[squid-users] Configuring a Squid Reverse Proxy for Multiple Outlook Web App/Access Servers

From: Sean Massey <smassey_at_gbdioc.org>
Date: Fri, 2 Dec 2011 10:48:03 -0600

I have an Exchange 2007 Environment that I am upgrading to Exchange 2010. I have Squid configured as a reverse proxy, and I placed it in front of my Exchange 2007 CAS server. Both servers are located in the same Active Directory site.

Exchange 2010 does not allow OWA proxying to Exchange 2007 servers in the same AD site, and Microsoft requires OWA redirection during the co-existence period (fortunately, this is not the case with ActiveSync). Since I have a very limited pool of public IP addresses (translation: none to spare), and I need to have OWA available for users during the testing phase, I was hoping to configure Squid to act as the reverse proxy for both CAS servers.

The issue that I am running into, though, is that when I configure Squid to handle both OWA2007 and OWA2010, it will only serve traffic to the first OWA item listed in the config, and any traffic addressed to the other OWA site gets redirected to the first.

If I list owa2010.domain.local as the first item in the config, and I attempt to go to owa2007.domain.local, Squid directs me to the OWA2010 site.

Here is a copy of the configuration that I am testing.

visible_hostname OWA2010.domain.local
extension_methods RPC_IN_DATA RPC_OUT_DATA
https_port 443 cert=/usr/local/squid/certs/cert.crt key=/usr/local/squid/certs/cert.nopass.key defaultsite=OWA2010.domain.local
cache_peer 192.168.1.254 parent 443 0 no-query originserver login=PASS ssl sslflags=DONT_VERIFY_PEER sslcert=/usr/local/squid/certs/exchange.crt sslkey=/usr/local/squid/certs/nopassexchange.key name=owa2010
acl OWA dstdomain OWA2010.domain.local
cache_peer_access owa2010 allow OWA

never_direct allow OWA
http_access allow OWA
miss_access allow OWA

visible_hostname OWA2007.domain.local
extension_methods RPC_IN_DATA RPC_OUT_DATA
https_port 443 cert=/usr/local/squid/certs/cert2.crt key=/usr/local/squid/certs/webmail2nopass.key defaultsite=OWA2007.domain.local
cache_peer 192.168.1.1 parent 443 0 no-query originserver login=PASS ssl sslflags=DONT_VERIFY_PEER sslcert=/usr/local/squid/certs/exchange.crt sslkey=/usr/local/squid/certs/nopassexchange.key name=owa2007
acl OWA2 dstdomain OWA2007.domain.local
cache_peer_access owa2007 allow OWA2

never_direct allow OWA2
http_access allow OWA2
miss_access allow OWA2
I'm not sure what I need to change to make Squid work as a reverse proxy for two OWA servers. Can anyone help me find what I'm doing wrong?

I also have this question cross-posted on ServerFault at http://serverfault.com/q/336913/91254
Received on Fri Dec 02 2011 - 16:49:35 MST

This archive was generated by hypermail 2.2.0 : Fri Dec 02 2011 - 12:00:01 MST