RE: [squid-users] Problems with Active Sync over squid with basic auth. Any successful config for Active Sync and Outlook Anywhere on Exchange 2010 replacing an ISA server?

From: Isenberg, Holger <isenberg_at_e-spirit.com>
Date: Thu, 19 Jan 2012 16:12:51 +0100

With using 3.1.18 now and login=PASS instead and added connection-auth=on, both in cache_peer, Active Sync can be used now.

cache_peer 192.168.100.24 parent 443 0 \
        ssl sslflags=DONT_VERIFY_PEER \
        sslcert=/etc/ssl/certs/webmail.domain.com.pem sslkey=/etc/ssl/certs/webmail.domain.com.pem \
        proxy-only no-query no-digest front-end-https=on sourcehash round-robin originserver \
        login=PASS connection-auth=on name=exchange forceddomain=webmail.domain.com

I'll reply again in a few days, if this configuration is stable...

> -----Original Message-----
> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Sent: Thursday, January 19, 2012 11:13 AM
> To: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] Problems with Active Sync over
> squid with basic auth. Any successful config for Active Sync
> and Outlook Anywhere on Exchange 2010 replacing an ISA server?
>
> 401 status means the header not being accepted is the
> "Authorization:"
> header.
>
> Connection is unchanged from what was passed to Squid, just
> re-positioned.
>
> Surrogate-Capability is a bit new yes, but HTTP requires ignoring
> unsupported headers. IIS would be incapable of performing
> regular HTTP
> traffic if it were that sensitive to unknown headers coming from
> clients. Weird stuff is the norm rather than the exception in HTTP.
>
>
> To debug further you can try opening a connection to IIS with
> telnet and
> send variations of those headers to it cut-n-paste style. Or use the
> squidclient tool to tailor the request particulars.
>
>
> Amos
>
>
Received on Thu Jan 19 2012 - 15:15:40 MST

This archive was generated by hypermail 2.2.0 : Fri Jan 20 2012 - 12:00:03 MST