Re: [squid-users] Re: help with config file for OWA 2003 reverse proxy setup

From: Henrik Nordstrom <[email protected]>
Date: Thu, 17 Mar 2005 17:15:57 +0100 (CET)

On Thu, 17 Mar 2005, Martin Burke wrote:

> Is the connection now ssl on both sides (from the client to the
> reverse proxy and then from the reverse proxy to the webserver)?

This is supported by Squid-3, or by Squid-2.5 + ssl update patch. But
unless you want to for security reasons there really is no reason to.

For OWA Squid-3 is needed for the originserver cache_peer option. I see
from your configuratoin that you use squid-3 so this shuld not be any
problem.

>> My config file is as follows:
>>
>> visible_hostname testmail.ncmec.org
>> https_port 443 defaultsite=testmail.ncmec.org
>> cert=/etc/squid/webmail.crt key=/etc/squid/webmail.key
>>
>> cache_peer 172.25.4.51 parent 80 0 no-query originserver front-end-https=auto
>
> The other suggestions I've seen for a config file for this arrangement are:
>
> proxy-only
> login=PASS

You need the login thing. If not users won't be able to log in..

> never_direct allow all

Not strictly needed, but good anyway.

> header_access Accept-Encoding deny all

Works around many broken servers..

> I've added them one by one, and since putting in login=PASS, I get
> past the login prompt but am back to the old situation of seeing two
> frames with no data.

What URLs do the frameset HTML source use for the frames? http:// or
https://?

Regards
Henrik
Received on Thu Mar 17 2005 - 09:15:59 MST

This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:02 MST