Re: http_accel a https exchange webmail service

From: Greg Retkowski <greg@dont-contact.us>
Date: Fri, 7 Apr 2000 10:03:41 -0700 (PDT)

On Fri, 7 Apr 2000, Grant Vine wrote:
> we are currently running an exchange webmail service that is being secured
> through https ... we want to move the exchange server to a fake IP (10.0.0.2
> as an example) and have the world access the webmail feature through squid
> http accelleration ... under normal http we have this setup and working
> excellently ... however due to the nature of the plain text password
> *Microsoft feature* we need to secure the login information ...
>
> Is it possible to have squid either:
>
> A) Serve the pages as https but retrieve them via normal http.
> or
> B) Serve the pages directly as https right through ... the pages dont (and
> wont) be cached by squid but will be proxied.
>
> Can this be done and has anyone set it up before ??
>

I've set this up before, not with squid but with some software called
'sslwrap'. And while this accomplished securing the password and data
exchanges it exposed other 'features' of the exchange web client.. Some
'functions' didn't... because of the way the web ui is written it does not
behave well behind a proxy.

I think our final solution was to generate a self-signed SSL certificate
and put it on the IIS server so that it did SSL natively. Then just have
your firewall do a NAT translation for the exchange machine. This worked
for us.

-- Greg

Greg Retkowski Mail: greg@rage.net
Raging Network Services URL: http://www.rage.net/
Received on Fri Apr 07 2000 - 11:08:23 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:52:51 MST