Odhiambo Washington wrote:
Hello gurus, I have been trying the whole day to get Squid to work as a reverse proxy/accelerator for OWA and RPC-over-https with no sucess. I believe I've come to my /etc on this! I have read the Wiki entries and this thread: http://www.nabble.com/Forwarding-Denied-when-using-dst-cache_peer-in-acl-td15123146.html
Not that the article references two Squid wiki articles. All the configs doing OWA using "dst" ACL were relevant only up to 2.5 and fatally flawed with a required but unstated DNS hack.
The wiki presently has updated configs which work with all current Squid.
However, I seem to still miss a critical point. My Squid (2.7RC) is first and foremost being used as a LAN proxy. This in itself has posed a challenge to me in terms of specifying who is allowed to use it as a proxy. I have an M$ Exchange server which is is self-contained, with self-signed certificate. Can I configure Squid as a proxy for the LAN as well as an accelerator for several backend website(s)? I've found this challenging in terms of ordering the ACLs.
Yes. With some access control tweaking two 'components' can be kept seperate. see below.
I can see from the above thread that Wouter de Jong-2 actually/finally managed to configure Squid to accelerate OWA as well as do the RPC-over-HTTP(s) but he does not mention is the squid instance is also being used as a proxy. Does someone have a sample config for squid being used as LAN proxy and accelerator, especially for M$ Exchange OWA and RPCoHTTPS?
Should be no need. All the current squid releases support multiple http_port entries. That is the first important part.
Near the top of your config above your ALL of yoru regular proxy port and _access controls. Setup the OWA/RPC acceleration as listed in the wiki. Omitting the controls which do blanket 'deny all'.
http://wiki.squid-cache.org/ConfigExamples/SquidAndOutlookWebAccess http://wiki.squid-cache.org/ConfigExamples/SquidAndRPCOverHttp Then following that setup your main proxy port and controls. Amos -- Please use Squid 2.7.STABLE1 or 3.0.STABLE6
