Hello list, (sended on behalf of B Constant) I'm currently trying to reverse proxy an OWA from Exchange 2003 with the CVS snapshot 20060628 without success. The idea is to perform SSL offloading on the squid for traffic coming from Internet send back the traffic to the Exchange front-end. It basically: client <--HTTPS--> Squid <--HTTP--> Exchange FE. Here are some details on my environment. Squid version and compile options: ./squid -v Squid Cache: Version 2.6.RC2-20060628 configure options: '--prefix=/usr/local/squid' '--with-pthreads' '--enable-ssl' '--enable-useragent-log' '--enable-referer-log' '--enable-ident-lookups' '--enable-cachemgr-hostname=localhost' '--disable-dependency-tracking' '--enable-truncate' '--enable-underscores' /etc/hosts file on my Linux box: 10.2.1.5 exchange-fe.local.mysite exchange-frontend 10.2.1.5 exchange-fe.local.mysite. exchange-fe.local.mysite is resolvable from squid box. Squid configuration file: https_port 10.1.1.2:443 defaultsite=exchange.mysite \ cert=/usr/local/squid/etc/exchange.mysite.crt \ key=/usr/local/squid/etc/exchange.mysite.key protocol=http cache_peer exchange-fe.local.mysite parent 80 0 front-end-https=on \ originserver proxy-only connection-auth=off cache_peer_access exchange-fe.local.mysite allow all http_access allow all The shell command './squid -k' parse doesn't report any error or misconfiguration. Now the problem is that I'm unable to authenticate to the Exchange Front-end, I always get a 401 till the completely authentication failed. The exchange front-end is configured with anonymous access and basic authentication and I can see the request in the logs of the web server. If I sniff the session on the server running squid and using tethereal, I can see the following traffic: Traffic from client to Squid server: /usr/sbin/tethereal host 10.1.1.2 and port 80 -d tcp.port==80,http Capturing on eth0 0.000000 10.1.1.1 -> 10.1.1.2 TCP 3178 > http [SYN] Seq=0 Len=0 MSS=1460 0.001328 10.1.1.2 -> 10.1.1.1 TCP http > 3178 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 0.000310 10.1.1.1 -> 10.1.1.2 TCP 3178 > http [ACK] Seq=1 Ack=1 Win=65535 Len=0 0.001366 10.1.1.1 -> 10.1.1.2 HTTP GET /exchange HTTP/1.1 0.001407 10.1.1.2 -> 10.1.1.1 TCP http > 3178 [ACK] Seq=1 Ack=428 Win=6432 Len=0 0.001827 10.1.1.2 -> 57.230.248.96 TCP 32849 > http [SYN] Seq=0 Len=0 MSS=1460 TSV=175445106 TSER=0 WS=2 0.003363 57.230.248.96 -> 10.1.1.2 TCP http > 32849 [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0 MSS=1460 WS=0 TSV=0 TSER=0 0.003397 10.1.1.2 -> 57.230.248.96 TCP 32849 > http [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=175445108 TSER=0 0.003604 10.1.1.2 -> 57.230.248.96 HTTP GET /exchange HTTP/1.0 0.009619 57.230.248.96 -> 10.1.1.2 HTTP HTTP/1.1 401 Unauthorized (text/html) 0.009640 10.1.1.2 -> 57.230.248.96 TCP 32849 > http [ACK] Seq=544 Ack=330 Win=6912 Len=0 TSV=175445114 TSER=77610845 0.009963 10.1.1.2 -> 10.1.1.1 HTTP HTTP/1.0 401 Unauthorized (text/html) 0.010196 10.1.1.2 -> 10.1.1.1 TCP http > 3178 [FIN, ACK] Seq=447 Ack=428 Win=6432 Len=0 0.010575 10.1.1.1 -> 10.1.1.2 TCP 3178 > http [ACK] Seq=428 Ack=448 Win=65089 Len=0 0.010614 10.1.1.1 -> 10.1.1.2 TCP 3178 > http [FIN, ACK] Seq=428 Ack=448 Win=65089 Len=0 0.010630 10.1.1.2 -> 10.1.1.1 TCP http > 3178 [ACK] Seq=448 Ack=429 Win=6432 Len=0 5.358676 10.1.1.1 -> 10.1.1.2 TCP 3179 > http [SYN] Seq=0 Len=0 MSS=1460 5.358708 10.1.1.2 -> 10.1.1.1 TCP http > 3179 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 5.359039 10.1.1.1 -> 10.1.1.2 TCP 3179 > http [ACK] Seq=1 Ack=1 Win=65535 Len=0 5.359214 10.1.1.1 -> 10.1.1.2 HTTP GET /exchange HTTP/1.1 5.359235 10.1.1.2 -> 10.1.1.1 TCP http > 3179 [ACK] Seq=1 Ack=479 Win=6432 Len=0 5.359543 10.1.1.2 -> 57.230.248.96 HTTP GET /exchange HTTP/1.0 5.361375 57.230.248.96 -> 10.1.1.2 HTTP HTTP/1.1 401 Unauthorized (text/html) 5.361393 10.1.1.2 -> 57.230.248.96 TCP 32849 > http [ACK] Seq=1087 Ack=659 Win=7984 Len=0 TSV=175450466 TSER=77610899 5.361721 10.1.1.2 -> 10.1.1.1 HTTP HTTP/1.0 401 Unauthorized (text/html) 5.361984 10.1.1.2 -> 10.1.1.1 TCP http > 3179 [FIN, ACK] Seq=447 Ack=479 Win=6432 Len=0 5.362381 10.1.1.1 -> 10.1.1.2 TCP 3179 > http [ACK] Seq=479 Ack=448 Win=65089 Len=0 10.189259 10.1.1.1 -> 10.1.1.2 HTTP GET /exchange HTTP/1.1 10.189289 10.1.1.2 -> 10.1.1.1 TCP http > 3179 [RST] Seq=448 Len=0 10.189837 10.1.1.1 -> 10.1.1.2 TCP 3180 > http [SYN] Seq=0 Len=0 MSS=1460 10.189865 10.1.1.2 -> 10.1.1.1 TCP http > 3180 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 10.190213 10.1.1.1 -> 10.1.1.2 TCP 3180 > http [ACK] Seq=1 Ack=1 Win=65535 Len=0 10.190890 10.1.1.1 -> 10.1.1.2 HTTP GET /exchange HTTP/1.1 10.190917 10.1.1.2 -> 10.1.1.1 TCP http > 3180 [ACK] Seq=1 Ack=479 Win=6432 Len=0 10.191282 10.1.1.2 -> 57.230.248.96 HTTP GET /exchange HTTP/1.0 10.192348 57.230.248.96 -> 10.1.1.2 HTTP HTTP/1.1 401 Unauthorized (text/html) 10.192367 10.1.1.2 -> 57.230.248.96 TCP 32849 > http [ACK] Seq=1630 Ack=988 Win=9056 Len=0 TSV=175455298 TSER=77610947 10.192688 10.1.1.2 -> 10.1.1.1 HTTP HTTP/1.0 401 Unauthorized (text/html) 10.192937 10.1.1.2 -> 10.1.1.1 TCP http > 3180 [FIN, ACK] Seq=447 Ack=479 Win=6432 Len=0 10.193208 10.1.1.1 -> 10.1.1.2 TCP 3180 > http [ACK] Seq=479 Ack=448 Win=65089 Len=0 Traffic from Squid server to Exchange FE: /usr/sbin/tethereal host 10.2.1.5 -d tcp.port==80,http Capturing on eth0 0.000000 10.1.1.2 -> 10.2.1.5 TCP 32849 > http [SYN] Seq=0 Len=0 MSS=1460 TSV=175445106 TSER=0 WS=2 0.001536 10.2.1.5 -> 10.1.1.2 TCP http > 32849 [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0 MSS=1460 WS=0 TSV=0 TSER=0 0.001570 10.1.1.2 -> 10.2.1.5 TCP 32849 > http [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=175445108 TSER=0 0.001777 10.1.1.2 -> 10.2.1.5 HTTP GET /exchange HTTP/1.0 0.007792 10.2.1.5 -> 10.1.1.2 HTTP HTTP/1.1 401 Unauthorized (text/html) 0.007813 10.1.1.2 -> 10.2.1.5 TCP 32849 > http [ACK] Seq=544 Ack=330 Win=6912 Len=0 TSV=175445114 TSER=77610845 5.357716 10.1.1.2 -> 10.2.1.5 HTTP GET /exchange HTTP/1.0 5.359548 10.2.1.5 -> 10.1.1.2 HTTP HTTP/1.1 401 Unauthorized (text/html) 5.359566 10.1.1.2 -> 10.2.1.5 TCP 32849 > http [ACK] Seq=1087 Ack=659 Win=7984 Len=0 TSV=175450466 TSER=77610899 10.189455 10.1.1.2 -> 10.2.1.5 HTTP GET /exchange HTTP/1.0 10.190521 10.2.1.5 -> 10.1.1.2 HTTP HTTP/1.1 401 Unauthorized (text/html) 10.190540 10.1.1.2 -> 10.2.1.5 TCP 32849 > http [ACK] Seq=1630 Ack=988 Win=9056 Len=0 TSV=175455298 TSER=77610947 I made the same tests using MSIE or Mozilla Firefox and it seems the credentials are not passed to Squid nor to the Exchange FE. Another question maybe off topic but is Squid able to do reverse proxying for multiple urls using different backend (peer cache)? How is the link between the https_port and the cache_peer done in this case? Using cache_peer_domain? Thank you for you help! Regards, Benjamin Constant