[squid-users] squid reverse proxy infront of exchange 2010

Alex Samad alex at samad.com.au
Wed Dec 2 06:24:18 UTC 2015


recently upgraded to squid-3.5.11-1.el6.x86_64 from the centos 6.7  squid 3.1

I am now having problems with people who use active sync via this
connection . seems like emails with attachments aren't making it
through .

cache_peer parent 443 0 proxy-only no-query no-digest
originserver login=PASS front-end-https=on ssl
sslflags=DONT_VERIFY_PEER sslcert=/etc/httpd/conf.d/office.yx.com.crt
sslkey=/etc/httpd/conf.d/office.yx.com.key name=exchangeServer

cache_peer parent 443 0 proxy-only no-query no-digest
originserver login=PASS ssl sslflags=DONT_VERIFY_PEER
sslkey=/etc/httpd/conf.d/office.yx.com.key name=webServer

# List of acceptable URLs to send to the Exchange server
acl exch_url url_regex -i office.yieldbroker.com/exchange
acl exch_url url_regex -i office.yieldbroker.com/exchweb
acl exch_url url_regex -i office.yieldbroker.com/public
acl exch_url url_regex -i office.yieldbroker.com/owa
acl exch_url url_regex -i office.yieldbroker.com/ecp
acl exch_url url_regex -i office.yieldbroker.com/microsoft-server-activesync
acl exch_url url_regex -i office.yieldbroker.com/rpc
acl exch_url url_regex -i office.yieldbroker.com/rpcwithcert
acl exch_url url_regex -i office.yieldbroker.com/exadmin
acl exch_url url_regex -i office.yieldbroker.com/oab
# added after
acl exch_url url_regex -i office.yieldbroker.com/ews
# Not configured on exchange 2010
#acl exch_url url_regex -i office.yieldbroker.com/autodiscover

# Send the Exchange URLs to the Exchange server
cache_peer_access exchangeServer allow exch_url

# Send everything else to the Apache
cache_peer_access webServer deny exch_url

# This is to protect Squid
never_direct allow exch_url

# Logging Configuration
redirect_rewrites_host_header off
cache_mem 32 MB
maximum_object_size_in_memory 128 KB
cache_log none
cache_store_log none

access_log stdio:/var/log/squid/office-access.log squid
#access_log none
cache_log /var/log/squid/office-cache.log
#cache_log none
pid_filename /var/run/squid-office.pid

# Set the hostname so that we can see Squid in the path (Optional)
visible_hostname yieldbroker.com
deny_info TCP_RESET all

# ACL - required to allow
#acl all src ALL

# Allow everyone through, internal and external connections
http_access allow all
miss_access allow all

icp_port 0
snmp_port 0

via off

The previous setup had worked for at least 18 months.


More information about the squid-users mailing list