Search squid archive

Re: reverse proxy shows error 403 denied

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 09/09/11 02:29, Sidnei Moreira wrote:
hello,

i have configured squid to reverse-proxy an internet connection going
into my internal exchange server.
the squid configuration section is like this one:

##############################
# ip 10.0.1.1 - squid server
# ip 10.0.1.2 - ms-exchange server
https_port 10.0.1.1:443 cert=/etc/squid3/geotrust_cert.pem
defaultsite=mail.my-domain.com

All requests entering through this port are re-written with the domain name "mail.my-domain.com".

Update your EXCH ACL to permit "mail.my-domain.com" and ensure that the exchange server believes its public domain name is "mail.my-domain.com".

cache_peer 10.0.1.2 parent 443 0 no-query originserver login=PASS ssl
sslcert=/etc/squid3/selfsigned.pem name=exchangeServer

acl EXCH dstdomain .rpc_domain_name
cache_peer_access exchangeServer allow EXCH
cache_peer_access exchangeServer deny all

never_direct allow EXCH
http_access allow EXCH
http_access deny all
miss_access allow EXCH
miss_access deny all
##############################

but, when i try to connect from the internet i receive a denying page,
and the cache log says:
TCP_DENIED/403 3861 GET https://mail.my-domain.com/owa - NONE/- text/html


That looks like an OWA request.

They require some different peer configuration than RPC.
http://wiki.squid-cache.org/ConfigExamples/Reverse/OutlookWebAccess

IIRC it had something to do with OWA doing client certificate verification.

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.15
  Beta testers wanted for 3.2.0.11


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux