just for the archive, problem solved ! for a little howto, look below my layout: suse 9.x for reverse proxy ( public ip ) | firewall ( allow access on port 443 to internal owa server, restrict from proxy server only: tcp host public-ip host private-ip eq 443) | outlook web access on exchange 2003 ( private ip ) first: enable the formular based login on the owa server for https reverse proxy running now with apache (2.0.5x) apache configure: ./configure --enable-layout=SuSE --enable-headers --enable-ssl --enable-cgi --enable-vhost-alias --enable-dir --disable-userdir --enable-mime --enable-auth --enable-log-config --enable-rewrite --enable-so --enable-cache --enable-dav --enable-mime-magic --enable-proxy --enable-proxy-connect --enable-proxy-ftp --enable-proxy-http --with-ssl=/usr/include/ssl --with-mpm=prefork this apache running as webserver too, for reverse the proxy parts the important add to http.conf: Listen 443 NameVirtualHost *:443 create ssl certificates for this host ! virtual host layout: <VirtualHost *:443> SSLEngine on SSLProxyEngine on ServerSignature off ServerName host.domain.tld ProxyPreserveHost on ProxyRequests off ErrorLog /var/log/httpd/owa_error CustomLog /var/log/httpd/owa_access \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown SSLCertificateFile /etc/httpd/certs/server.crt SSLCertificateKeyFile /etc/httpd/certs/server.key Redirect / https://host.domain.tld/exchange ## srv066 = 192.168.22.25, better work with ip here ProxyPass /exchange https://192.168.22.25/exchange ProxyPassReverse /exchange https://192.168.22.25/exchange ProxyPass /exchweb https://192.168.22.25/exchweb ProxyPassReverse /exchweb https://192.168.22.25/exchweb ProxyPass /public https://192.168.22.25/public ProxyPassReverse /public https://192.168.22.25/public ProxyPass /exchweb/bin/auth https://192.168.22.25/exchweb/bin/auth ProxyPassReverse /exchweb/bin/auth http://192.168.22.25/exchweb/bin/auth ProxyPass /iisadmpwd https://192.168.22.25/iisadmpwd ProxyPassReverse /iisadmpwd https://192.168.22.25/iisadmpwd </VirtualHost> hope it will help someone in the future. greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \

-----Original Message----- From: Dörfler Andreas [mailto:Andreas.Doerfler@kempten.de] Sent: Wednesday, March 23, 2005 12:11 PM To: suse-security@suse.com Subject: [suse-security] OWA with squid 2.5 stable6, problem with connect

hi there,

after reading multible sites over a long time i hope im getting help via this list, im running crazy here

sheme:

client (www) -> squid (www - public ip) -> firewall -> owa (lan - private ip)

squid.conf:

visible_hostname host.domain.tld https_port 443 cert=/etc/squid/server.crt key=/etc/squid/server.key hosts_file /etc/squid/hosts http_port 127.0.0.1:8080

httpd_accel_host srv066 httpd_accel_port 80 httpd_accel_uses_host_header off httpd_accel_single_host on httpd_accel_with_proxy off

acl acl_testmail dstdomain srv066 http_access allow acl_testmail

acl to_index urlpath_regex /$ acl to_favicon urlpath_regex /favicon.ico$ acl to_exchange urlpath_regex /exchange http_access allow to_index http_access allow to_favicon http_access allow to_exchange

acl all src 0.0.0.0/0.0.0.0 header_access Accept-Encoding deny all never_direct allow all http_access deny all

when i try the connect via https://host.domain.tld, the following error ocoured:

While trying to retrieve the URL: http://srv066

The following error was encountered:

* Unable to forward this request at this time.

This request could not be forwarded to the origin server or to any parent caches. The most likely cause for this error is that:

* The cache administrator does not allow this cache to make direct connections to origin servers, and * All configured parent caches are currently unreachable.

its an urgent problem, so i hope getting help here