zoukankan      html  css  js  c++  java
  • Configuring Squid as an accelerator/SSL offload for Outlook Web Access

    reference:http://wiki.squid-cache.org/SquidFaq/ReverseProxy/

    Configuring Squid as an accelerator/SSL offload for Outlook Web Access

    Warning: Any example presented here is provided "as-is" with no support or guarantee of suitability. If you have any further questions about these examples please email the squid-users mailing list.

    Outline

    Squid can be easily used to provide SSL acceleration services for Outlook Web Access. It can also speak SSL to the backend Exchange server. Later versions of Squid-2.6 support all the methods used by WebDAV by default. Please consider upgrading to at least the latest Squid-2.6 STABLE release before attempting this.

    Setup

    The example situation involves a single Outlook Web Access server and a single Squid server. The following information is required:

    • The IP of the Squid server (ip_of_squid)
    • The 'public' domain used for Outlook Web Access (owa_domain_name)
    • The IP of the Outlook Web Access server (ip_of_owa_server)

    Configuration

     

    /!

    This configuration MUST appear at the top of squid.conf above any other forward-proxy configuration (http_access etc). Otherwise the standard proxy access rules block some people viewing the accelerated site.

    Please note that the https_port and cache_peer lines may wrap in your browser!

    https_port ip_of_squid:443 accel cert=/path/to/certificate/ defaultsite=owa_domain_name
    
    cache_peer ip_of_owa_server parent 80 0 no-query originserver login=PASS front-end-https=on name=owaServer
    
    acl OWA dstdomain owa_domain_name
    cache_peer_access owaServer allow OWA
    never_direct allow OWA
    
    # lock down access to only query the OWA server!
    http_access allow OWA
    http_access deny all
    miss_access allow OWA
    miss_access deny all

    If the connection to the OWA server requires SSL then the cache_peer line should be changed appropriately:

    cache_peer ip_of_owa_server parent 443 0 no-query originserver login=PASS ssl sslcert=/path/to/client-certificate name=owaServer
    • (!) an apparent bug in Squid-3.1 means that https_port may also need to use the connection-auth=off option for now.

  • 相关阅读:
    socket的几大异常以及其出现的原因
    将文件打包成apk
    putty失活不挂起运行
    天气免费接口
    内存泄漏
    The superclass "javax.servlet.http.HttpServlet" was not found on the Java Build
    009 预处理 #pragma once; typedef; #ifdef
    008 区别 : NULL nullptr
    007 头文件 : 作用/组织/包含
    006 整数/浮点数/cpu频率
  • 原文地址:https://www.cnblogs.com/fklin/p/5407014.html
Copyright © 2011-2022 走看看