On 12/03/11 03:24, Tapio Niemi wrote:
> Hi all,
>
> I'm new to squid and proxying in general, and I'm wondering if squid or
> any other proxy software by that matter is the right tool for the setup
> I need to do.
>
> Here's my situation. I have a HTTPS-only server on public internet,
> which requires client certificate authentication from all connections.
> (On apache terms, it's configured "SSLVerifyClient require"). Lets' call
> it server X.
>
> On a private, safe network (192.168.x.x style) I have hundreds of
> workstations that need to access server X. However, installing X.509
> client certificates on all these workstations is a great administrative
> burden.
>
> So my intention is to put a reverse proxy server on the private network
> that accepts HTTP-connections from the private network, has a valid
> X.509 client certificate installed and uses this certificate to talk to
> server X using HTTPS on behalf of all the clients in the private address
> space.
>
> So, is this possible? And if so, I would be grateful to be pointed on
> some documentation where I can get started.
It is.
This is what you need. Just replace "OWA" for "server X".
http://wiki.squid-cache.org/ConfigExamples/Reverse/OutlookWebAccess
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.11 Beta testers wanted for 3.2.0.5Received on Fri Mar 11 2011 - 23:28:39 MST
This archive was generated by hypermail 2.2.0 : Sat Mar 12 2011 - 12:00:01 MST