Re: [squid-users] Squid httpd_accel to Exchange 2000 WebMail

From: Jim Williams <jimw@dont-contact.us>
Date: Tue, 04 Dec 2001 12:39:00 -0600

Henk-Jan Kloosterman wrote:

> I have set up something simular, but I do not understand why you let the
> firewall redirects port 25 and 80?
> Simply configure an accelerator, ready.
>
>

Well, the true Exchange machine is in a private IP address range. The
site administrator ( I'm a contractor ) wants EVERYONE on the outside to
ONLY access WebMail through Squid, preferably without them ever
realizing that the redirection is even taking place ( security through
obscurity ). He has the firewall set to redirect those 2 ports ( 25 & 80
) to the private IP on the internal network but is only allowing the
Squid server's IP address to access it. If I bring up Netscape on the
Squid machine itself, in the DMZ with a public IP, I'm able to access
WebMail with no trouble so the port redirection seems to be working
correctly.

I have only come up with 1 suggestion and I'd like someones ( anyones )
opinion of my theory. If the 2.5Stable release parses /etc/host records
first then I could duplicate/masquerade the hostname. In this case the
access sequence would go as follows:

1. Browser accesses proxy.somedomain.com/Exchange which resolves through
DNS to point to Squid server.

2. Squid looks up this hostname in /etc/hosts and redirects access to
FW, still using the proxy.somedomain.com hostname in headers.

3. Exchange builds the reply based on hostname in original host header
so it says <"Document Moved: proxy.somedomain.com/Exchange" > which is
passed all the way back to browser.

This seems like it would be feasible to me, can anyone poke holes in my theory before I spend the time to configure it?

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jim Williams
President - General Manager
Linux-Class.com
phone:214.557.3626 fax:972.404.0410
Break Out of the Windows Box!
Explore the possibilities of Open Source Software.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Received on Tue Dec 04 2001 - 10:32:26 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:13 MST