[squid-users] Squid Reverse Proxy to Exchange 2010 OWA
Alex Samad
alex at samad.com.au
Wed Mar 11 22:15:22 UTC 2015
I have to admit this was built from a lot of googling for a working config.
On 11 March 2015 at 19:09, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> On 11/03/2015 7:16 p.m., Alex Samad wrote:
[snip]
>> # List of acceptable URLs to send to the Exchange server
>> acl exch_url url_regex -i <o>/exchange
>> acl exch_url url_regex -i <o>/exchweb
>> acl exch_url url_regex -i <o>/public
>> acl exch_url url_regex -i <o>/owa
>> acl exch_url url_regex -i <o>/ecp
>> acl exch_url url_regex -i <o>/microsoft-server-activesync
>> acl exch_url url_regex -i <o>/rpc
>> acl exch_url url_regex -i <o>/rpcwithcert
>> acl exch_url url_regex -i <o>/exadmin
>> acl exch_url url_regex -i <o>/oab
>
> I suggest you replace the above with ACLs:
>
> acl exch_domain dstdomain <o>
> acl exch_path urlpath_regex -i /exch(ange|web)
> acl exch_path urlpath_regex -i /public
> acl exch_path urlpath_regex -i /owa
> ...
I presume you ... means the other paths
and this is for speed ?
>
[snip]
>> # Logging Configuration
>> redirect_rewrites_host_header off
>
> Thats begging for abuse of the security hole it opens. If you can
> operate without that setting please do so.
I believe (and its been a while, that it was need for exchange), I can
find some time and retest.
> NOTE: its not optional. You have disabled most of the HTTP features
> which use the Squid hostname, but not all of them can be.
> For example "via off" contradicts this comment, by NOT adding Squid to
> the relay path (Via header).
>
>
>> visible_hostname <o>
>> deny_info TCP_RESET all
>>
>> # ACL - required to allow
>> #acl all src ALL
>>
>> # Allow everyone through, internal and external connections
>> http_access allow all
>> miss_access allow all
>>
>> icp_port 0
>> snmp_port 0
>>
>> via off
so you would suggest
visibile <o>
and no via off ?
>>
>
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list