Hi at all I have a problem with authentication RPC over HTTPS with squid-2.7STABLE6-1 (rpm downloaded from squid-cache.org). I have squid server(version 2.5STABLE14-1 + owa patch) where RPC over HTTPS authetication works fine. With both version now problem via OWA. These are the log: access.log 10.223.0.71 - - [10/Aug/2009:11:03:56 +0200] "RPC_IN_DATA https://webmail.XXXxxxxx.it/rpc/rpcproxy.dll?EXPROMO1.nf.xxxxxXXX.it:6002 HTTP/1.1" 401 509 TCP_MISS:SOURCEHASH_PARENT 10.223.0.71 - - [10/Aug/2009:11:03:56 +0200] "RPC_OUT_DATA https://webmail.XXXxxxxx.it/rpc/rpcproxy.dll?EXPROMO1.nf.xxxxxXXX.it:6002 HTTP/1.1" 401 509 TCP_MISS:SOURCEHASH_PARENT cache.log(I insert just, for me, rilevant) 2009/08/10 11:03:52| httpAppendBody: Request not yet fully sent "RPC_IN_DATA https://webmail.XXXxxxxx.it/rpc/rpcproxy.dll?EXPROMO1.nf.xxxxxXXX.it:6002"; 2009/08/10 11:03:52| fwdComplete: https://webmail.XXXxxxxx.it/rpc/rpcproxy.dll?EXPROMO1.nf.xxxxxXXX.it:6002 2009/08/10 11:03:52| fwdReforward: https://webmail.XXXxxxxx.it/rpc/rpcproxy.dll?EXPROMO1.nf.xxxxxXXX.it:6002? 2009/08/10 11:03:52| fwdReforward: No, ENTRY_FWD_HDR_WAIT isn't set 2009/08/10 11:03:52| fwdComplete: not re-forwarding status 401 and useful(?) exchange log: 2009-08-10 09:00:07 W3SVC1 MI1EXPROM1 10.223.247.61 GET /exchweb/bin/auth/owalogon.asp url=https://webmail.XXXxxxxx.it/exchange/&reason=0 443 - 192.168.21.245 HTTP/1.1 libwww-perl/5.823 - - webmail.XXXxxxxx.it 200 0 0 9070 205 0 2009-08-10 09:00:38 W3SVC1 MI1EXPROM1 10.223.247.61 RPC_OUT_DATA /rpc/rpcproxy.dll EXPROMO1.nf.xxxxxXXX.it:6002 443 - 10.223.247.201 HTTP/1.0 MSRPC - - webmail.XXXxxxxx.it 401 2 2148074254 375 451 46 2009-08-10 09:00:38 W3SVC1 MI1EXPROM1 10.223.247.61 RPC_IN_DATA /rpc/rpcproxy.dll EXPROMO1.nf.xxxxxXXX.it:6002 443 - 10.223.247.201 HTTP/1.0 MSRPC - - webmail.XXXxxxxx.it 401 2 2148074254 375 448 124 2009-08-10 09:02:08 W3SVC1 MI1EXPROM1 10.223.247.61 GET /exchweb/bin/auth/owalogon.asp url=https://webmail.XXXxxxxx.it/exchange/&reason=0 443 - 192.168.21.245 HTTP/1.1 libwww-perl/5.823 - - webmail.XXXxxxxx.it 200 0 0 9070 205 15 2009-08-10 09:03:52 W3SVC1 MI1EXPROM1 10.223.247.61 RPC_IN_DATA /rpc/rpcproxy.dll EXPROMO1.nf.xxxxxXXX.it:6002 443 - 10.223.247.201 HTTP/1.0 MSRPC - - webmail.XXXxxxxx.it 401 2 2148074254 375 344 0 2009-08-10 09:03:52 W3SVC1 MI1EXPROM1 10.223.247.61 RPC_OUT_DATA /rpc/rpcproxy.dll EXPROMO1.nf.xxxxxXXX.it:6002 443 - 10.223.247.201 HTTP/1.0 MSRPC - - webmail.XXXxxxxx.it 401 2 2148074254 375 451 0 2009-08-10 09:03:56 W3SVC1 MI1EXPROM1 10.223.247.61 RPC_IN_DATA /rpc/rpcproxy.dll EXPROMO1.nf.xxxxxXXX.it:6002 443 - 10.223.247.201 HTTP/1.0 MSRPC - - webmail.XXXxxxxx.it 401 2 2148074254 375 344 0 2009-08-10 09:03:56 W3SVC1 MI1EXPROM1 10.223.247.61 RPC_OUT_DATA /rpc/rpcproxy.dll EXPROMO1.nf.xxxxxXXX.it:6002 443 - 10.223.247.201 HTTP/1.0 MSRPC - - webmail.XXXxxxxx.it 401 2 2148074254 375 451 0 2009-08-10 09:04:07 W3SVC1 MI1EXPROM1 10.223.247.61 GET /exchweb/bin/auth/owalogon.asp url=https://webmail.XXXxxxxx.it/exchange/&reason=0 443 - 192.168.21.245 HTTP/1.1 libwww-perl/5.823 - - webmail.XXXxxxxx.it 200 0 0 9070 205 0 Below the configuration: squid 2.5STABLE14-1 + owa patch http_port 80 extension_methods RPC_IN_DATA RPC_OUT_DATA https_port 10.223.243.26:443 cert=/etc/squid/cert/wm.XXXxxxxx.it.cert key=/etc/squid/cert/wm.XXXxxxxx.it.private.key cafile=/etc/squid/cert/cafile.cert ssl_unclean_shutdown on cache_peer mail.XXXxxxxx.it parent 443 0 ssl sslcert=/etc/squid/cert/mi1exprom1.cert sslflags=DONT_VERIFY_PEER proxy-only no-query no-digest front-end-https=on hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY emulate_httpd_log on log_ip_on_direct on debug_options ALL,1,83,2 hosts_file /etc/hosts redirect_rewrites_host_header on refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 shutdown_lifetime 0 seconds acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports acl xxxxx src 192.168.55.0/24 acl easy_bb src xxx.xxx.64.0/19 acl easy_bb src xxx.xxx.224.0/19 acl easy_bb src xxx.xxx.16.0/20 acl easy_bb src xxx.xxx.81.0/24 acl easy_bb src xxx.xxx.87.0/24 acl easy_bb src xxx.xxx.26.0/24 acl easy_bb src xxx.xxx.144.0/20 acl easy_bb src xxx.xxx.240.0/20 acl destination dst 10.223.243.24/32 acl access_mail urlpath_regex -i "/etc/squid/users/access_mail.txt" acl access_url url_regex -i "/etc/squid/url_valid.txt" acl acl_pfa dstdomain webmail.XXXxxxxx.it http_access deny easy_bb http_access allow xxxxx http_access allow access_mail http_access allow access_url http_access allow localhost http_access deny all http_reply_access allow all icp_access allow all cache_peer_access mail.XXXxxxxx.it allow acl_pfa cache_peer_access mail.XXXxxxxx.it deny all tcp_outgoing_address 10.223.247.203 xxxxx tcp_outgoing_address 10.223.247.201 cache_mgr net@xxxxxxxx cache_effective_user squid cache_effective_group squid visible_hostname webmail.XXXxxxxx.it httpd_accel_host virtual httpd_accel_port 443 httpd_accel_single_host on httpd_accel_with_proxy off httpd_accel_uses_host_header on err_html_text . deny_info ERR_xxxxxXXX all deny_info ERR_xxxxxXXX access_mail never_direct allow all strip_query_terms off coredump_dir /var/spool/squid max_filedesc 4096 Configuratio squid.conf-2.7STABLE6-1 acl all src all acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY acl xxxxx src 192.168.55.0/24 acl xxxxx src 10.221.121.0/24 acl easy_bb src xxx.xxx.64.0/19 acl easy_bb src xxx.xxx.224.0/19 acl easy_bb src xxx.xxx.16.0/20 acl easy_bb src xxx.xxx.81.0/24 acl easy_bb src xxx.xxx.87.0/24 acl easy_bb src xxx.xxx.26.0/24 acl easy_bb src xxx.xxx.144.0/20 acl easy_bb src xxx.xxx.240.0/20 acl access_mail urlpath_regex -i "/etc/squid/users/access_mail.txt" acl access_url url_regex -i "/etc/squid/url_valid.txt" acl acl_pfa dstdomain webmail.XXXxxxxx.it http_access deny easy_bb http_access allow xxxxx http_access allow access_mail http_access allow access_url http_access allow localhost http_access deny all http_reply_access allow all icp_access allow all ssl_unclean_shutdown on http_port 80 accel vhost https_port 10.223.247.201:443 accel vhost cert=/etc/squid/cert/wm.XXXxxxxx.it.cert key=/etc/squid/cert/wm.XXXxxxxx.it.private.key cafile=/etc/squid/cert/cafile.cert cache_peer mi1exprom1.nf.xxxxxXXX.it parent 443 0 ssl sslcert=/etc/squid/cert/mi1exprom1.cert sslflags=DONT_VERIFY_PEER proxy-only no-query no-digest front-end-https=auto sourcehash round-robin originserver name=MI11 cache_peer_access MI11 allow acl_pfa cache_peer_access MI11 deny all hierarchy_stoplist cgi-bin ? logformat combined2 %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs % _________________________________________________________________ Show them the way! Add maps and directions to your party invites. http://www.microsoft.com/windows/windowslive/products/events.aspx
