From 2bbfbdd783fe46d584d91b6014ef6c86520a9097 Mon Sep 17 00:00:00 2001 From: Martin Fuchs Date: Fri, 13 Jun 2014 11:31:52 +0200 Subject: allow multiple CAS-servers, correct checks --- config/squid3/33/squid.inc | 20 ++++++++------------ config/squid3/33/squid_reverse.inc | 23 ++++++++++++++++++----- config/squid3/33/squid_reverse.xml | 4 ++-- config/squid3/33/squid_reverse_general.xml | 4 ++-- pkg_config.10.xml | 2 +- pkg_config.8.xml | 2 +- pkg_config.8.xml.amd64 | 2 +- 7 files changed, 33 insertions(+), 24 deletions(-) diff --git a/config/squid3/33/squid.inc b/config/squid3/33/squid.inc index a97746e2..d006c0db 100755 --- a/config/squid3/33/squid.inc +++ b/config/squid3/33/squid.inc @@ -615,9 +615,8 @@ function squid_validate_reverse($post, $input_errors) { if(!empty($post['reverse_ip'])) { $reverse_ip = explode(";", ($post['reverse_ip'])); foreach ($reverse_ip as $reip) { - if (!is_ipaddr($reip)) - $input_errors[] = 'You must enter a valid IP address in the \'User-defined reverse-proxy IPs\' field'; - break; + if (!is_ipaddr(trim($reip))) + $input_errors[] = 'You must enter a valid IP address in the \'User-defined reverse-proxy IPs\' field'.' -> \''.$reip.'\' is invalid.'; }} $fqdn = trim($post['reverse_external_fqdn']); @@ -639,15 +638,12 @@ function squid_validate_reverse($post, $input_errors) { $input_errors[] = "You have to enable reverse HTTPS before enabling OWA support."; } -/* - if (!is_cert($post['reverse_int_ca'])) - $input_errors[] = 'A valid certificate for the external interface must be selected'; -*/ - - $rowa = trim($post['reverse_owa_ip']); - if (!empty($rowa) && !is_ipaddr($rowa)) - $input_errors[] = 'The field \'OWA frontend IP address\' must contain a valid IP address'; - + if(!empty($post['reverse_owa_ip'])) { + $reverse_owa_ip = explode(";", ($post['reverse_owa_ip'])); + foreach ($reverse_owa_ip as $reowaip) { + if (!is_ipaddr(trim($reowaip))) + $input_errors[] = 'You must enter a valid IP address in the \'CAS-Array / OWA frontend IP address\' field'.' -> \''.$reowaip.'\' is invalid.'; + }} $contents = $post['reverse_cache_peer']; if(!empty($contents)) { diff --git a/config/squid3/33/squid_reverse.inc b/config/squid3/33/squid_reverse.inc index 6ae209b2..69d461e4 100755 --- a/config/squid3/33/squid_reverse.inc +++ b/config/squid3/33/squid_reverse.inc @@ -100,14 +100,22 @@ function squid_resync_reverse() { //PEERS if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip']))) - $conf .= "cache_peer {$settings['reverse_owa_ip']} parent 443 0 proxy-only no-query originserver login=PASSTHRU connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_pfs\n"; - + + if(!empty($settings['reverse_owa_ip'])) { + $reverse_owa_ip = explode(";", ($settings['reverse_owa_ip'])); + $casnr = 0; + foreach ($reverse_owa_ip as $reowaip) { + $casnr++; + $conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASSTHRU connection-auth=on round-robin ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_{$casnr}_pfs\n"; + } + } + $active_peers=array(); if (is_array($reverse_peers)) foreach ($reverse_peers as $rp){ if ($rp['enable'] =="on" && $rp['name'] !="" && $rp['ip'] !="" && $rp['port'] !=""){ $conf_peer = "#{$rp['description']}\n"; - $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASSTHRU round-robin "; + $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASSTHRU connection-auth=on round-robin "; if($rp['protocol'] == 'HTTPS') $conf_peer .= "ssl sslflags=DONT_VERIFY_PEER front-end-https=auto "; $conf_peer .= "name=rvp_{$rp['name']}\n\n"; @@ -210,8 +218,13 @@ function squid_resync_reverse() { //ACCESS if ($settings['reverse_owa'] == 'on' && !empty($settings['reverse_owa_ip']) && $settings['reverse_https'] =="on") { - $conf .= "cache_peer_access OWA_HOST_pfs allow OWA_URI_pfs\n"; - $conf .= "cache_peer_access OWA_HOST_pfs deny allsrc\n"; + + for($cascnt=1;$cascnt<$casnr+1;$cascnt++) + { + $conf .= "cache_peer_access OWA_HOST_{$cascnt}_pfs allow OWA_URI_pfs\n"; + $conf .= "cache_peer_access OWA_HOST_{$cascnt}_pfs deny allsrc\n"; + } + $conf .= "never_direct allow OWA_URI_pfs\n"; $conf .= "http_access allow OWA_URI_pfs\n"; } diff --git a/config/squid3/33/squid_reverse.xml b/config/squid3/33/squid_reverse.xml index 28d8cbcf..b0f6a614 100755 --- a/config/squid3/33/squid_reverse.xml +++ b/config/squid3/33/squid_reverse.xml @@ -219,9 +219,9 @@ CAS-Array / OWA frontend IP address reverse_owa_ip - This is the internal IP Address of the CAS-Array / OWA frontend server. + These are the internal IPs of the CAS-Array (OWA frontend servers). Separate by semi-colons (;). input - 15 + 70 Enable ActiveSync diff --git a/config/squid3/33/squid_reverse_general.xml b/config/squid3/33/squid_reverse_general.xml index 029072a6..9bff5d8e 100755 --- a/config/squid3/33/squid_reverse_general.xml +++ b/config/squid3/33/squid_reverse_general.xml @@ -207,9 +207,9 @@ CAS-Array / OWA frontend IP address reverse_owa_ip - This is the internal IP Address of the CAS-Array / OWA frontend server. + These are the internal IPs of the CAS-Array (OWA frontend servers). Separate by semi-colons (;). input - 15 + 70 Enable ActiveSync diff --git a/pkg_config.10.xml b/pkg_config.10.xml index 80029885..52f63d81 100644 --- a/pkg_config.10.xml +++ b/pkg_config.10.xml @@ -963,7 +963,7 @@ https://forum.pfsense.org/index.php/topic,48347.0.html http://www.squid-cache.org/ Network - 3.3.10 pkg 2.2.5 + 3.3.10 pkg 2.2.6 beta 2.2 marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org diff --git a/pkg_config.8.xml b/pkg_config.8.xml index b79acb02..8467fca2 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -1260,7 +1260,7 @@ https://forum.pfsense.org/index.php/topic,48347.0.html http://www.squid-cache.org/ Network - 3.3.10 pkg 2.2.5 + 3.3.10 pkg 2.2.6 beta 2.0 marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 4eb21d87..1a0bac95 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -1247,7 +1247,7 @@ https://forum.pfsense.org/index.php/topic,48347.0.html http://www.squid-cache.org/ Network - 3.3.10 pkg 2.2.5 + 3.3.10 pkg 2.2.6/version> beta 2.0 marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org -- cgit v1.2.3 From 47a250e0d2b516cc87c7b582fda6f548c33c3d73 Mon Sep 17 00:00:00 2001 From: Martin Fuchs Date: Fri, 13 Jun 2014 11:52:37 +0200 Subject: allow multiple CAS-servers, correct checks --- config/squid3/31/squid.inc | 21 +++++++++------------ config/squid3/31/squid_reverse.inc | 20 +++++++++++++++++--- config/squid3/31/squid_reverse.xml | 4 ++-- config/squid3/31/squid_reverse_general.xml | 4 ++-- pkg_config.10.xml | 2 +- pkg_config.8.xml | 2 +- pkg_config.8.xml.amd64 | 2 +- 7 files changed, 33 insertions(+), 22 deletions(-) diff --git a/config/squid3/31/squid.inc b/config/squid3/31/squid.inc index 0256d078..b8f1e3e1 100644 --- a/config/squid3/31/squid.inc +++ b/config/squid3/31/squid.inc @@ -402,6 +402,7 @@ function squid_validate_general($post, $input_errors) { if (!empty($icp_port) && !is_port($icp_port)) $input_errors[] = 'You must enter a valid port number in the \'ICP port\' field'; + if (substr($post['log_dir'], -1, 1) == '/') $input_errors[] = 'You may not end log location with an / mark'; @@ -594,9 +595,8 @@ function squid_validate_reverse($post, $input_errors) { if(!empty($post['reverse_ip'])) { $reverse_ip = explode(";", ($post['reverse_ip'])); foreach ($reverse_ip as $reip) { - if (!is_ipaddr($reip)) - $input_errors[] = 'You must enter a valid IP address in the \'User-defined reverse-proxy IPs\' field'; - break; + if (!is_ipaddr(trim($reip))) + $input_errors[] = 'You must enter a valid IP address in the \'User-defined reverse-proxy IPs\' field'.' -> \''.$reip.'\' is invalid.'; }} $fqdn = trim($post['reverse_external_fqdn']); @@ -618,15 +618,12 @@ function squid_validate_reverse($post, $input_errors) { $input_errors[] = "You have to enable reverse HTTPS before enabling OWA support."; } -/* - if (!is_cert($post['reverse_int_ca'])) - $input_errors[] = 'A valid certificate for the external interface must be selected'; -*/ - - $rowa = trim($post['reverse_owa_ip']); - if (!empty($rowa) && !is_ipaddr($rowa)) - $input_errors[] = 'The field \'OWA frontend IP address\' must contain a valid IP address'; - + if(!empty($post['reverse_owa_ip'])) { + $reverse_owa_ip = explode(";", ($post['reverse_owa_ip'])); + foreach ($reverse_owa_ip as $reowaip) { + if (!is_ipaddr(trim($reowaip))) + $input_errors[] = 'You must enter a valid IP address in the \'CAS-Array / OWA frontend IP address\' field'.' -> \''.$reowaip.'\' is invalid.'; + }} $contents = $post['reverse_cache_peer']; if(!empty($contents)) { diff --git a/config/squid3/31/squid_reverse.inc b/config/squid3/31/squid_reverse.inc index 4ac7fe82..418220c3 100644 --- a/config/squid3/31/squid_reverse.inc +++ b/config/squid3/31/squid_reverse.inc @@ -100,8 +100,17 @@ function squid_resync_reverse() { //PEERS if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip']))) - $conf .= "cache_peer {$settings['reverse_owa_ip']} parent 443 0 proxy-only no-query originserver login=PASS connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_pfs\n"; + + if(!empty($settings['reverse_owa_ip'])) { + $reverse_owa_ip = explode(";", ($settings['reverse_owa_ip'])); + $casnr = 0; + foreach ($reverse_owa_ip as $reowaip) { + $casnr++; + $conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASS round-robin ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_{$casnr}_pfs\n"; + } + } + $active_peers=array(); if (is_array($reverse_peers)) foreach ($reverse_peers as $rp){ @@ -211,8 +220,13 @@ function squid_resync_reverse() { //ACCESS if ($settings['reverse_owa'] == 'on' && !empty($settings['reverse_owa_ip']) && $settings['reverse_https'] =="on") { - $conf .= "cache_peer_access OWA_HOST_pfs allow OWA_URI_pfs\n"; - $conf .= "cache_peer_access OWA_HOST_pfs deny allsrc\n"; + + for($cascnt=1;$cascnt<$casnr+1;$cascnt++) + { + $conf .= "cache_peer_access OWA_HOST_{$cascnt}_pfs allow OWA_URI_pfs\n"; + $conf .= "cache_peer_access OWA_HOST_{$cascnt}_pfs deny allsrc\n"; + } + $conf .= "never_direct allow OWA_URI_pfs\n"; $conf .= "http_access allow OWA_URI_pfs\n"; } diff --git a/config/squid3/31/squid_reverse.xml b/config/squid3/31/squid_reverse.xml index 28d8cbcf..b0f6a614 100644 --- a/config/squid3/31/squid_reverse.xml +++ b/config/squid3/31/squid_reverse.xml @@ -219,9 +219,9 @@ CAS-Array / OWA frontend IP address reverse_owa_ip - This is the internal IP Address of the CAS-Array / OWA frontend server. + These are the internal IPs of the CAS-Array (OWA frontend servers). Separate by semi-colons (;). input - 15 + 70 Enable ActiveSync diff --git a/config/squid3/31/squid_reverse_general.xml b/config/squid3/31/squid_reverse_general.xml index 029072a6..9bff5d8e 100644 --- a/config/squid3/31/squid_reverse_general.xml +++ b/config/squid3/31/squid_reverse_general.xml @@ -207,9 +207,9 @@ CAS-Array / OWA frontend IP address reverse_owa_ip - This is the internal IP Address of the CAS-Array / OWA frontend server. + These are the internal IPs of the CAS-Array (OWA frontend servers). Separate by semi-colons (;). input - 15 + 70 Enable ActiveSync diff --git a/pkg_config.10.xml b/pkg_config.10.xml index 52f63d81..d86fb84a 100644 --- a/pkg_config.10.xml +++ b/pkg_config.10.xml @@ -939,7 +939,7 @@ https://forum.pfsense.org/index.php/topic,48347.0.html http://www.squid-cache.org/ Network - 3.1.20 pkg 2.0.9 + 3.1.20 pkg 2.1.0 beta 2.2 marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 8467fca2..a60fa0c2 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -1233,7 +1233,7 @@ https://forum.pfsense.org/index.php/topic,48347.0.html http://www.squid-cache.org/ Network - 3.1.20 pkg 2.0.9 + 3.1.20 pkg 2.1.0 beta 2.0 marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 1a0bac95..37560902 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -1220,7 +1220,7 @@ https://forum.pfsense.org/index.php/topic,48347.0.html http://www.squid-cache.org/ Network - 3.1.20 pkg 2.0.9 + 3.1.20 pkg 2.1.0 beta 2.0 marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org -- cgit v1.2.3 From 15dd9887e6c3c4c2d78dddca38a6fda7f997ab88 Mon Sep 17 00:00:00 2001 From: Martin Fuchs Date: Fri, 13 Jun 2014 14:53:51 +0200 Subject: fixed reverse owa OWA does not work with round-robin --- config/squid3/31/squid_reverse.inc | 2 +- config/squid3/33/squid_reverse.inc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/squid3/31/squid_reverse.inc b/config/squid3/31/squid_reverse.inc index 418220c3..798fead0 100644 --- a/config/squid3/31/squid_reverse.inc +++ b/config/squid3/31/squid_reverse.inc @@ -106,7 +106,7 @@ function squid_resync_reverse() { $casnr = 0; foreach ($reverse_owa_ip as $reowaip) { $casnr++; - $conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASS round-robin ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_{$casnr}_pfs\n"; + $conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASS ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_{$casnr}_pfs\n"; } } diff --git a/config/squid3/33/squid_reverse.inc b/config/squid3/33/squid_reverse.inc index 69d461e4..c2463102 100755 --- a/config/squid3/33/squid_reverse.inc +++ b/config/squid3/33/squid_reverse.inc @@ -106,7 +106,7 @@ function squid_resync_reverse() { $casnr = 0; foreach ($reverse_owa_ip as $reowaip) { $casnr++; - $conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASSTHRU connection-auth=on round-robin ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_{$casnr}_pfs\n"; + $conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASSTHRU connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_{$casnr}_pfs\n"; } } -- cgit v1.2.3 From a1538e7d5450ca85fa2a2536086e0203b84beef6 Mon Sep 17 00:00:00 2001 From: Martin Fuchs Date: Tue, 17 Jun 2014 08:51:48 +0200 Subject: enable AutoDiscover HTTP --- config/squid3/31/squid_reverse.inc | 11 +++++++---- config/squid3/33/squid_reverse.inc | 10 +++++++--- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/config/squid3/31/squid_reverse.inc b/config/squid3/31/squid_reverse.inc index 798fead0..20e16739 100644 --- a/config/squid3/31/squid_reverse.inc +++ b/config/squid3/31/squid_reverse.inc @@ -106,8 +106,8 @@ function squid_resync_reverse() { $casnr = 0; foreach ($reverse_owa_ip as $reowaip) { $casnr++; - $conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASS ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_{$casnr}_pfs\n"; - + $conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASS ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_443_{$casnr}_pfs\n"; + $conf .= "cache_peer {$reowaip} parent 80 0 proxy-only no-query originserver login=PASS name=OWA_HOST_80_{$casnr}_pfs\n"; } } @@ -193,6 +193,7 @@ function squid_resync_reverse() { if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])) && ($settings['reverse_owa_autodiscover'] == 'on')) { $reverse_external_domain = strstr($settings['reverse_external_fqdn'], '.'); $conf .= "acl OWA_URI_pfs url_regex -i ^https://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; + $conf .= "acl OWA_URI_pfs url_regex -i ^http://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; } } //$conf .= "ssl_unclean_shutdown on"; @@ -223,8 +224,10 @@ function squid_resync_reverse() { for($cascnt=1;$cascnt<$casnr+1;$cascnt++) { - $conf .= "cache_peer_access OWA_HOST_{$cascnt}_pfs allow OWA_URI_pfs\n"; - $conf .= "cache_peer_access OWA_HOST_{$cascnt}_pfs deny allsrc\n"; + $conf .= "cache_peer_access OWA_HOST_443_{$cascnt}_pfs allow OWA_URI_pfs\n"; + $conf .= "cache_peer_access OWA_HOST_80_{$cascnt}_pfs allow OWA_URI_pfs\n"; + $conf .= "cache_peer_access OWA_HOST_443_{$cascnt}_pfs deny allsrc\n"; + $conf .= "cache_peer_access OWA_HOST_80_{$cascnt}_pfs deny allsrc\n"; } $conf .= "never_direct allow OWA_URI_pfs\n"; diff --git a/config/squid3/33/squid_reverse.inc b/config/squid3/33/squid_reverse.inc index c2463102..5226e819 100755 --- a/config/squid3/33/squid_reverse.inc +++ b/config/squid3/33/squid_reverse.inc @@ -106,7 +106,8 @@ function squid_resync_reverse() { $casnr = 0; foreach ($reverse_owa_ip as $reowaip) { $casnr++; - $conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASSTHRU connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_{$casnr}_pfs\n"; + $conf .= "cache_peer {$reowaip} parent 443 0 proxy-only no-query originserver login=PASSTHRU connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_443_{$casnr}_pfs\n"; + $conf .= "cache_peer {$reowaip} parent 80 0 proxy-only no-query originserver login=PASSTHRU connection-auth=on name=OWA_HOST_80_{$casnr}_pfs\n"; } } @@ -191,6 +192,7 @@ function squid_resync_reverse() { if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])) && ($settings['reverse_owa_autodiscover'] == 'on')) { $reverse_external_domain = strstr($settings['reverse_external_fqdn'], '.'); $conf .= "acl OWA_URI_pfs url_regex -i ^https://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; + $conf .= "acl OWA_URI_pfs url_regex -i ^http://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; } } //$conf .= "ssl_unclean_shutdown on"; @@ -221,8 +223,10 @@ function squid_resync_reverse() { for($cascnt=1;$cascnt<$casnr+1;$cascnt++) { - $conf .= "cache_peer_access OWA_HOST_{$cascnt}_pfs allow OWA_URI_pfs\n"; - $conf .= "cache_peer_access OWA_HOST_{$cascnt}_pfs deny allsrc\n"; + $conf .= "cache_peer_access OWA_HOST_443_{$cascnt}_pfs allow OWA_URI_pfs\n"; + $conf .= "cache_peer_access OWA_HOST_80_{$cascnt}_pfs allow OWA_URI_pfs\n"; + $conf .= "cache_peer_access OWA_HOST_443_{$cascnt}_pfs deny allsrc\n"; + $conf .= "cache_peer_access OWA_HOST_80_{$cascnt}_pfs deny allsrc\n"; } $conf .= "never_direct allow OWA_URI_pfs\n"; -- cgit v1.2.3 From a579dfb326bb24443f0d7da0dbcde27a527cb9aa Mon Sep 17 00:00:00 2001 From: Martin Fuchs Date: Tue, 17 Jun 2014 20:07:19 +0200 Subject: add autodiscover url for self-hosted domains as tested in microsoft-connectivity-analyzer --- config/squid3/31/squid_reverse.inc | 4 +++- config/squid3/33/squid_reverse.inc | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/config/squid3/31/squid_reverse.inc b/config/squid3/31/squid_reverse.inc index 20e16739..d2611c79 100644 --- a/config/squid3/31/squid_reverse.inc +++ b/config/squid3/31/squid_reverse.inc @@ -192,8 +192,10 @@ function squid_resync_reverse() { if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])) && ($settings['reverse_owa_autodiscover'] == 'on')) { $reverse_external_domain = strstr($settings['reverse_external_fqdn'], '.'); - $conf .= "acl OWA_URI_pfs url_regex -i ^https://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; + $conf .= "acl OWA_URI_pfs url_regex -i ^http://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n"; + $conf .= "acl OWA_URI_pfs url_regex -i ^https://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n"; $conf .= "acl OWA_URI_pfs url_regex -i ^http://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; + $conf .= "acl OWA_URI_pfs url_regex -i ^https://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; } } //$conf .= "ssl_unclean_shutdown on"; diff --git a/config/squid3/33/squid_reverse.inc b/config/squid3/33/squid_reverse.inc index 5226e819..a6b81c0b 100755 --- a/config/squid3/33/squid_reverse.inc +++ b/config/squid3/33/squid_reverse.inc @@ -191,8 +191,10 @@ function squid_resync_reverse() { if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])) && ($settings['reverse_owa_autodiscover'] == 'on')) { $reverse_external_domain = strstr($settings['reverse_external_fqdn'], '.'); - $conf .= "acl OWA_URI_pfs url_regex -i ^https://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; + $conf .= "acl OWA_URI_pfs url_regex -i ^http://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n"; + $conf .= "acl OWA_URI_pfs url_regex -i ^https://{$settings['reverse_external_fqdn']}/AutoDiscover/AutoDiscover.xml\n"; $conf .= "acl OWA_URI_pfs url_regex -i ^http://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; + $conf .= "acl OWA_URI_pfs url_regex -i ^https://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n"; } } //$conf .= "ssl_unclean_shutdown on"; -- cgit v1.2.3