tor 2012-02-09 klockan 17:05 +0100 skrev Sauron99@xxxxxx: > Hi all, > i have huge problem with getting Squid working as a reverse proxy for OWA. > I have created a certificate request on my Windows Server 2008, then I > have created a certificate and converted it to .pfx. This one I could > get into IIS and enable it to my DefaultWebsite in IIS and OWA. So far > so good.... What site name have you configured in OWA? Recommended setup is to use a hostname, and to first verify that the OWA server responds properly to this hostname and then introduce the reverse proxy inbetween, changing the hostname to point to the reverse proxy instead of OWA. Accessing directly by IP is NOT RECOMMENDED. I also recommend using https both client<->squid and squid<->owa for simplicity. > visible_hostname my.dyndns.org > https_port 192.168.1.199:443 cert=/usr/local/src/sslowa/my.dyndns.org.pem key=/usr/local/src/sslowa/my.dyndns.org.key defaultsite=192.168.1.249 defaultsite SHOULD NOT be the internal IP of OWA. It should be the same as the hostname you use in the https:// URL. If unsure then use vhost instead and forget about defaultsite. Based on your acls below I would guess your OWA server name is my.dyndns.org? > #cache_peer 192.168.1.249 parent 80 0 no-query originserver login=PASS front-end-https=on name=owaServer > cache_peer 192.168.1.249 parent 443 0 no-query originserver login=PASS front-end-https=on name=owaServer front-end-https is only for when you use https client<->squid but http squid<->owa. Port 443 is https so you need the ssl flag there. > #cache_peer 192.168.1.249 parent 443 0 no-query originserver login=PASS ssl sslcert=/usr/local/src/sslowa/my.dyndns.org.key name=owaServer No need to specify a SSL client certificate for using in the connection to OWA. cache_peer 192.168.1.249 parent 443 0 no-query originserver login=PASS ssl name=owaServer > acl OWA dstdomain my.dyndns.org > cache_peer_access owaServer allow OWA > never_direct allow OWA This is fine, assuming your OWA name is my.dyndns.org, and you correct the https_port and cache_peer parts above. > # lock down access to only query the OWA server! > http_access allow OWA > http_access deny all > miss_access allow OWA > miss_access deny all You don't need miss_access. Regards Henrik