Do not have the Squid disk-cache on a RAIDed volume, or a RAIDed LUN on a SAN if not just RAID 0 test
Squid-Cache Wiki: FAQ Very Good
- Operating Squid Flush whole cahe, or one object and other stuff.
- Proxy Authentication Important if you want uses to seamlessly authenticate using NTLM (on a Windows domain) without typing in a pass
- Reverse Proxy Very good page about having several sites (virtual or otherwise) being reverse proxied though the same squid server. Also gives details on how squid can pass-through authentication.
- Squid Logs Guide
Using Squid to Reverse Proxy Outlook Web Access
Placing an Exchange server on the DMZ or even port forwarding 443 only is arguably a security hazard. Squid can be used as a reverse proxy in order to minimise the security risks. When setup Squid faces the internet instead of Exchange and the requests are relayed from Squid back to the Exchange server.
Due to failures of the OWA application this can be more then a little tricky and a search for "Squid reverse proxy owa" (or other proxies for that matter) will yield many results. OWA acts as if HTTP(S) were not a stateless protocol; causing issues with passing the authentication through correctly after logging on for every component. In addition Public folders can never be reverse proxied without work to rewrite the links through Squid as the OWA application inserts direct links to the exchange server in the HTML so any attempt to access public folders will result in a direct connection with the exchange server. Lastly, host-headers are not processed according to RFC standards which will cause problems if anything runs on a non-standard port - on WAN or LAN side.
Of all the configuration examples out there I recommend the one below:
Exchange needs to be configured to allow a Front-end server to handle the SSL: http://technet.microsoft.com/en-us/library/bb124604.aspx
Removing objects from the cache
squidclient -p 80 -m PURGE http://fullurl
Client has http_access but no http_reply_access