Re: [squid-users] OWA Reverse Proxy Problems

Thu, 09 Feb 2012 17:43:35 -0800 

On 10/02/2012 5:05 a.m., [email protected] wrote:

Hi all,
i have huge problem with getting Squid working as a reverse proxy for OWA.
I have created a certificate request on my Windows Server 2008, then I have 
created a certificate and converted it to .pfx.



Possible Problem: Squid only accepts SSL keys and certificates in PEM 
format.




  This one I could get into IIS and enable it to my DefaultWebsite in IIS and 
OWA. So far so good....

Then I have recompiled squid with the --enable-ssl flag on my Debian Server.

This is what my ssquid.conf looks like now:

.1.199 = Debian Squid
.1.249 = Exchange Server


visible_hostname my.dyndns.org
https_port 192.168.1.199:443 cert=/usr/local/src/sslowa/my.dyndns.org.pem 
key=/usr/local/src/sslowa/my.dyndns.org.key defaultsite=192.168.1.249


Problem: The "accel" mode flag is missing.
     https_port 192.168.1.199:443 accel cert=...



#cache_peer 192.168.1.249 parent 80 0 no-query originserver login=PASS 
front-end-https=on name=owaServer
cache_peer 192.168.1.249 parent 443 0 no-query originserver login=PASS 
front-end-https=on name=owaServer
#cache_peer 192.168.1.249 parent 443 0 no-query originserver login=PASS ssl 
sslcert=/usr/local/src/sslowa/my.dyndns.org.key name=owaServer


acl OWA dstdomain my.dyndns.org
cache_peer_access owaServer allow OWA
never_direct allow OWA

# lock down access to only query the OWA server!
http_access allow OWA
http_access deny all
miss_access allow OWA
miss_access deny all



Possible Problem: this is all above any other http_access config in 
squid.conf right?






I have tried all of the cache-peer things up there, and I have also tried to 
disable https:// in IIS for OWA. So far no luck there. I do always geht a 403 
Access Denied Error, when Im trying to get this site.

Of course I have also tried to put defaultsite to 
defaultsite=192.168.1.249/owa, because OWA is listening on /owa.


Making the domain name "contains invalid / characters will not be helping.


You must not alter the URL path when reverse proxying things to Exchange 
for RPC or OWA. Also the domain used by the client should be sent 
through untouched if at all possible. The http_port vhost option is used 
to ensure that happens.


Amos






















					Reply via email to