Configuration is stable now. Tested with several Active Sync mobile clients and Desktop Outlook 2010. The only part not yet tested is Kerberos and NTLM based authentication where parameter connection-auth might be relevant. It's almost the same as given in http://wiki.squid-cache.org/ConfigExamples/Reverse/OutlookWebAccess with added connection-auth parameter and ssl options as I'm using a wildcard certificate. To disable cache function proxy-only, no-query and no-digest are added. # Reverse Proxy for Active Sync, Outlook Webaccess, Outlook Anywhere (RPC over HTTPS) # as frontend for Exchange 2010 # squid.conf for squid 3.1.18 # http://wiki.squid-cache.org/ConfigExamples/Reverse/OutlookWebAccess # Debugging: #debug_options ALL,3 logformat combined %>a %[ui %[un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh access_log /var/log/squidext/access.log combined cache_log /var/log/squidext/cache.log cache_effective_user squidext cache_effective_group squidext pid_filename /var/run/squidext.pid httpd_suppress_version_string on cache_mgr nomail_address_given visible_hostname webmail.domain.com via off forwarded_for transparent ignore_expect_100 on ssl_unclean_shutdown on # Internet connectors https_port 172.17.201.25:443 accel \ cert=/etc/ssl/certs/domain.com.pem key=/etc/ssl/private/domain.com.pem \ defaultsite=webmail.domain.com # destination server (Exchange) cache_peer 192.168.100.24 parent 443 0 \ ssl ssldomain=*.domain.com sslcafile=/etc/ssl/certs/equifax_CA.pem \ proxy-only no-query no-digest front-end-https=on originserver \ login=PASS connection-auth=on name=exchange forceddomain=webmail.domain.com acl srcall src all acl EXCH dstdomain webmail.domain.com never_direct allow EXCH http_access allow EXCH http_access deny srcall cache_peer_access exchange allow EXCH cache_peer_access exchange deny srcall # eof
