Search squid archive

Re: EXCHANGE - RPC over HTTPS not handled?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 06/10/11 23:12, Nicola Bucci wrote:

Thanks for the quick reply, OWA works fine for me... is RPC the problem. Anyway, here is my squid.conf:

acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl EXCH dstdomain .gmde.it
acl SSL_ports port 443          # https
acl SSL_ports port 563          # snews
acl SSL_ports port 873          # rsync
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 631         # cups
acl Safe_ports port 873         # rsync
acl Safe_ports port 901         # SWAT
acl purge method PURGE
acl CONNECT method CONNECT


http_access allow SSL_ports

ssl_unclean_shutdown on

#Allow ICP queries from local networks only

icp_access allow all all

#http_port 3128

###LISTEN ON ###
https_port 443 cert=/etc/squid3/exchange.pem key=/etc/squid3/nopassexchange.key defaultsite=gmdeag3.gmde.it

###CACHE PEER###
#cache_peer 10.0.0.3 parent 443 0 no-query proxy-only connection-auth=on originserver front-end-https=on login=PASS  ssl sslflags=DONT_VERIFY_PEER sslcert=/etc/squid3/exchange.pem sslkey=/etc/squid3/nopassexchange.key
#cache_peer 10.0.0.3 parent 443 0 no-query originserver login=PASS  ssl  sslcert=/etc/squid/exchange.pem sslkey=/etc/squid/nopassexchange.key
cache_peer 10.0.0.3 parent 443 0 connection-auth=off ssl sslflags=DONT_VERIFY_PEER sslcert=/etc/squid3/exchange.pem sslkey=/etc/squid3/nopassexchange.key proxy-only no-query no-digest front-end-https=on sourcehash round-robin originserver login=PASS name=exchangeServer


#We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?

access_log /var/log/squid3/access.log squid

cache_effective_user proxy
cache_effective_group root
never_direct allow all all
miss_access allow EXCH
miss_access deny all
cache_peer_access exchangeServer allow EXCH
cache_peer_access exchangeServer deny all
never_direct allow EXCH


and "squid3 -v":

configure options:  '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' '--srcdir=.' '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3' '--mandir=/usr/share/man' '--with-cppunit-basedir=/usr' '--enable-ssl' '--enable-inline' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-underscores' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth=basic,digest,ntlm,negotiate' '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam,squid_radius_auth,multi-domain-NTLM' '--enable-ntlm-auth-helpers=smb_lm,' '--enable-digest-auth-helpers=ldap,password' '--enable-negotiate-auth-helpers=squid_kerb_

auth' '--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group' '--enable-arp-acl' '--enable-esi' '--disable-translation' '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -g -Wall -O2' 'LDFLAGS=' 'CPPFLAGS=' 'CXXFLAGS=-g -O2 -g -Wall -O2' --with-squid=/usr/src/squid3-3.1.6



Is there something wrong i'm doing?
Maybe. The more recent Squid require mode to be configured explicitly after the port. Or it defaults to forward-proxy. 

  https_port 443 accel cert=...

I think that was done after .6 but its worth doing anyway just to be ready.


Or simply squid don't handle RPC over HTTP with exchange? My goal will be to use squid instead other commercial products. Obviously :)
Thanks

On 6Oct, 2011, at 12:06 PM, Jakob Curdes wrote:


Am 06.10.2011 11:58, schrieb Nicola Bucci:

Hi all,
i'm trying to publish exchange web services on the web trough squid 3.1 on Debian. From my mac it works fine (mail and outlook for mac, OWA is working fine too) but from windows machines outlook asks me every time for the authentication credentials. The reason is because it use on mac a normal web service (hos/EWS/exchange.asmx), but from windows, outlook uses RPC over HTTP (in my case HTTPS). Suggestions?

http://wiki.squid-cache.org/ConfigExamples/Reverse/OutlookWebAccess ?



Some other possibilities:
some of the recent MS products (ActiveSync and AD 2010 being the most noticable) don't handle talking through squid-3.1 very well due to its being HTTP/1.0 on the client-facing side and HTTP/1.1 on the server-facing side. They prefer same HTTP version facing both server and client across the link, so squid-3.2 is needed as the relay for reliable transactions. 3.2.0.8 seems to be the most production-usable so far of the 3.2 betas if you want to try it. 


Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.15
  Beta testers wanted for 3.2.0.12
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux