wish to send different domains to different servers then use 
cache_peer_access to control which server is used for which request.


Note: Squid-3 is not yet classified as stable for production use, but 
you are welcome to try it out regardless.

Regards
Henrik


-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

Reply via email to