Search squid archive

Re: Squid Reverse Proxy to Exchange 2010 OWA

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have to admit this was built from a lot of googling for a working config.


On 11 March 2015 at 19:09, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
> On 11/03/2015 7:16 p.m., Alex Samad wrote:
[snip]
>> # List of acceptable URLs to send to the Exchange server
>> acl exch_url url_regex -i <o>/exchange
>> acl exch_url url_regex -i <o>/exchweb
>> acl exch_url url_regex -i <o>/public
>> acl exch_url url_regex -i <o>/owa
>> acl exch_url url_regex -i <o>/ecp
>> acl exch_url url_regex -i <o>/microsoft-server-activesync
>> acl exch_url url_regex -i <o>/rpc
>> acl exch_url url_regex -i <o>/rpcwithcert
>> acl exch_url url_regex -i <o>/exadmin
>> acl exch_url url_regex -i <o>/oab
>
> I suggest you replace the above with ACLs:
>
>  acl exch_domain dstdomain <o>
>  acl exch_path urlpath_regex -i /exch(ange|web)
>  acl exch_path urlpath_regex -i /public
>  acl exch_path urlpath_regex -i /owa
>  ...
I presume you ... means the other paths

and this is for speed ?

>
[snip]

>> # Logging Configuration
>> redirect_rewrites_host_header off
>
> Thats begging for abuse of the security hole it opens. If you can
> operate without that setting please do so.
I believe (and its been a while, that it was need for exchange), I can
find some time and retest.

> NOTE: its not optional. You have disabled most of the HTTP features
> which use the Squid hostname, but not all of them can be.
>  For example "via off" contradicts this comment, by NOT adding Squid to
> the relay path (Via header).
>
>
>> visible_hostname <o>
>> deny_info TCP_RESET all
>>
>> # ACL - required to allow
>> #acl all src ALL
>>
>> # Allow everyone through, internal and external connections
>> http_access allow all
>> miss_access allow all
>>
>> icp_port 0
>> snmp_port 0
>>
>> via off
so you would suggest
visibile <o>
and no via off ?

>>
>
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users@xxxxxxxxxxxxxxxxxxxxx
> http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux