On Sun, Jun 1, 2008 at 1:38 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > Odhiambo Washington wrote: >> >> Hello gurus, >> >> I have been trying the whole day to get Squid to work as a reverse >> proxy/accelerator for OWA and RPC-over-https with no sucess. I believe >> I've come to my /etc on this! >> I have read the Wiki entries and this thread: >> >> http://www.nabble.com/Forwarding-Denied-when-using-dst-cache_peer-in-acl-td15123146.html >> > > Not that the article references two Squid wiki articles. All the configs > doing OWA using "dst" ACL were relevant only up to 2.5 and fatally flawed > with a required but unstated DNS hack. > The wiki presently has updated configs which work with all current Squid. Thank you for informing me about that. All my thinking was that those wiki entries are still relevant. I actually wasn't looking at the above thread per se, but only for the comments and the challenges the poster faced, but within it there are references to the wiki entries, which is what I was following keenly. >> However, I seem to still miss a critical point. >> My Squid (2.7RC) is first and foremost being used as a LAN proxy. This >> in itself has posed a challenge to me in terms of specifying who is >> allowed to use it as a proxy. >> I have an M$ Exchange server which is is self-contained, with >> self-signed certificate. >> Can I configure Squid as a proxy for the LAN as well as an accelerator >> for several backend website(s)? I've found this challenging in terms >> of ordering the ACLs. > > Yes. With some access control tweaking two 'components' can be kept > seperate. see below. That's nice for the ears! >> >> I can see from the above thread that Wouter de Jong-2 actually/finally >> managed to configure Squid to accelerate OWA as well as do the >> RPC-over-HTTP(s) but he does not mention is th squid instance is also >> being used as a proxy. >> Does someone have a sample config for squid being used as LAN proxy >> and accelerator, especially for M$ Exchange OWA and RPCoHTTPS? > > Should be no need. All the current squid releases support multiple http_port > entries. That is the first important part. > > Near the top of your config above your ALL of your regular proxy port and > _access controls. Setup the OWA/RPC acceleration as listed in the wiki. > Omitting the controls which do blanket 'deny all'. Noted, and thank you for that valuable information. Not heading to the wiki again. But I have two last hurdles: 1. My Exchange OWA is accessible as either https://192.168.0.26/exchange or https://mxech.msexch.ourdomain.tld/exchange 2. (a bit OT) The use of a non-commercial certificate on the Exchange server Q1. How do I tell Squid to access the /exchange bit in the url? Q2. Do I have to export the cerificate from the Exchange server to be used with Squid in the accel configuration? Anyone has an idea how I can surmount these two Being so much used to doing everything with Open Source apps, this Microsohit Exchange thing is the biggest challenge I've ever faced in my SysAdmin life! I must take some leave as soon as I get this OWA/PRCoHTTPS thing running. I therefore highly appreciate any help I can get towards this goal. > http://wiki.squid-cache.org/ConfigExamples/SquidAndOutlookWebAccess > http://wiki.squid-cache.org/ConfigExamples/SquidAndRPCOverHttp > > Then following that setup your main proxy port and controls. Do I require both entries for OWA and RPCoHTTPS or is there a way to kind of amalgamate the configurations? My OWA and RPCoHTTPS destination is one and the same. Thank you Amos! Let me see how far I can get with this on my own before I come back with further questions. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "Oh My God! They killed init! You Bastards!" --from a /. post