Hi all,
I'm trying to setup a squid3 to do reverse proxy for OWA running on Exchange 2000 but I can't success: (I have read all posts about OWA + squid but unable to find a clue...)
Here is my setup
---------- ------------- ----------------
- CLIENT - ==> :443 - SQUID3 - ==> :80 - OWA@exch2000 -
---------- ------------- ----------------
When I go to http://webmail.xxx.fr/exchange/ it works, auth + browsing etc ...
When I go to https://webmail.xxx.fr/exchange the auth box comes (I use basic auth on OWA), I put my login and password, then the 2 frames of the OWA web site appear but they are blank. When I go to my log files (exchange) I can't find the problem.
Here is my setup for squid:
______________________________
http_port 3128
ssl_unclean_shutdown on
no_cache deny QUERY
acl all src 0.0.0.0/0.0.0.0
acl all-dst dst 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 80
acl Safe_ports port 80 # http
acl CONNECT method CONNECT
acl owa-exchange urlpath_regex \/exchange(\/|$)
acl owa-webid urlpath_regex \/WebID\/
acl owa-host dst 172.21.0.63/255.255.255.255
http_access allow owa-host owa-exchange
http_access allow owa-host owa-webid
http_reply_access allow all-dst
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow all ==> !!!! for testing purpose only !!!!
http_access deny all
visible_hostname webmail.xxx.fr
https_port 443 cert=/certificats/server.pem key=/certificats/key.pem cafile=/certificats/ca-cert defaultsite=webmail.xxx.fr
cache_peer webmail.xxx.fr parent 80 0 no-query originserver login=PASS front-end-https=auto proxy-only
Here is a sample of my access.log during an unsuccess attempt
_____________________________
4 172.21.1.4 TCP_MISS/401 333 GET https://webmail.xxx.fr/exchange/ - FIRST_UP_PARENT/webmail.xxx.fr text/html
19 172.21.1.4 TCP_MISS/200 1518 GET https://webmail.xxx.fr/exchange/ - FIRST_UP_PARENT/webmail.xxx.fr text/html
==> When I run squid in console mode (squid -d1 -N), I see that an error occur, but after googling and browsing the squid-archive-list I can't find out why: "ClientNegotiateSSL: Error negotiating SSL connection on FD 16"
I have a second question: I want that squid serves https://www.xxx.fr on a host, and https://www.xxx.fr/exchange/ or https://webmail.xxx.fr or https://webmail.xxx.fr/exchange/ on a second host ==> it is possible to do that with squid? And if yes, how ?
Any help would be greatly appreciated. Thanks a lot.
David LIMA
Professional Services
www.scc.com
�
�
------------------------------------------------------------------------------------------
Ce message contient des informations dont le contenu est susceptible d'�tre confidentiel.
Il est destin� au(x) destinataire(s) indiqu�(s) exclusivement.
A moins que vous ne fassiez partie de la liste des destinataires, ou que vous soyez
habilit� � recevoir le mail � leur place, il vous est interdit de le copier, de l'utiliser
ou de d�voiler son contenu � un tiers.
Si vous avez re�u cet email par erreur, merci de prendre contact avec l'�metteur.
Les opinions exprim�es dans cet e-mail sont celles de l'�metteur et ne refl�tent pas
n�cessairement celles de l'entreprise.
Ce e-mail peut contenir des pi�ces jointes dont certaines pourraient contenir des virus
qui pourraient endommager votre syst�me informatique.
La compagnie a pris toutes dispositions afin de minimiser ce risque et d�cline toute
responsabilit� pour toute perte ou dommage r�sultant directement ou indirectement de
l'utilisation de cet email ou de son contenu.
Il vous appartient d'effectuer vos propres contr�les anti-virus avant d'ouvrir
la ou les pi�ces jointes.
------------------------------------------------------------------------------------------
Received on Mon Nov 15 2004 - 11:36:32 MST
This archive was generated by hypermail pre-2.1.9 : Wed Dec 01 2004 - 12:00:01 MST