Is anyone using squid successful as reverse proxy for Outlook Anywhere (RPC over https) and Active Sync for an Exchange 2010? Trying to use squid 3.2.0.13 to replace an ISA server forwarding RPC over https for Outlook Anywhere and Active Sync for Outlook mobile devices like Android and iPhone I had some success but problems with some Active Sync clients are still a show stopper. RPC over https works fine with that squid version. The problem is the very first http OPTIONS request for Active Sync which is using http Basic Authentication from an Android with TouchDown as client app. The cache.log shows the following request and response: Mobile sending: OPTIONS /Microsoft-Server-ActiveSync HTTP/1.1 User-Agent: TouchDown(MSRPC)/7.1.00012/ TD-Info: com.nitrodesk.droid20.nitroid/7.1.00012/NON-PCF/ Connection: keep-alive X-MS-PolicyKey: 0 MS-ASProtocolVersion: 2.5 Authorization: Basic dGVxxxxxxxxxxxxxxxxxx== Content-Length: 0 Host: webmail.domain.com Squid sending to IIS (Basic dGV... ist the same as above): OPTIONS /Microsoft-Server-ActiveSync HTTP/1.1 User-Agent: TouchDown(MSRPC)/7.1.00012/ TD-Info: com.nitrodesk.droid20.nitroid/7.1.00012/NON-PCF/ X-MS-PolicyKey: 0 MS-ASProtocolVersion: 2.5 Authorization: Basic dGVxxxxxxxxxxxxxxxxxxx== Content-Length: 0 Host: webmail.domain.com Surrogate-Capability: webmail.domain.com="Surrogate/1.0" Cache-Control: max-age=259200 Connection: keep-alive IIS responding: HTTP/1.1 401 Unauthorized Content-Type: text/html Server: Microsoft-IIS/7.5 WWW-Authenticate: Basic realm="webmail.domain.com" X-Powered-By: ASP.NET Date: Wed, 18 Jan 2012 14:38:32 GMT Content-Length: 1344 There the connection is closed by the client. Maybe the headers added by squid are not accepted by IIS? Is there any parameter to disable adding Surrogate-Capability, Cache-Control and Connection to the forwarded request? /opt/squid32/sbin/squid -v Squid Cache: Version 3.2.0.13 configure options: '--prefix=/opt/squid32' '--enable-ssl' squid.conf: cache_effective_user squidext cache_effective_group squidext pid_filename /var/run/squidext.pid acl srcall src all acl EXCH dstdomain webmail.domain.com ssl_unclean_shutdown on httpd_suppress_version_string on cache_mgr noemailaddress visible_hostname webmail.domain.com # Internet connector https_port 172.17.200.25:443 accel cert=/etc/ssl/certs/webmail.domain.com.pem \ key=/etc/ssl/certs/webmail.domain.com.pem defaultsite=webmail.domain.com # destination server (IIS for Exchange) cache_peer 192.168.100.24 parent 443 0 \ ssl sslflags=DONT_VERIFY_PEER \ sslcert=/etc/ssl/certs/webmail.domain.com.pem sslkey=/etc/ssl/certs/webmail.domain.com.pem \ proxy-only no-query no-digest front-end-https=on sourcehash round-robin originserver \ login=PASSTHRU name=exchange forceddomain=webmail.domain.com debug_options ALL,2 logformat combined %>a %[ui %[un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh access_log stdio:/var/log/squidext/access.log combined cache_log /var/log/squidext/cache.log never_direct allow EXCH http_access allow EXCH http_access deny srcall cache_peer_access exchange allow EXCH cache_peer_access exchange deny srcall via off forwarded_for transparent #eof