Configuration is stable now. Tested with several Active Sync mobile clients and Desktop Outlook 2010. The only part not yet tested is Kerberos and NTLM based authentication where parameter connection-auth might be relevant.
It's almost the same as given in http://wiki.squid-cache.org/ConfigExamples/Reverse/OutlookWebAccess with added connection-auth parameter and ssl options as I'm using a wildcard certificate. To disable cache function proxy-only, no-query and no-digest are added.
# Reverse Proxy for Active Sync, Outlook Webaccess, Outlook Anywhere (RPC over HTTPS)
# as frontend for Exchange 2010
# squid.conf for squid 3.1.18
# http://wiki.squid-cache.org/ConfigExamples/Reverse/OutlookWebAccess
# Debugging:
#debug_options ALL,3
logformat combined %>a %[ui %[un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
access_log /var/log/squidext/access.log combined
cache_log /var/log/squidext/cache.log
cache_effective_user squidext
cache_effective_group squidext
pid_filename /var/run/squidext.pid
httpd_suppress_version_string on
cache_mgr nomail_address_given
visible_hostname webmail.domain.com
via off
forwarded_for transparent
ignore_expect_100 on
ssl_unclean_shutdown on
# Internet connectors
https_port 172.17.201.25:443 accel \
cert=/etc/ssl/certs/domain.com.pem key=/etc/ssl/private/domain.com.pem \
defaultsite=webmail.domain.com
# destination server (Exchange)
cache_peer 192.168.100.24 parent 443 0 \
ssl ssldomain=*.domain.com sslcafile=/etc/ssl/certs/equifax_CA.pem \
proxy-only no-query no-digest front-end-https=on originserver \
login=PASS connection-auth=on name=exchange forceddomain=webmail.domain.com
acl srcall src all
acl EXCH dstdomain webmail.domain.com
never_direct allow EXCH
http_access allow EXCH
http_access deny srcall
cache_peer_access exchange allow EXCH
cache_peer_access exchange deny srcall
# eof
Received on Fri Jan 20 2012 - 11:20:34 MST
This archive was generated by hypermail 2.2.0 : Fri Jan 20 2012 - 12:00:03 MST