On Thu, 17 Mar 2005 00:59:44 -0500, Martin Burke <itsmarty@xxxxxxxxx> wrote: > I have 3.0-PRE3 running now, but the OWA login prompt doesn't accept > my credentials. The entry in the access log is: > > "GET https://testmail.ncmec.org/exchange/ HTTP/1.1" 401 405 > TCP_MISS:FIRST_UP_PARENT > > My connections using 2.5 always showed http rather than https, if > that's relevant. > > The setup is reverse-proxy listening on 443 and talking to OWA on 80. > Is the connection now ssl on both sides (from the client to the reverse proxy and then from the reverse proxy to the webserver)? If so, can I use 443 on both, or do I need to set up the webserver to accept ssl on 80? > My config file is as follows: > > visible_hostname testmail.ncmec.org > https_port 443 defaultsite=testmail.ncmec.org > cert=/etc/squid/webmail.crt key=/etc/squid/webmail.key > > cache_peer 172.25.4.51 parent 80 0 no-query originserver front-end-https=auto The other suggestions I've seen for a config file for this arrangement are: proxy-only login=PASS never_direct allow all header_access Accept-Encoding deny all I've added them one by one, and since putting in login=PASS, I get past the login prompt but am back to the old situation of seeing two frames with no data. My cache_peer line now looks as follows: cache_peer 172.25.4.51 parent 80 0 no-query proxy-only originserver front-end-https=auto login=PASS > > hosts_file /etc/squid/hosts > > http_port 127.0.0.1:8080 > > acl acl_testmail dstdomain testmail.ncmec.org > http_access allow acl_testmail > > acl to_index urlpath_regex /$ > acl to_favicon urlpath_regex /favicon.ico$ acl to_exchange > urlpath_regex /exchange http_access allow to_index http_access allow > to_favicon http_access allow to_exchange > > acl all src 0.0.0.0/0.0.0.0 > http_access deny all > > Thanks for any assistance provided, > > Martin Burke > National Center for Missing & Exploited Children > 699 Prince St > Alexandria, VA 22314 >
