Hi,
I`v setup my squid3 (STABLE 23 with openssl support) box to proxy requests to an upstream OWA server from one of our clients.
The idea is that our client uses our proxyserver to synchronize with their own exchange environment.
The client`s owaserver is to be found at let`s say http://owaserver/exchange
This is my squid.conf;
# Define the required extension methods for RPC-over-HTTPs
extension_methods RPC_IN_DATA RPC_OUT_DATA
# Define our cache_peer (the MS Exchange Server)
cache_peer <owaserver> parent 80 0 no-query originserver login=PASS ssl sslflags=DONT_VERIFY_PEER name=owaserver
# ACL to only allow OWA/OMA/ActiveSync/RPC
acl exchange_urlpath_regex urlpath_regex -i ^http://<owaserver>/exchange($|/.*)
acl exchange_urlpath_regex urlpath_regex -i ^http://<owaserver>/exchweb($|/.*)
acl exchange_urlpath_regex urlpath_regex -i ^http://<owaserver>/public($|/.*)
acl exchange_urlpath_regex urlpath_regex -i ^http://<owaserver>/iisadmpwd($|/.*)
acl exchange_urlpath_regex urlpath_regex -i ^http://<owaserver>/rpc($|/.*)
acl exchange_urlpath_regex urlpath_regex -i ^http://<owaserver>/Microsoft-Server-ActiveSync($|/.*|\?.*)
acl OWA-IP dst <owaserver>
acl OWA dstdomain <ip squid box>
cache_peer_access owaserver allow OWA
never_direct allow OWA
# Deny Access to other then Exchange
http_access deny !exchange_urlpath_regex
http_access allow OWA-IP
http_access deny all
miss_access allow OWA-IP
miss_access deny all
When I comment the last 5 lines out, the synchronization works like a charm, but when I activate the http_access acls I get a TCP_DENIED.
The idea is to restrict my clients to solely be able to synchronize their email via Activesync and nothing else.
Furthermore, other clients should be able to use the proxyserver for internet browsing using standard acl`s
Any help regarding the acl part would be greatly appreciated.
Arnoud
Received on Wed Feb 03 2010 - 14:26:49 MST
This archive was generated by hypermail 2.2.0 : Thu Feb 04 2010 - 12:00:04 MST