[root@moon root]# squid -v
Squid Cache: Version 2.5.STABLE6
configure options: i586-mandrake-linux-gnu --program-prefix=
--prefix=/usr --exec-prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin
--sysconfdir=/etc/squid --datadir=/usr/share --includedir=/usr/include
--libdir=/usr/lib --libexecdir=/usr/lib/squid --localstatedir=/var
--sharedstatedir=/usr/com --mandir=/usr/share/man
--infodir=/usr/share/info --enable-poll --enable-snmp
--enable-removal-policies=heap,lru
--enable-storeio=aufs,coss,diskd,ufs,null --enable-useragent-log
--enable-referer-log --enable-cachemgr-hostname=localhost
--enable-truncate --enable-underscores --enable-carp --enable-async-io
--enable-htcp --enable-delay-pools --enable-linux-netfilter --enable-ssl
--enable-arp-acl --enable-auth=basic,digest,ntlm
--enable-basic-auth-helpers=winbind,multi-domain-NTLM,getpwnam,YP,SMB,PA
M,NCSA,MSNT,LDAP
--enable-ntlm-auth-helpers=SMB,fakeauth,no_check,winbind
--enable-digest-auth-helpers=password
--enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group
,winbind_group --enable-follow-x-forwarded-for --with-pthreads
--with-winbind-auth-challenge --disable-dependency-tracking
--disable-ident-lookups
-----Original Message-----
From: Ratti Michele [mailto:Michele.Ratti@cim-italia.it]
Sent: Wednesday, December 22, 2004 7:50 PM
To: squid-users@squid-cache.org
Cc: Elsen Marc; Henrik Nordstrom
Subject: [squid-users] SQUID + REVERSE PROXY + OWA
Importance: High
Sensitivity: Confidential
I have:
1) Linux Mandrake v10.1
2) Linux Mandrake SQUID RPM v2.5-STABLE6
3) OutlookWebAccess on Windows Server 2003
Here you have my configuration files.
I'd like to use Squid as a reverse proxy in this way:
WEB -> SSL SQUID PROXY -> OWA (HTTP) (exchange)
Is my configuration OK!?
Can you help me?
Regards.
--------------------------
Michele Ratti
1) squid.conf
# TAG: https_port
# Usage: [ip:]port cert=certificate.pem [key=key.pem]
[options...]
#
# The socket address where Squid will listen for HTTPS client
# requests.
#
# This is really only useful for situations where you are running
# squid in accelerator mode and you want to do the SSL work at
the
# accelerator level.
#
# You may specify multiple socket addresses on multiple lines,
# each with their own SSL certificate and/or options.
#
# Options:
#
# cert= Path to SSL certificate (PEM format)
#
# key= Path to SSL private key file (PEM format)
# if not specified, the certificate file is
# assumed to be a combined certificate and
# key file
#
# version= The version of SSL/TLS supported
# 1 automatic (default)
# 2 SSLv2 only
# 3 SSLv3 only
# 4 TLSv1 only
#
# cipher= Colon separated list of supported ciphers
#
# options= Varions SSL engine options. The most important
# being:
# NO_SSLv2 Disallow the use of SSLv2
# NO_SSLv3 Disallow the use of SSLv3
# NO_TLSv1 Disallow the use of TLSv1
# See src/ssl_support.c or OpenSSL documentation
# for a more complete list.
#
#Default:
# none
https_port 443 cert=/etc/squid/key.crt key=/etc/squid/key.key
httpd_accel_host 89.0.4.128 httpd_accel_port 80 #httpd_accel_single_host
off httpd_accel_with_proxy on httpd_accel_uses_host_header off
redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
visible_hostname OwaMailMan
[THE REST IS DEFAULT]
2) squidGuard.conf
#----------------------------------------------------------------
# SquidGuard CONFIGURATION FILE
#----------------------------------------------------------------
# CONFIGURATION DIRECTORIES
dbhome /usr/share/squidGuard-1.2.0/db
logdir /var/log/squidGuard
# TIME RULES:
# abbrev for weekdays:
# s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat
time workhours {
weekly s 09:30-12:00 13:00-19:00
weekly m 09:00-12:00 13:00-19:00
weekly t 09:00-11:00 12:00-19:00
weekly w 09:00-12:00 12:00-18:00
weekly h 09:00-13:00 13:00-18:00
weekly f 09:00-12:00 13:30-18:00
weekly a 08:20-13:00 13:30-19:00 }
# SOURCE ADDRESSES:
src privilegedsource {
iplist privilegedsource/ips
}
src bannedsource {
iplist bannedsource/ips
}
src lansource {
iplist lansource/lan
}
# DESTINATION CLASSES:
dest porn {
domainlist porn/domains
urllist porn/urls
expressionlist porn/expressions
}
dest adult {
domainlist adult/domains
urllist adult/urls
expressionlist adult/expressions
}
dest audio-video {
domainlist audio-video/domains
urllist audio-video/urls
}
dest forums {
domainlist forums/domains
urllist forums/urls
expressionlist forums/expressions
}
dest hacking {
domainlist hacking/domains
urllist hacking/urls
}
dest redirector {
domainlist redirector/domains
urllist redirector/urls
expressionlist redirector/expressions }
dest warez {
domainlist warez/domains
urllist warez/urls
}
dest ads {
domainlist ads/domains
urllist ads/urls
}
dest aggressive {
domainlist aggressive/domains
urllist aggressive/urls
}
dest drugs {
domainlist drugs/domains
urllist drugs/urls
}
dest gambling {
domainlist gambling/domains
urllist gambling/urls
}
dest publicite {
domainlist publicite/domains
urllist publicite/urls
expressionlist publicite/expressions }
dest violence {
domainlist violence/domains
urllist violence/urls
expressionlist violence/expressions }
dest banneddestination {
domainlist banneddestination/domains
urllist banneddestination/urls
expressionlist banneddestination/expressions
}
dest advertising {
domainlist advertising/domains
urllist advertising/urls
redirect http://127.0.0.1/cgi-bin/nulbanner.png
log /var/log/squidGuard/advertising.log
}
dest exploit {
expressionlist exploit/expressions
}
# ACLs
acl {
privilegedsource {
pass !advertising all
redirect
http://127.0.0.1/cgi-bin/squidGuard.cgi?clientaddr=%a&srcclass=%s&target
class=%t&url=%u
}
# bannedsource {
# pass none
# redirect
http://127.0.0.1/cgi-bin/squidGuard.cgi?clientaddr=%a&srcclass=%s&target
class=%t&url=%u
#
# }
lansource {
pass !adult !audio-video !forums !hacking !redirector
!warez !ads !aggressive !drugs !gambling !publicite !violence
!banneddestination !advertising all
redirect
http://127.0.0.1/cgi-bin/squidGuard.cgi?clientaddr=%a&srcclass=%s&target
class=%t&url=%u
}
default {
pass !exploit all
redirect
http://127.0.0.1:81/cgi-bin/squidGuard.cgi?clientaddr=%a&srcclass=%s&tar
getclass=%t&url=%u
}
}
Received on Thu Dec 23 2004 - 06:10:09 MST
This archive was generated by hypermail pre-2.1.9 : Sat Jan 01 2005 - 12:00:03 MST