On Tue, Oct 27, 2020 at 09:30:16PM +0200, Eliezer Croitor wrote: > Hey Scott, > > Can you attach any example cookie with and without the secure value? > (replace sensitive data) > > Thanks, > Eliezer > > ---- > Eliezer Croitoru > Tech Support > Mobile: +972-5-28704261 > Email: ngtech1ltd@xxxxxxxxx > > -----Original Message----- > From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Scott > Sent: Tuesday, October 27, 2020 11:24 AM > To: squid-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Reverse proxying Exchange OWA wembail with SSL offloading - not working on IE/Chrome > > Hi, > > I've been trying to track down why, when reverse proxying Microsoft Exchange OWA (Outlook Web Access), recent versions of IE and Chrome don't get past the logon page. Upon entering a username and password the browser just goes back to the login page with no error displayed. Firefox works fine. > > It seems to be something to do with SSL offloading (when the cache peer is HTTP/80). Without SSL offloading (cache peer is HTTPS/443) everything works as expected. > > I did some debugging and noticed that the cookie sent from the server when SSL offloading is ON (squid <-> OWA is HTTP) is missing the "secure" > attribute, whereas it is present when the data is HTTPS. > > This makes perfect sense, and I'm wondering if that's the reason why some of the browsers are not working. > > Given that the browser <-> Squid traffic is HTTPS, is there a way to get squid to add the "secure" attribute to cookies? At least for testing it clarify what's going on. > > Thanks, > Scott > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > > Here are the logs (first not working, followed by working). Note this is the login attempt, not the loading of the initial page. You'll see in the NOT WORKING section that the browser does NOT return a cookie to the server, which is where the problem may be. Again, I'm not sure why - I'm thinking perhaps the browser/javascript is rejecting the cookie as it's missing the "secure" attribute (because the back-end is talking plain HTTP). As mentioned above Firefox has no issue with this. I've fired up an iCAP server but need to brush up on my Python before I can test what happens if I add the "secure" attribute. My cache peers are: cache_peer exchange.domain.com parent 80 0 proxy-only no-query no-digest front-end-https originserver login=PASSTHRU connection-auth=on connect-timeout=3600 name=peer_exchange_80 cache_peer exchange.domain.com parent 443 0 proxy-only no-query no-digest front-end-https originserver login=PASSTHRU connection-auth=on connect-timeout=3600 ssl sslflags=DONT_VERIFY_PEER name=peer_exchange_443 Logs: NOT WORKING --------- 2020/10/28 14:56:12.614 kid1| 11,2| client_side.cc(1306) parseHttpRequest: HTTP Client local=squid-external:443 remote=client-browser:22884 FD 19 flags=1 2020/10/28 14:56:12.614 kid1| 11,2| client_side.cc(1310) parseHttpRequest: HTTP Client REQUEST: --------- POST /owa/auth.owa HTTP/1.1 Host: webmail.domain.com Connection: keep-alive Content-Length: 140 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: https://webmail.domain.com Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36 Edg/86.0.622.51 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://webmail.domain.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.domain.com%2fowa Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: sm_spd_caution=0LCGM6rKJqGWF; PrivateComputer=true; PBack=0 ---------- 2020/10/28 14:56:12.627 kid1| 11,2| http.cc(2263) sendRequest: HTTP Server local=squid-internal:42139 remote=exchange:80 FD 17 flags=1 2020/10/28 14:56:12.628 kid1| 11,2| http.cc(2264) sendRequest: HTTP Server REQUEST: --------- POST /owa/auth.owa HTTP/1.1 Content-Length: 140 Upgrade-Insecure-Requests: 1 Origin: https://webmail.domain.com Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36 Edg/86.0.622.51 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://webmail.domain.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.domain.com%2fowa Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: sm_spd_caution=0LCGM6rKJqGWF; PrivateComputer=true; PBack=0 Host: webmail.domain.com Surrogate-Capability: webmail.domain.com="Surrogate/1.0" X-Forwarded-For: client-browser Cache-Control: max-age=0 Connection: keep-alive Front-End-Https: On ---------- 2020/10/28 14:56:12.748 kid1| ctx: enter level 0: 'https://webmail.domain.com/owa/auth.owa' 2020/10/28 14:56:12.748 kid1| 11,2| http.cc(719) processReplyHeader: HTTP Server local=squid-internal:42139 remote=exchange:80 FD 17 flags=1 2020/10/28 14:56:12.748 kid1| 11,2| http.cc(723) processReplyHeader: HTTP Server RESPONSE: --------- HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: https://webmail.domain.com/owa Server: Microsoft-IIS/8.5 request-id: 85e28b7c-5a4c-4e89-a740-116359551a19 X-AspNet-Version: 4.0.30319 Set-Cookie: cadata=<data>; path=/;SameSite=None; HttpOnly Set-Cookie: cadataTTL=<data>; path=/;SameSite=None; HttpOnly Set-Cookie: cadataKey=<data>; path=/;SameSite=None; HttpOnly Set-Cookie: cadataIV=<data>; path=/;SameSite=None; HttpOnly Set-Cookie: cadataSig=<data>; path=/;SameSite=None; HttpOnly X-Powered-By: ASP.NET X-FEServer: exchange Date: Wed, 28 Oct 2020 03:56:17 GMT Content-Length: 151 ---------- 2020/10/28 14:56:12.748 kid1| ctx: exit level 0 2020/10/28 14:56:12.748 kid1| 11,2| Stream.cc(266) sendStartOfMessage: HTTP Client local=squid-external:443 remote=client-browser:22884 FD 19 flags=1 2020/10/28 14:56:12.748 kid1| 11,2| Stream.cc(267) sendStartOfMessage: HTTP Client REPLY: --------- HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: https://webmail.domain.com/owa Server: Microsoft-IIS/8.5 request-id: 85e28b7c-5a4c-4e89-a740-116359551a19 X-AspNet-Version: 4.0.30319 Set-Cookie: cadata=<data>; path=/;SameSite=None; HttpOnly Set-Cookie: cadataTTL=<data>; path=/;SameSite=None; HttpOnly Set-Cookie: cadataKey=<data>; path=/;SameSite=None; HttpOnly Set-Cookie: cadataIV=<data>; path=/;SameSite=None; HttpOnly Set-Cookie: cadataSig=<data>; path=/;SameSite=None; HttpOnly X-Powered-By: ASP.NET X-FEServer: exchange Date: Wed, 28 Oct 2020 03:56:17 GMT Content-Length: 151 X-Cache: MISS from webmail.domain.com X-Cache-Lookup: MISS from webmail.domain.com:443 Connection: keep-alive ---------- 2020/10/28 14:56:12.838 kid1| 11,2| client_side.cc(1306) parseHttpRequest: HTTP Client local=squid-external:443 remote=client-browser:22884 FD 19 flags=1 2020/10/28 14:56:12.838 kid1| 11,2| client_side.cc(1310) parseHttpRequest: HTTP Client REQUEST: --------- GET /owa HTTP/1.1 Host: webmail.domain.com Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36 Edg/86.0.622.51 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://webmail.domain.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.domain.com%2fowa Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: sm_spd_caution=0LCGM6rKJqGWF; PrivateComputer=true; PBack=0 ---------- 2020/10/28 14:56:12.838 kid1| 11,2| http.cc(2263) sendRequest: HTTP Server local=squid-internal:42139 remote=exchange:80 FD 17 flags=1 2020/10/28 14:56:12.838 kid1| 11,2| http.cc(2264) sendRequest: HTTP Server REQUEST: --------- GET /owa HTTP/1.1 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36 Edg/86.0.622.51 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://webmail.domain.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.domain.com%2fowa Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: sm_spd_caution=0LCGM6rKJqGWF; PrivateComputer=true; PBack=0 Host: webmail.domain.com Surrogate-Capability: webmail.domain.com="Surrogate/1.0" X-Forwarded-For: client-browser Cache-Control: max-age=0 Connection: keep-alive Front-End-Https: On ---------- 2020/10/28 14:56:12.847 kid1| ctx: enter level 0: 'https://webmail.domain.com/owa' 2020/10/28 14:56:12.847 kid1| 11,2| http.cc(719) processReplyHeader: HTTP Server local=squid-internal:42139 remote=exchange:80 FD 17 flags=1 2020/10/28 14:56:12.847 kid1| 11,2| http.cc(723) processReplyHeader: HTTP Server RESPONSE: --------- HTTP/1.1 302 Found Content-Type: text/html; charset=utf-8 Location: https://webmail.domain.com/owa/auth/logon.aspx?url=https%3a%2f%2fwebmail.domain.com%2fowa&reason=0 Server: Microsoft-IIS/8.5 request-id: 8c3318c8-2eee-40bf-bfe0-dd94b20a5197 X-Powered-By: ASP.NET X-FEServer: exchange Date: Wed, 28 Oct 2020 03:56:17 GMT Content-Length: 227 ---------- 2020/10/28 14:56:12.848 kid1| ctx: exit level 0 2020/10/28 14:56:12.848 kid1| 11,2| Stream.cc(266) sendStartOfMessage: HTTP Client local=squid-external:443 remote=client-browser:22884 FD 19 flags=1 2020/10/28 14:56:12.848 kid1| 11,2| Stream.cc(267) sendStartOfMessage: HTTP Client REPLY: --------- HTTP/1.1 302 Found Content-Type: text/html; charset=utf-8 Location: https://webmail.domain.com/owa/auth/logon.aspx?url=https%3a%2f%2fwebmail.domain.com%2fowa&reason=0 Server: Microsoft-IIS/8.5 request-id: 8c3318c8-2eee-40bf-bfe0-dd94b20a5197 X-Powered-By: ASP.NET X-FEServer: exchange Date: Wed, 28 Oct 2020 03:56:17 GMT Content-Length: 227 X-Cache: MISS from webmail.domain.com X-Cache-Lookup: MISS from webmail.domain.com:443 Connection: keep-alive ---------- 2020/10/28 14:56:12.861 kid1| 11,2| client_side.cc(1306) parseHttpRequest: HTTP Client local=squid-external:443 remote=client-browser:22884 FD 19 flags=1 2020/10/28 14:56:12.861 kid1| 11,2| client_side.cc(1310) parseHttpRequest: HTTP Client REQUEST: --------- GET /owa/auth/logon.aspx?url=https%3a%2f%2fwebmail.domain.com%2fowa&reason=0 HTTP/1.1 Host: webmail.domain.com Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36 Edg/86.0.622.51 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://webmail.domain.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.domain.com%2fowa Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: cookieTest=1; logondata=acc=0&lgn=user; sm_spd_caution=0LCGM6rKJqGWF; PrivateComputer=true; PBack=0 ---------- 2020/10/28 14:56:12.862 kid1| 11,2| http.cc(2263) sendRequest: HTTP Server local=squid-internal:42139 remote=exchange:80 FD 17 flags=1 2020/10/28 14:56:12.862 kid1| 11,2| http.cc(2264) sendRequest: HTTP Server REQUEST: --------- GET /owa/auth/logon.aspx?url=https%3a%2f%2fwebmail.domain.com%2fowa&reason=0 HTTP/1.1 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36 Edg/86.0.622.51 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://webmail.domain.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.domain.com%2fowa Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: cookieTest=1; logondata=acc=0&lgn=user; sm_spd_caution=0LCGM6rKJqGWF; PrivateComputer=true; PBack=0 Host: webmail.domain.com Surrogate-Capability: webmail.domain.com="Surrogate/1.0" X-Forwarded-For: client-browser Cache-Control: max-age=0 Connection: keep-alive Front-End-Https: On ---------- 2020/10/28 14:56:12.873 kid1| ctx: enter level 0: 'https://webmail.domain.com/owa/auth/logon.aspx?url=https%3a%2f%2fwebmail.domain.com%2fowa&reason=0' 2020/10/28 14:56:12.873 kid1| 11,2| http.cc(719) processReplyHeader: HTTP Server local=squid-internal:42139 remote=exchange:80 FD 17 flags=1 2020/10/28 14:56:12.874 kid1| 11,2| http.cc(723) processReplyHeader: HTTP Server RESPONSE: --------- HTTP/1.1 200 OK Cache-Control: no-cache, no-store Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Server: Microsoft-IIS/8.5 request-id: 076d002d-4d66-4bc7-93d2-0109bbb67892 X-Frame-Options: SAMEORIGIN X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Wed, 28 Oct 2020 03:56:17 GMT Content-Length: 27968 ---------- 2020/10/28 14:56:12.874 kid1| ctx: exit level 0 2020/10/28 14:56:12.874 kid1| 11,2| Stream.cc(266) sendStartOfMessage: HTTP Client local=squid-external:443 remote=client-browser:22884 FD 19 flags=1 2020/10/28 14:56:12.874 kid1| 11,2| Stream.cc(267) sendStartOfMessage: HTTP Client REPLY: --------- HTTP/1.1 200 OK Cache-Control: no-cache, no-store Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Server: Microsoft-IIS/8.5 request-id: 076d002d-4d66-4bc7-93d2-0109bbb67892 X-Frame-Options: SAMEORIGIN X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Wed, 28 Oct 2020 03:56:17 GMT Content-Length: 27968 X-Cache: MISS from webmail.domain.com X-Cache-Lookup: MISS from webmail.domain.com:443 Connection: keep-alive ---------- 2020/10/28 14:56:12.943 kid1| 11,2| client_side.cc(1306) parseHttpRequest: HTTP Client local=squid-external:443 remote=client-browser:22884 FD 19 flags=1 2020/10/28 14:56:12.943 kid1| 11,2| client_side.cc(1310) parseHttpRequest: HTTP Client REQUEST: --------- GET /owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.domain.com%2fowa HTTP/1.1 Host: webmail.domain.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36 Edg/86.0.622.51 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://webmail.domain.com/owa/auth/logon.aspx?url=https%3a%2f%2fwebmail.domain.com%2fowa&reason=0 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: cookieTest=1; logondata=acc=0&lgn=user; sm_spd_caution=0LCGM6rKJqGWF; PrivateComputer=true; PBack=0 ---------- 2020/10/28 14:56:12.944 kid1| 11,2| http.cc(2263) sendRequest: HTTP Server local=squid-internal:42139 remote=exchange:80 FD 17 flags=1 2020/10/28 14:56:12.944 kid1| 11,2| http.cc(2264) sendRequest: HTTP Server REQUEST: --------- GET /owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.domain.com%2fowa HTTP/1.1 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36 Edg/86.0.622.51 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://webmail.domain.com/owa/auth/logon.aspx?url=https%3a%2f%2fwebmail.domain.com%2fowa&reason=0 Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: cookieTest=1; logondata=acc=0&lgn=user; sm_spd_caution=0LCGM6rKJqGWF; PrivateComputer=true; PBack=0 Host: webmail.domain.com Surrogate-Capability: webmail.domain.com="Surrogate/1.0" X-Forwarded-For: client-browser Cache-Control: max-age=259200 Connection: keep-alive Front-End-Https: On ---------- 2020/10/28 14:56:12.955 kid1| ctx: enter level 0: 'https://webmail.domain.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.domain.com%2fowa' 2020/10/28 14:56:12.955 kid1| 11,2| http.cc(719) processReplyHeader: HTTP Server local=squid-internal:42139 remote=exchange:80 FD 17 flags=1 2020/10/28 14:56:12.955 kid1| 11,2| http.cc(723) processReplyHeader: HTTP Server RESPONSE: --------- HTTP/1.1 200 OK Cache-Control: no-cache, no-store Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Server: Microsoft-IIS/8.5 request-id: 5b1807dd-0007-4d1e-8f5c-c6daf4d9dfa8 X-Frame-Options: SAMEORIGIN X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Wed, 28 Oct 2020 03:56:17 GMT Content-Length: 58778 ---------- 2020/10/28 14:56:12.955 kid1| ctx: exit level 0 2020/10/28 14:56:12.956 kid1| 11,2| Stream.cc(266) sendStartOfMessage: HTTP Client local=squid-external:443 remote=client-browser:22884 FD 19 flags=1 2020/10/28 14:56:12.956 kid1| 11,2| Stream.cc(267) sendStartOfMessage: HTTP Client REPLY: --------- HTTP/1.1 200 OK Cache-Control: no-cache, no-store Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Server: Microsoft-IIS/8.5 request-id: 5b1807dd-0007-4d1e-8f5c-c6daf4d9dfa8 X-Frame-Options: SAMEORIGIN X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Wed, 28 Oct 2020 03:56:17 GMT Content-Length: 58778 X-Cache: MISS from webmail.domain.com X-Cache-Lookup: MISS from webmail.domain.com:443 Connection: keep-alive WORKING ---------- 2020/10/28 12:01:23.527 kid1| 11,2| client_side.cc(1306) parseHttpRequest: HTTP Client local=squid-external:443 remote=client-browser:2600 FD 24 flags=1 2020/10/28 12:01:23.527 kid1| 11,2| client_side.cc(1310) parseHttpRequest: HTTP Client REQUEST: --------- POST /owa/auth.owa HTTP/1.1 Host: webmail.domain.com Connection: keep-alive Content-Length: 143 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: https://webmail.domain.com Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36 Edg/86.0.622.51 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://webmail.domain.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.domain.com%2fowa%2f Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: sm_spd_caution=qPZGM6JTJHMDM; PrivateComputer=true; PBack=0 ---------- 2020/10/28 12:01:23.549 kid1| 11,2| http.cc(2263) sendRequest: HTTP Server local=squid-internal:62597 remote=exchange:443 FD 30 flags=1 2020/10/28 12:01:23.549 kid1| 11,2| http.cc(2264) sendRequest: HTTP Server REQUEST: --------- POST /owa/auth.owa HTTP/1.1 Content-Length: 143 Upgrade-Insecure-Requests: 1 Origin: https://webmail.domain.com Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36 Edg/86.0.622.51 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://webmail.domain.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.domain.com%2fowa%2f Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: sm_spd_caution=qPZGM6JTJHMDM; PrivateComputer=true; PBack=0 Host: webmail.domain.com Surrogate-Capability: webmail.domain.com="Surrogate/1.0" X-Forwarded-For: client-browser Cache-Control: max-age=0 Connection: keep-alive Front-End-Https: On ---------- 2020/10/28 12:01:23.649 kid1| ctx: enter level 0: 'https://webmail.domain.com/owa/auth.owa' 2020/10/28 12:01:23.649 kid1| 11,2| http.cc(719) processReplyHeader: HTTP Server local=squid-internal:62597 remote=exchange:443 FD 30 flags=1 2020/10/28 12:01:23.650 kid1| 11,2| http.cc(723) processReplyHeader: HTTP Server RESPONSE: --------- HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: https://webmail.domain.com/owa/ Server: Microsoft-IIS/8.5 request-id: 320cfc6b-e678-480e-8fa9-87126ee679d4 X-AspNet-Version: 4.0.30319 Set-Cookie: cadata=<data>; path=/;SameSite=None; secure; HttpOnly Set-Cookie: cadataTTL=<data>; path=/;SameSite=None; secure; HttpOnly Set-Cookie: cadataKey=<data>; path=/;SameSite=None; secure; HttpOnly Set-Cookie: cadataIV=<data>; path=/;SameSite=None; secure; HttpOnly Set-Cookie: cadataSig=<data>; path=/;SameSite=None; secure; HttpOnly X-Powered-By: ASP.NET X-FEServer: exchange Date: Wed, 28 Oct 2020 01:01:28 GMT Content-Length: 152 ---------- 2020/10/28 12:01:23.651 kid1| ctx: exit level 0 2020/10/28 12:01:23.651 kid1| 11,2| Stream.cc(266) sendStartOfMessage: HTTP Client local=squid-external:443 remote=client-browser:2600 FD 24 flags=1 2020/10/28 12:01:23.651 kid1| 11,2| Stream.cc(267) sendStartOfMessage: HTTP Client REPLY: --------- HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: https://webmail.domain.com/owa/ Server: Microsoft-IIS/8.5 request-id: 320cfc6b-e678-480e-8fa9-87126ee679d4 X-AspNet-Version: 4.0.30319 Set-Cookie: cadata=<data>; path=/;SameSite=None; secure; HttpOnly Set-Cookie: cadataTTL=<data>; path=/;SameSite=None; secure; HttpOnly Set-Cookie: cadataKey=<data>; path=/;SameSite=None; secure; HttpOnly Set-Cookie: cadataIV=<data>; path=/;SameSite=None; secure; HttpOnly Set-Cookie: cadataSig=<data>; path=/;SameSite=None; secure; HttpOnly X-Powered-By: ASP.NET X-FEServer: exchange Date: Wed, 28 Oct 2020 01:01:28 GMT Content-Length: 152 X-Cache: MISS from webmail.domain.com X-Cache-Lookup: MISS from webmail.domain.com:443 Connection: keep-alive ---------- 2020/10/28 12:01:23.750 kid1| 11,2| client_side.cc(1306) parseHttpRequest: HTTP Client local=squid-external:443 remote=client-browser:2600 FD 24 flags=1 2020/10/28 12:01:23.750 kid1| 11,2| client_side.cc(1310) parseHttpRequest: HTTP Client REQUEST: --------- GET /owa/ HTTP/1.1 Host: webmail.domain.com Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36 Edg/86.0.622.51 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://webmail.domain.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.domain.com%2fowa%2f Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: sm_spd_caution=qPZGM6JTJHMDM; PrivateComputer=true; PBack=0; cadata=<data>; cadataTTL=<data>; cadataKey=<data>; cadataIV=<data>; cadataSig=<data> ---------- 2020/10/28 12:01:23.751 kid1| 11,2| http.cc(2263) sendRequest: HTTP Server local=squid-internal:62597 remote=exchange:443 FD 30 flags=1 2020/10/28 12:01:23.751 kid1| 11,2| http.cc(2264) sendRequest: HTTP Server REQUEST: --------- GET /owa/ HTTP/1.1 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36 Edg/86.0.622.51 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://webmail.domain.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.domain.com%2fowa%2f Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: sm_spd_caution=qPZGM6JTJHMDM; PrivateComputer=true; PBack=0; cadata=<data>; cadataTTL=<data>; cadataKey=<data>; cadataIV=<data>; cadataSig=<data> Host: webmail.domain.com Surrogate-Capability: webmail.domain.com="Surrogate/1.0" X-Forwarded-For: client-browser Cache-Control: max-age=0 Connection: keep-alive Front-End-Https: On ---------- 2020/10/28 12:01:23.896 kid1| ctx: enter level 0: 'https://webmail.domain.com/owa/' 2020/10/28 12:01:23.896 kid1| 11,2| http.cc(719) processReplyHeader: HTTP Server local=squid-internal:62597 remote=exchange:443 FD 30 flags=1 2020/10/28 12:01:23.896 kid1| 11,2| http.cc(723) processReplyHeader: HTTP Server RESPONSE: --------- HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 Expires: -1 Server: Microsoft-IIS/8.5 request-id: ea651da4-e232-4990-995e-72e015c573fb X-CalculatedBETarget: exchange.domain.com X-Content-Type-Options: nosniff X-OWA-Version: 15.1.1979.3 X-OWA-OWSVersion: V2017_08_18 X-OWA-MinimumSupportedOWSVersion: V2_6 X-Frame-Options: SAMEORIGIN X-OWA-DiagnosticsInfo: 46;15;7 X-BackEnd-Begin: 2020-10-28T12:01:28.905 X-BackEnd-End: 2020-10-28T12:01:28.952 X-DiagInfo: exchange X-BEServer: exchange X-UA-Compatible: IE=EmulateIE7 X-AspNet-Version: 4.0.30319 Set-Cookie: ClientId=567C1AE2155A441B9B9135F021DE8E49; expires=Thu, 28-Oct-2021 01:01:28 GMT; path=/; secure Set-Cookie: UC=5caf337600204e1aa6add4af567d64ba; path=/; secure; HttpOnly Set-Cookie: X-OWA-CANARY=ALo_AnoqYkOZD3FVdSCHPoDMmQDdetgI1eFx8F31UnwyEefwAxmPCeDfu7qodXti7-KYJeZb_Ts.; path=/; secure Set-Cookie: X-BackEndCookie=<data>; expires=Fri, 27-Nov-2020 01:01:28 GMT; path=/owa; secure; HttpOnly X-Powered-By: ASP.NET X-FEServer: exchange Date: Wed, 28 Oct 2020 01:01:28 GMT ---------- 2020/10/28 12:01:23.897 kid1| ctx: exit level 0 2020/10/28 12:01:23.897 kid1| 11,2| Stream.cc(266) sendStartOfMessage: HTTP Client local=squid-external:443 remote=client-browser:2600 FD 24 flags=1 2020/10/28 12:01:23.897 kid1| 11,2| Stream.cc(267) sendStartOfMessage: HTTP Client REPLY: --------- HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Server: Microsoft-IIS/8.5 request-id: ea651da4-e232-4990-995e-72e015c573fb X-CalculatedBETarget: exchange.domain.com X-Content-Type-Options: nosniff X-OWA-Version: 15.1.1979.3 X-OWA-OWSVersion: V2017_08_18 X-OWA-MinimumSupportedOWSVersion: V2_6 X-Frame-Options: SAMEORIGIN X-OWA-DiagnosticsInfo: 46;15;7 X-BackEnd-Begin: 2020-10-28T12:01:28.905 X-BackEnd-End: 2020-10-28T12:01:28.952 X-DiagInfo: exchange X-BEServer: exchange X-UA-Compatible: IE=EmulateIE7 X-AspNet-Version: 4.0.30319 Set-Cookie: ClientId=567C1AE2155A441B9B9135F021DE8E49; expires=Thu, 28-Oct-2021 01:01:28 GMT; path=/; secure Set-Cookie: UC=5caf337600204e1aa6add4af567d64ba; path=/; secure; HttpOnly Set-Cookie: X-OWA-CANARY=ALo_AnoqYkOZD3FVdSCHPoDMmQDdetgI1eFx8F31UnwyEefwAxmPCeDfu7qodXti7-KYJeZb_Ts.; path=/; secure Set-Cookie: X-BackEndCookie=<data>; expires=Fri, 27-Nov-2020 01:01:28 GMT; path=/owa; secure; HttpOnly X-Powered-By: ASP.NET X-FEServer: exchange Date: Wed, 28 Oct 2020 01:01:28 GMT X-Cache: MISS from webmail.domain.com X-Cache-Lookup: MISS from webmail.domain.com:443 Transfer-Encoding: chunked Connection: keep-alive _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
