With using 3.1.18 now and login=PASS instead and added connection-auth=on, both in cache_peer, Active Sync can be used now. cache_peer 192.168.100.24 parent 443 0 \ ssl sslflags=DONT_VERIFY_PEER \ sslcert=/etc/ssl/certs/webmail.domain.com.pem sslkey=/etc/ssl/certs/webmail.domain.com.pem \ proxy-only no-query no-digest front-end-https=on sourcehash round-robin originserver \ login=PASS connection-auth=on name=exchange forceddomain=webmail.domain.com I'll reply again in a few days, if this configuration is stable... > -----Original Message----- > From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] > Sent: Thursday, January 19, 2012 11:13 AM > To: squid-users@xxxxxxxxxxxxxxx > Subject: Re: Problems with Active Sync over > squid with basic auth. Any successful config for Active Sync > and Outlook Anywhere on Exchange 2010 replacing an ISA server? > > 401 status means the header not being accepted is the > "Authorization:" > header. > > Connection is unchanged from what was passed to Squid, just > re-positioned. > > Surrogate-Capability is a bit new yes, but HTTP requires ignoring > unsupported headers. IIS would be incapable of performing > regular HTTP > traffic if it were that sensitive to unknown headers coming from > clients. Weird stuff is the norm rather than the exception in HTTP. > > > To debug further you can try opening a connection to IIS with > telnet and > send variations of those headers to it cut-n-paste style. Or use the > squidclient tool to tailor the request particulars. > > > Amos > >
