With using 3.1.18 now and login=PASS instead and added connection-auth=on, both in cache_peer, Active Sync can be used now.
cache_peer 192.168.100.24 parent 443 0 \
ssl sslflags=DONT_VERIFY_PEER \
sslcert=/etc/ssl/certs/webmail.domain.com.pem sslkey=/etc/ssl/certs/webmail.domain.com.pem \
proxy-only no-query no-digest front-end-https=on sourcehash round-robin originserver \
login=PASS connection-auth=on name=exchange forceddomain=webmail.domain.com
I'll reply again in a few days, if this configuration is stable...
> -----Original Message-----
> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Sent: Thursday, January 19, 2012 11:13 AM
> To: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] Problems with Active Sync over
> squid with basic auth. Any successful config for Active Sync
> and Outlook Anywhere on Exchange 2010 replacing an ISA server?
>
> 401 status means the header not being accepted is the
> "Authorization:"
> header.
>
> Connection is unchanged from what was passed to Squid, just
> re-positioned.
>
> Surrogate-Capability is a bit new yes, but HTTP requires ignoring
> unsupported headers. IIS would be incapable of performing
> regular HTTP
> traffic if it were that sensitive to unknown headers coming from
> clients. Weird stuff is the norm rather than the exception in HTTP.
>
>
> To debug further you can try opening a connection to IIS with
> telnet and
> send variations of those headers to it cut-n-paste style. Or use the
> squidclient tool to tailor the request particulars.
>
>
> Amos
>
>
Received on Thu Jan 19 2012 - 15:15:40 MST
This archive was generated by hypermail 2.2.0 : Fri Jan 20 2012 - 12:00:03 MST