Garry wrote:
Amos Jeffries wrote:
Garry wrote:
Hi,
we have a problem with a (it would originally seem) rather simple
setup ...
A server is running 2.6.(20), multiple SSL certs take care of
incoming connections on different ports for multiple servers. Servers
are then referenced through a local redirect which replaces the
original names sent to Squid with the internal HTTP addresses and
ports. So far, everything works fine.
Anyway, the problem begins with the authentication. While the auth
works fine for anything like IE, Firefox, Opera and the likes on
regular PCs, authentication itself works when someone connects using
a mobile client (Windows Mobile), but as soon as not a get but a post
is issued accessing any forms on the IIS app, the user auth isn't
sent anymore, so all I get is the 401 ...
I think I've read something on the net sometime somewhere, where a
patch/change in the source would be required to correctly hand
through auth requests from that crappy IIS ... but after many google
searches, I just can't seem to find anything sufficient ...
Any help appreciated ...
Add "login=PASS" (exact text) to the cache_peer lines which redirect
traffic to IIS.
I do not have any active cache_peer lines ... could that be the problem?
Part of it yes. It's much better to make the primary web servers accept
their domain names (if they even need to care) and use cache_peer to do
the redirection with minimal alteration to the request.
That gets around a whole host of problems like this truncating of the
Auth headers, but also including port, and cookie re-writing, etc.
The only time you really need redirect in squid is when sub-directories
etc are being cut out or altered. That adds a whole set of problems by
itself.
Squid operates solely as reverse proxy/accelerator, with many lines like
these:
http_port some.ip.address:80 accel defaultsite=www.doma.in
https_port some.ip.address:443 cert=/etc/ssl/... key=/etc/ssl/... accel
defaultsite=www.doma.in
and:
url_rewrite_program /usr/bin/redirect.pl
with redirect.pl rebuilding the destination URLs ... (from e.g.
https://www.doma.in/... into http://192.168.99.11/ )
As mentioned, the current setup works fine unless you use that crappy
Win Mobile w/ Mobile IE (or whatever is on them things). I'm waiting for
answer on whether Opera would work ...
One more thing: Querying the http version will work with the same mobile
devices! Even though I see the same 401 messages, but followed with
correct queries ...
-gg
Amos
--
Please use Squid 2.7.STABLE3 or 3.0.STABLE7
