[squid-users] Landing- Disclaimer-Page for an Exchange 2013 Reverse Proxy

Squid Users squid at comparion.de
Tue Mar 15 08:38:08 UTC 2016 

Hi,

I've installed a Squid reverse proxy for a MS-Exchange Test-Installation to reach OWA from the outside.

My current environment is as follows:

Squid Version 3.4.8 with ssl on a Debian Jessie (self compiled)
The Squid and the exchange system are in the internal network with private ip-addresses (same network segment)
The access to the squid system is realized by port forwarding (tcp/80, tcp/443, tcp/22) from a public ip-address
Used certificate is from letsencrypt (san-certificate, used by both servers)

Current Status:

Pre-Login works
Outlook-Access to OWA works (other protocolls not tested yet)
https://portal.xxx.de doesn't work (Forwarding denied)
(which is quite normal because there is no acl for it)

Ho can I reach that:

1) Access to https://portal.xxx.de ends up on a kind of "landing-page" with instructions how to use the exchange test-installation
(web server can be the iis oh the exchange system, apache on the squid system or a third system)

2) Is there a way to integrate the initial password dialog in that web page? 

Kind regards
Bob


Squid configuration:

# Hostname
visible_hostname portal.xxx.de

# Externer Zugriff
https_port 192.168.xxx.21:443 accel cert=/root/letsencrypt/certs/xxx.de/cert.pem key=/root/letsencrypt/certs/xxx.de/privkey.pem cafile=/root/letsencrypt/certs/xxx.de/fullchain.pem defaultsite=portal.xxx.de

# Interner Server
cache_peer 192.168.xxx.20 parent 443 0 no-query originserver login=PASS ssl sslflags=DONT_VERIFY_PEER sslcert=/root/letsencrypt/certs/xxx.de/cert.pem sslkey=/root/letsencrypt/certs/xxx.de/privkey.pem name=ExchangeServer

# Zugriff auf folgende Adressen ist erlaubt
acl EXCH url_regex -i ^https://portal.xxx.de$
acl EXCH url_regex -i ^https://portal.xxx.de/owa.*$
acl EXCH url_regex -i ^https://portal.xxx.de/Microsoft-Server-ActiveSync.*$
acl EXCH url_regex -i ^https://portal.xxx.de/ews.*$
acl EXCH url_regex -i ^https://portal.xxx.de/autodiscover.*$
acl EXCH url_regex -i ^https://portal.xxx.de/rpc/.*$

# Auth
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive on

# Regeln
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
cache_peer_access ExchangeServer allow EXCH
never_direct allow EXCH
http_access allow EXCH
http_access deny all
miss_access allow EXCH
miss_access deny all

# Logging
access_log /var/log/squid3/access.log squid
debug_options ALL,9

cache_mgr mailto:xxx at xxx.de

More information about the squid-users mailing list