Hi, I've installed a Squid reverse proxy for a MS-Exchange Test-Installation to reach OWA from the outside. My current environment is as follows: Squid Version 3.4.8 with ssl on a Debian Jessie (self compiled) The Squid and the exchange system are in the internal network with private ip-addresses (same network segment) The access to the squid system is realized by port forwarding (tcp/80, tcp/443, tcp/22) from a public ip-address Used certificate is from letsencrypt (san-certificate, used by both servers) Current Status: Pre-Login works Outlook-Access to OWA works (other protocolls not tested yet) https://portal.xxx.de doesn't work (Forwarding denied) (which is quite normal because there is no acl for it) Ho can I reach that: 1) Access to https://portal.xxx.de ends up on a kind of "landing-page" with instructions how to use the exchange test-installation (web server can be the iis oh the exchange system, apache on the squid system or a third system) 2) Is there a way to integrate the initial password dialog in that web page? Kind regards Bob Squid configuration: # Hostname visible_hostname portal.xxx.de # Externer Zugriff https_port 192.168.xxx.21:443 accel cert=/root/letsencrypt/certs/xxx.de/cert.pem key=/root/letsencrypt/certs/xxx.de/privkey.pem cafile=/root/letsencrypt/certs/xxx.de/fullchain.pem defaultsite=portal.xxx.de # Interner Server cache_peer 192.168.xxx.20 parent 443 0 no-query originserver login=PASS ssl sslflags=DONT_VERIFY_PEER sslcert=/root/letsencrypt/certs/xxx.de/cert.pem sslkey=/root/letsencrypt/certs/xxx.de/privkey.pem name=ExchangeServer # Zugriff auf folgende Adressen ist erlaubt acl EXCH url_regex -i ^https://portal.xxx.de$ acl EXCH url_regex -i ^https://portal.xxx.de/owa.*$ acl EXCH url_regex -i ^https://portal.xxx.de/Microsoft-Server-ActiveSync.*$ acl EXCH url_regex -i ^https://portal.xxx.de/ews.*$ acl EXCH url_regex -i ^https://portal.xxx.de/autodiscover.*$ acl EXCH url_regex -i ^https://portal.xxx.de/rpc/.*$ # Auth auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwd auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive on # Regeln acl ncsa_users proxy_auth REQUIRED http_access allow ncsa_users cache_peer_access ExchangeServer allow EXCH never_direct allow EXCH http_access allow EXCH http_access deny all miss_access allow EXCH miss_access deny all # Logging access_log /var/log/squid3/access.log squid debug_options ALL,9 cache_mgr mailto:xxx@xxxxxx _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
