On 09/09/11 02:29, Sidnei Moreira wrote:
hello, i have configured squid to reverse-proxy an internet connection going into my internal exchange server. the squid configuration section is like this one: ############################## # ip 10.0.1.1 - squid server # ip 10.0.1.2 - ms-exchange server https_port 10.0.1.1:443 cert=/etc/squid3/geotrust_cert.pem defaultsite=mail.my-domain.com
All requests entering through this port are re-written with the domain name "mail.my-domain.com".
Update your EXCH ACL to permit "mail.my-domain.com" and ensure that the exchange server believes its public domain name is "mail.my-domain.com".
cache_peer 10.0.1.2 parent 443 0 no-query originserver login=PASS ssl sslcert=/etc/squid3/selfsigned.pem name=exchangeServer acl EXCH dstdomain .rpc_domain_name cache_peer_access exchangeServer allow EXCH cache_peer_access exchangeServer deny all never_direct allow EXCH http_access allow EXCH http_access deny all miss_access allow EXCH miss_access deny all ############################## but, when i try to connect from the internet i receive a denying page, and the cache log says: TCP_DENIED/403 3861 GET https://mail.my-domain.com/owa - NONE/- text/html
That looks like an OWA request. They require some different peer configuration than RPC. http://wiki.squid-cache.org/ConfigExamples/Reverse/OutlookWebAccess IIRC it had something to do with OWA doing client certificate verification. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.15 Beta testers wanted for 3.2.0.11