RE: [squid-users] OWA, SSL and HTTP Status 500/501

It is your server which requires authentication.

If your Squid is set up to require authentication then both the Squid
reverse proxy and the server must use the same authentication, and you
must be using Basic HTTP authentication on both. In addition the Squid
reverse proxy must be configured to forward the login information (login
option in the cache_peer directive).

NTLM can not be used via reverse proxies. It does not matter if the
backend connection is over SSL or not.

You can only use NTLM if you tunnel the SSL port directly to the OWA
server using a tcp forwarder or NAT, not using a proxy.

Regards
Henrik

On Wed, 14 Jan 2004, Derek Winkler wrote:

> Adding originserver to cache_peer got me past the 501 errors, but now I
> can't get past the authentication dialogue.
>
> Not sure if it is basic or NTLM.
>
> Here's the entry from my access.log
>
> 1074116953.543 19 10.1.10.103 TCP_MISS/401 347 GET
> https://torxm.algorithmics.com/exchange/LogonFrm.asp? -
> FIRST_UP_PARENT/torxm.algorithmics.com text/html
>
> I thought it should work as Basic or NTLM if I was using SSL?
>
> Thanks,
>
> Derek
>
> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@squid-cache.org]
> Sent: Wednesday, January 14, 2004 4:31 PM
> To: Derek Winkler
> Cc: 'Henrik Nordstrom'
> Subject: RE: [squid-users] OWA, SSL and HTTP Status 500/501
>
>
> Hmm.. did you remember to declare the OWA server as an originserver class
> peer?
>
> Regards
> Henrik
>
> On Wed, 14 Jan 2004, Derek Winkler wrote:
>
> > Sorry replying off-list, my Exchange server keeps converting emails to
> HTML
> > and the list refuses them.
> >
> > I'm going to the same URL, https://torxm.algorithmics.com/dwinkler.htm
> > without squid and it works, same browser and everything.
> >
> > -----Original Message-----
> > From: Henrik Nordstrom [mailto:hno@squid-cache.org]
> > Sent: Wednesday, January 14, 2004 1:39 PM
> > To: Derek Winkler
> > Cc: squid-users@squid-cache.org
> > Subject: Re: [squid-users] OWA, SSL and HTTP Status 500/501
> >
> >
> > On Wed, 14 Jan 2004, Derek Winkler wrote:
> >
> > > http_access allow all-dst
> > > http_reply_access allow all
> > > http_reply_access allow all-dst
> > >
> > > Here's my access.log:
> > > 1074094727.641 4383 10.1.10.103 TCP_MISS/501 368 GET
> > https://torxm.algorithmics.com/dwinkler.htm -
> > ANY_PARENT/torxm.algorithmics.com text/html
> > >
> > > Why do I get the 501 error?
> >
> > Good question. The 501 error is given by your OWA server and indicates
> > "Method not implemented".
> >
> > > If I try to retrieve the page without squid it works.
> >
> > What URL are you accessing without Squid?
> >
> > Regards
> > Henrik
> >
>
Received on Wed Jan 14 2004 - 15:10:46 MST