RE: [squid-users] Problems with Active Sync over squid with basic auth. Any successful config for Active Sync and Outlook Anywhere on Exchange 2010 replacing an ISA server?

With using 3.1.18 now and login=PASS instead and added connection-auth=on, both in cache_peer, Active Sync can be used now.

cache_peer 192.168.100.24 parent 443 0 \
        ssl sslflags=DONT_VERIFY_PEER \
        sslcert=/etc/ssl/certs/webmail.domain.com.pem sslkey=/etc/ssl/certs/webmail.domain.com.pem \
        proxy-only no-query no-digest front-end-https=on sourcehash round-robin originserver \
        login=PASS connection-auth=on name=exchange forceddomain=webmail.domain.com

I'll reply again in a few days, if this configuration is stable...

> -----Original Message-----
> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Sent: Thursday, January 19, 2012 11:13 AM
> To: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] Problems with Active Sync over
> squid with basic auth. Any successful config for Active Sync
> and Outlook Anywhere on Exchange 2010 replacing an ISA server?
>
> 401 status means the header not being accepted is the
> "Authorization:"
> header.
>
> Connection is unchanged from what was passed to Squid, just
> re-positioned.
>
> Surrogate-Capability is a bit new yes, but HTTP requires ignoring
> unsupported headers. IIS would be incapable of performing
> regular HTTP
> traffic if it were that sensitive to unknown headers coming from
> clients. Weird stuff is the norm rather than the exception in HTTP.
>
>
> To debug further you can try opening a connection to IIS with
> telnet and
> send variations of those headers to it cut-n-paste style. Or use the
> squidclient tool to tailor the request particulars.
>
>
> Amos
>
>
Received on Thu Jan 19 2012 - 15:15:40 MST