[EMAIL PROTECTED] root]# squid -v Squid Cache: Version 2.5.STABLE6 configure options: i586-mandrake-linux-gnu --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin --sysconfdir=/etc/squid --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/lib/squid --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man --infodir=/usr/share/info --enable-poll --enable-snmp --enable-removal-policies=heap,lru --enable-storeio=aufs,coss,diskd,ufs,null --enable-useragent-log --enable-referer-log --enable-cachemgr-hostname=localhost --enable-truncate --enable-underscores --enable-carp --enable-async-io --enable-htcp --enable-delay-pools --enable-linux-netfilter --enable-ssl --enable-arp-acl --enable-auth=basic,digest,ntlm --enable-basic-auth-helpers=winbind,multi-domain-NTLM,getpwnam,YP,SMB,PA M,NCSA,MSNT,LDAP --enable-ntlm-auth-helpers=SMB,fakeauth,no_check,winbind --enable-digest-auth-helpers=password --enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group ,winbind_group --enable-follow-x-forwarded-for --with-pthreads --with-winbind-auth-challenge --disable-dependency-tracking --disable-ident-lookups
-----Original Message----- From: Ratti Michele [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 22, 2004 7:50 PM To: [email protected] Cc: Elsen Marc; Henrik Nordstrom Subject: [squid-users] SQUID + REVERSE PROXY + OWA Importance: High Sensitivity: Confidential I have: 1) Linux Mandrake v10.1 2) Linux Mandrake SQUID RPM v2.5-STABLE6 3) OutlookWebAccess on Windows Server 2003 Here you have my configuration files. I'd like to use Squid as a reverse proxy in this way: WEB -> SSL SQUID PROXY -> OWA (HTTP) (exchange) Is my configuration OK!? Can you help me? Regards. -------------------------- Michele Ratti 1) squid.conf # TAG: https_port # Usage: [ip:]port cert=certificate.pem [key=key.pem] [options...] # # The socket address where Squid will listen for HTTPS client # requests. # # This is really only useful for situations where you are running # squid in accelerator mode and you want to do the SSL work at the # accelerator level. # # You may specify multiple socket addresses on multiple lines, # each with their own SSL certificate and/or options. # # Options: # # cert= Path to SSL certificate (PEM format) # # key= Path to SSL private key file (PEM format) # if not specified, the certificate file is # assumed to be a combined certificate and # key file # # version= The version of SSL/TLS supported # 1 automatic (default) # 2 SSLv2 only # 3 SSLv3 only # 4 TLSv1 only # # cipher= Colon separated list of supported ciphers # # options= Varions SSL engine options. The most important # being: # NO_SSLv2 Disallow the use of SSLv2 # NO_SSLv3 Disallow the use of SSLv3 # NO_TLSv1 Disallow the use of TLSv1 # See src/ssl_support.c or OpenSSL documentation # for a more complete list. # #Default: # none https_port 443 cert=/etc/squid/key.crt key=/etc/squid/key.key httpd_accel_host 89.0.4.128 httpd_accel_port 80 #httpd_accel_single_host off httpd_accel_with_proxy on httpd_accel_uses_host_header off redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf visible_hostname OwaMailMan [THE REST IS DEFAULT] 2) squidGuard.conf #---------------------------------------------------------------- # SquidGuard CONFIGURATION FILE #---------------------------------------------------------------- # CONFIGURATION DIRECTORIES dbhome /usr/share/squidGuard-1.2.0/db logdir /var/log/squidGuard # TIME RULES: # abbrev for weekdays: # s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat time workhours { weekly s 09:30-12:00 13:00-19:00 weekly m 09:00-12:00 13:00-19:00 weekly t 09:00-11:00 12:00-19:00 weekly w 09:00-12:00 12:00-18:00 weekly h 09:00-13:00 13:00-18:00 weekly f 09:00-12:00 13:30-18:00 weekly a 08:20-13:00 13:30-19:00 } # SOURCE ADDRESSES: src privilegedsource { iplist privilegedsource/ips } src bannedsource { iplist bannedsource/ips } src lansource { iplist lansource/lan } # DESTINATION CLASSES: dest porn { domainlist porn/domains urllist porn/urls expressionlist porn/expressions } dest adult { domainlist adult/domains urllist adult/urls expressionlist adult/expressions } dest audio-video { domainlist audio-video/domains urllist audio-video/urls } dest forums { domainlist forums/domains urllist forums/urls expressionlist forums/expressions } dest hacking { domainlist hacking/domains urllist hacking/urls } dest redirector { domainlist redirector/domains urllist redirector/urls expressionlist redirector/expressions } dest warez { domainlist warez/domains urllist warez/urls } dest ads { domainlist ads/domains urllist ads/urls } dest aggressive { domainlist aggressive/domains urllist aggressive/urls } dest drugs { domainlist drugs/domains urllist drugs/urls } dest gambling { domainlist gambling/domains urllist gambling/urls } dest publicite { domainlist publicite/domains urllist publicite/urls expressionlist publicite/expressions } dest violence { domainlist violence/domains urllist violence/urls expressionlist violence/expressions } dest banneddestination { domainlist banneddestination/domains urllist banneddestination/urls expressionlist banneddestination/expressions } dest advertising { domainlist advertising/domains urllist advertising/urls redirect http://127.0.0.1/cgi-bin/nulbanner.png log /var/log/squidGuard/advertising.log } dest exploit { expressionlist exploit/expressions } # ACLs acl { privilegedsource { pass !advertising all redirect http://127.0.0.1/cgi-bin/squidGuard.cgi?clientaddr=%a&srcclass=%s&target class=%t&url=%u } # bannedsource { # pass none # redirect http://127.0.0.1/cgi-bin/squidGuard.cgi?clientaddr=%a&srcclass=%s&target class=%t&url=%u # # } lansource { pass !adult !audio-video !forums !hacking !redirector !warez !ads !aggressive !drugs !gambling !publicite !violence !banneddestination !advertising all redirect http://127.0.0.1/cgi-bin/squidGuard.cgi?clientaddr=%a&srcclass=%s&target class=%t&url=%u } default { pass !exploit all redirect http://127.0.0.1:81/cgi-bin/squidGuard.cgi?clientaddr=%a&srcclass=%s&tar getclass=%t&url=%u } }
