Re: [squid-users] Squid Reverse Proxy w/ SSL and IIS Server - Auth problems from Garry on 2008-07-01 (squid-users)

From: Garry <gkg_at_gmx.de>
Date: Tue, 01 Jul 2008 14:40:30 +0200

Amos Jeffries wrote:
> Garry wrote:
>> Hi,
>>
>> we have a problem with a (it would originally seem) rather simple
>> setup ...
>>
>> A server is running 2.6.(20), multiple SSL certs take care of
>> incoming connections on different ports for multiple servers. Servers
>> are then referenced through a local redirect which replaces the
>> original names sent to Squid with the internal HTTP addresses and
>> ports. So far, everything works fine.
>>
>> Anyway, the problem begins with the authentication. While the auth
>> works fine for anything like IE, Firefox, Opera and the likes on
>> regular PCs, authentication itself works when someone connects using
>> a mobile client (Windows Mobile), but as soon as not a get but a post
>> is issued accessing any forms on the IIS app, the user auth isn't
>> sent anymore, so all I get is the 401 ...
>>
>> I think I've read something on the net sometime somewhere, where a
>> patch/change in the source would be required to correctly hand
>> through auth requests from that crappy IIS ... but after many google
>> searches, I just can't seem to find anything sufficient ...
>>
>> Any help appreciated ...
>
> Add "login=PASS" (exact text) to the cache_peer lines which redirect
> traffic to IIS.
I do not have any active cache_peer lines ... could that be the problem?
Squid operates solely as reverse proxy/accelerator, with many lines like
these:

http_port some.ip.address:80 accel defaultsite=www.doma.in
https_port some.ip.address:443 cert=/etc/ssl/... key=/etc/ssl/... accel
defaultsite=www.doma.in

and:

url_rewrite_program /usr/bin/redirect.pl

with redirect.pl rebuilding the destination URLs ... (from e.g.
https://www.doma.in/... into http://192.168.99.11/ )

As mentioned, the current setup works fine unless you use that crappy
Win Mobile w/ Mobile IE (or whatever is on them things). I'm waiting for
answer on whether Opera would work ...

One more thing: Querying the http version will work with the same mobile
devices! Even though I see the same 401 messages, but followed with
correct queries ...

-gg
Received on Tue Jul 01 2008 - 12:41:07 MDT

This archive was generated by hypermail 2.2.0 : Tue Jul 01 2008 - 12:00:05 MDT