Search squid archive

Re: OWA Reverse Proxy Problems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 10/02/2012 5:05 a.m., Sauron99@xxxxxx wrote:

Hi all,
i have huge problem with getting Squid working as a reverse proxy for OWA.
I have created a certificate request on my Windows Server 2008, then I have created a certificate and converted it to .pfx.
Possible Problem: Squid only accepts SSL keys and certificates in PEM format. 



  This one I could get into IIS and enable it to my DefaultWebsite in IIS and OWA. So far so good....

Then I have recompiled squid with the --enable-ssl flag on my Debian Server.

This is what my ssquid.conf looks like now:

.1.199 = Debian Squid
.1.249 = Exchange Server


visible_hostname my.dyndns.org
https_port 192.168.1.199:443 cert=/usr/local/src/sslowa/my.dyndns.org.pem key=/usr/local/src/sslowa/my.dyndns.org.key defaultsite=192.168.1.249


Problem: The "accel" mode flag is missing.
     https_port 192.168.1.199:443 accel cert=...



#cache_peer 192.168.1.249 parent 80 0 no-query originserver login=PASS front-end-https=on name=owaServer
cache_peer 192.168.1.249 parent 443 0 no-query originserver login=PASS front-end-https=on name=owaServer
#cache_peer 192.168.1.249 parent 443 0 no-query originserver login=PASS ssl sslcert=/usr/local/src/sslowa/my.dyndns.org.key name=owaServer


acl OWA dstdomain my.dyndns.org
cache_peer_access owaServer allow OWA
never_direct allow OWA

# lock down access to only query the OWA server!
http_access allow OWA
http_access deny all
miss_access allow OWA
miss_access deny all
Possible Problem: this is all above any other http_access config in squid.conf right? 





I have tried all of the cache-peer things up there, and I have also tried to disable https:// in IIS for OWA. So far no luck there. I do always geht a 403 Access Denied Error, when Im trying to get this site.

Of course I have also tried to put defaultsite to defaultsite=192.168.1.249/owa, because OWA is listening on /owa.


Making the domain name "contains invalid / characters will not be helping.
You must not alter the URL path when reverse proxying things to Exchange for RPC or OWA. Also the domain used by the client should be sent through untouched if at all possible. The http_port vhost option is used to ensure that happens. 

Amos
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux