I have to admit this was built from a lot of googling for a working config. On 11 March 2015 at 19:09, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 11/03/2015 7:16 p.m., Alex Samad wrote: [snip] >> # List of acceptable URLs to send to the Exchange server >> acl exch_url url_regex -i <o>/exchange >> acl exch_url url_regex -i <o>/exchweb >> acl exch_url url_regex -i <o>/public >> acl exch_url url_regex -i <o>/owa >> acl exch_url url_regex -i <o>/ecp >> acl exch_url url_regex -i <o>/microsoft-server-activesync >> acl exch_url url_regex -i <o>/rpc >> acl exch_url url_regex -i <o>/rpcwithcert >> acl exch_url url_regex -i <o>/exadmin >> acl exch_url url_regex -i <o>/oab > > I suggest you replace the above with ACLs: > > acl exch_domain dstdomain <o> > acl exch_path urlpath_regex -i /exch(ange|web) > acl exch_path urlpath_regex -i /public > acl exch_path urlpath_regex -i /owa > ... I presume you ... means the other paths and this is for speed ? > [snip] >> # Logging Configuration >> redirect_rewrites_host_header off > > Thats begging for abuse of the security hole it opens. If you can > operate without that setting please do so. I believe (and its been a while, that it was need for exchange), I can find some time and retest. > NOTE: its not optional. You have disabled most of the HTTP features > which use the Squid hostname, but not all of them can be. > For example "via off" contradicts this comment, by NOT adding Squid to > the relay path (Via header). > > >> visible_hostname <o> >> deny_info TCP_RESET all >> >> # ACL - required to allow >> #acl all src ALL >> >> # Allow everyone through, internal and external connections >> http_access allow all >> miss_access allow all >> >> icp_port 0 >> snmp_port 0 >> >> via off so you would suggest visibile <o> and no via off ? >> > > > Amos > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
