I am trying to setup Squid as a reverse proxy for my Exchange server. I have copied the SSL certificate from the exchange server and installed it on the Squid server. I can start Squid without any errors using /usr/sbin/squid -N -d 1 -D However when I try and access Exchange using OWA I get get directed to a Squid error page telling me Access Denied. Access control configuration prevents your request from being allowed at this time. If I look in the access log all I see is 1296024671.805 0 25.36.2.52 TCP_DENIED/403 3937 GET https://mail.myco.com/owa - NONE/- text/html IP 25.36.2.52 is the computer i am using for testing Is this a problem connecting to the Squid server or to the Exchange server? I am running Squid 3.1.10-31.2 on a 64 bit OpenSUSE 11.3 server. I only have one domain for mail.myco.com so I have set it up so that on the test computer so that mail.myco.com returns the IP of the Squid server and on the Squid server I have added a line to the hosts file for mail.myco.com to return the ip of the Exchange server. Below is the squid.conf file. I would appreciate any suggestions. acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl localnet src 25.0.0.0/8 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 443 # https acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports https_port 25.36.2.33:443 cert=/etc/ssl/certs/mail.myco.com.pem key=/etc/ssl/server.key defaultsite=mail.myco.com cache_peer 25.36.2.32 parent 443 0 no-query originserver login=PASS ssl sslcert=/etc/ssl/certs/mail.myco.com.pem sslkey=/etc/ssl/server.key name=owaServer acl OWA src 25.36.2.33/0 cache_peer_access owaServer allow OWA never_direct allow OWA http_access allow OWA http_access deny all acl mysite dstdomain mail.myco.com http_access allow mysite http_access allow localnet http_access allow localhost http_access allow localhost http_access deny all # Squid normally listens to port 3128 http_port 3128 # We recommend you to use at least the following line. hierarchy_stoplist cgi-bin ? cache_dir ufs /var/cache/squid 100 16 256 coredump_dir /var/cache/squid refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320
