[squid-users] [suiqd-2.7STABLE6-1]Problem RPC via HTTPS‏ from hdyugoplastika hdyugoplastika on 2009-08-10 (squid-users)

From: hdyugoplastika hdyugoplastika <hdyugoplastika_at_hotmail.com>
Date: Mon, 10 Aug 2009 08:02:52 -0400

Hi at all
I have a problem with authentication RPC over HTTPS with
squid-2.7STABLE6-1 (rpm downloaded from squid-cache.org).
I have squid server(version 2.5STABLE14-1 + owa patch) where RPC over HTTPS
authetication works fine. With both version now problem via OWA.
These are the log:

access.log
10.223.0.71 - - [10/Aug/2009:11:03:56 +0200] "RPC_IN_DATA https://webmail.XXXxxxxx.it/rpc/rpcproxy.dll?EXPROMO1.nf.xxxxxXXX.it:6002 HTTP/1.1" 401 509 TCP_MISS:SOURCEHASH_PARENT
10.223.0.71 - - [10/Aug/2009:11:03:56 +0200] "RPC_OUT_DATA https://webmail.XXXxxxxx.it/rpc/rpcproxy.dll?EXPROMO1.nf.xxxxxXXX.it:6002 HTTP/1.1" 401 509 TCP_MISS:SOURCEHASH_PARENT

cache.log(I insert just, for me, rilevant)
2009/08/10 11:03:52| httpAppendBody: Request not yet fully sent "RPC_IN_DATA
https://webmail.XXXxxxxx.it/rpc/rpcproxy.dll?EXPROMO1.nf.xxxxxXXX.it:6002"
2009/08/10 11:03:52| fwdComplete:
https://webmail.XXXxxxxx.it/rpc/rpcproxy.dll?EXPROMO1.nf.xxxxxXXX.it:6002
2009/08/10 11:03:52| fwdReforward:
https://webmail.XXXxxxxx.it/rpc/rpcproxy.dll?EXPROMO1.nf.xxxxxXXX.it:6002?
2009/08/10 11:03:52| fwdReforward: No, ENTRY_FWD_HDR_WAIT isn't set
2009/08/10 11:03:52| fwdComplete: not re-forwarding status 401

and useful(?) exchange log:
2009-08-10 09:00:07 W3SVC1 MI1EXPROM1 10.223.247.61 GET
/exchweb/bin/auth/owalogon.asp
url=https://webmail.XXXxxxxx.it/exchange/&reason=0 443 - 192.168.21.245
HTTP/1.1 libwww-perl/5.823 - - webmail.XXXxxxxx.it 200 0 0 9070 205 0
2009-08-10 09:00:38 W3SVC1 MI1EXPROM1 10.223.247.61 RPC_OUT_DATA
/rpc/rpcproxy.dll EXPROMO1.nf.xxxxxXXX.it:6002 443 - 10.223.247.201 HTTP/1.0
MSRPC - - webmail.XXXxxxxx.it 401 2 2148074254 375 451 46
2009-08-10 09:00:38 W3SVC1 MI1EXPROM1 10.223.247.61 RPC_IN_DATA
/rpc/rpcproxy.dll EXPROMO1.nf.xxxxxXXX.it:6002 443 - 10.223.247.201 HTTP/1.0
MSRPC - - webmail.XXXxxxxx.it 401 2 2148074254 375 448 124
2009-08-10 09:02:08 W3SVC1 MI1EXPROM1 10.223.247.61 GET
/exchweb/bin/auth/owalogon.asp
url=https://webmail.XXXxxxxx.it/exchange/&reason=0 443 - 192.168.21.245
HTTP/1.1 libwww-perl/5.823 - - webmail.XXXxxxxx.it 200 0 0 9070 205 15
2009-08-10 09:03:52 W3SVC1 MI1EXPROM1 10.223.247.61 RPC_IN_DATA
/rpc/rpcproxy.dll EXPROMO1.nf.xxxxxXXX.it:6002 443 - 10.223.247.201 HTTP/1.0
MSRPC - - webmail.XXXxxxxx.it 401 2 2148074254 375 344 0
2009-08-10 09:03:52 W3SVC1 MI1EXPROM1 10.223.247.61 RPC_OUT_DATA
/rpc/rpcproxy.dll EXPROMO1.nf.xxxxxXXX.it:6002 443 - 10.223.247.201 HTTP/1.0
MSRPC - - webmail.XXXxxxxx.it 401 2 2148074254 375 451 0
2009-08-10 09:03:56 W3SVC1 MI1EXPROM1 10.223.247.61 RPC_IN_DATA
/rpc/rpcproxy.dll EXPROMO1.nf.xxxxxXXX.it:6002 443 - 10.223.247.201 HTTP/1.0
MSRPC - - webmail.XXXxxxxx.it 401 2 2148074254 375 344 0
2009-08-10 09:03:56 W3SVC1 MI1EXPROM1 10.223.247.61 RPC_OUT_DATA
/rpc/rpcproxy.dll EXPROMO1.nf.xxxxxXXX.it:6002 443 - 10.223.247.201 HTTP/1.0
MSRPC - - webmail.XXXxxxxx.it 401 2 2148074254 375 451 0
2009-08-10 09:04:07 W3SVC1 MI1EXPROM1 10.223.247.61 GET
/exchweb/bin/auth/owalogon.asp
url=https://webmail.XXXxxxxx.it/exchange/&reason=0 443 - 192.168.21.245
HTTP/1.1 libwww-perl/5.823 - - webmail.XXXxxxxx.it 200 0 0 9070 205 0

Below the configuration:
squid 2.5STABLE14-1 + owa patch

http_port 80
extension_methods RPC_IN_DATA RPC_OUT_DATA
https_port 10.223.243.26:443 cert=/etc/squid/cert/wm.XXXxxxxx.it.cert
key=/etc/squid/cert/wm.XXXxxxxx.it.private.key
cafile=/etc/squid/cert/cafile.cert
ssl_unclean_shutdown on
cache_peer mail.XXXxxxxx.it parent 443 0 ssl
sslcert=/etc/squid/cert/mi1exprom1.cert sslflags=DONT_VERIFY_PEER proxy-only
no-query no-digest front-end-https=on
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
emulate_httpd_log on
log_ip_on_direct on
debug_options ALL,1,83,2
hosts_file /etc/hosts
redirect_rewrites_host_header on
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
shutdown_lifetime 0 seconds
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl xxxxx src 192.168.55.0/24
acl easy_bb src xxx.xxx.64.0/19
acl easy_bb src xxx.xxx.224.0/19
acl easy_bb src xxx.xxx.16.0/20
acl easy_bb src xxx.xxx.81.0/24
acl easy_bb src xxx.xxx.87.0/24
acl easy_bb src xxx.xxx.26.0/24
acl easy_bb src xxx.xxx.144.0/20
acl easy_bb src xxx.xxx.240.0/20
acl destination dst 10.223.243.24/32
acl access_mail urlpath_regex -i "/etc/squid/users/access_mail.txt"
acl access_url url_regex -i "/etc/squid/url_valid.txt"
acl acl_pfa dstdomain webmail.XXXxxxxx.it
http_access deny easy_bb
http_access allow xxxxx
http_access allow access_mail
http_access allow access_url
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
cache_peer_access mail.XXXxxxxx.it allow acl_pfa
cache_peer_access mail.XXXxxxxx.it deny all
tcp_outgoing_address 10.223.247.203 xxxxx
tcp_outgoing_address 10.223.247.201
cache_mgr net_at_xxxxx.it
cache_effective_user squid
cache_effective_group squid
visible_hostname webmail.XXXxxxxx.it
httpd_accel_host virtual
httpd_accel_port 443
httpd_accel_single_host on
httpd_accel_with_proxy off
httpd_accel_uses_host_header on
err_html_text .
deny_info ERR_xxxxxXXX all
deny_info ERR_xxxxxXXX access_mail
never_direct allow all
strip_query_terms off
coredump_dir /var/spool/squid
max_filedesc 4096

Configuratio
squid.conf-2.7STABLE6-1
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
acl xxxxx src 192.168.55.0/24
acl xxxxx src 10.221.121.0/24
acl easy_bb src xxx.xxx.64.0/19
acl easy_bb src xxx.xxx.224.0/19
acl easy_bb src xxx.xxx.16.0/20
acl easy_bb src xxx.xxx.81.0/24
acl easy_bb src xxx.xxx.87.0/24
acl easy_bb src xxx.xxx.26.0/24
acl easy_bb src xxx.xxx.144.0/20
acl easy_bb src xxx.xxx.240.0/20
acl access_mail urlpath_regex -i "/etc/squid/users/access_mail.txt"
acl access_url url_regex -i "/etc/squid/url_valid.txt"
acl acl_pfa dstdomain webmail.XXXxxxxx.it
http_access deny easy_bb
http_access allow xxxxx
http_access allow access_mail
http_access allow access_url
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
ssl_unclean_shutdown on
http_port 80 accel vhost
https_port 10.223.247.201:443 accel vhost
cert=/etc/squid/cert/wm.XXXxxxxx.it.cert
key=/etc/squid/cert/wm.XXXxxxxx.it.private.key
cafile=/etc/squid/cert/cafile.cert
cache_peer mi1exprom1.nf.xxxxxXXX.it parent 443 0 ssl
sslcert=/etc/squid/cert/mi1exprom1.cert sslflags=DONT_VERIFY_PEER proxy-only
no-query no-digest front-end-https=auto sourcehash round-robin originserver
name=MI11
cache_peer_access MI11 allow acl_pfa
cache_peer_access MI11 deny all
hierarchy_stoplist cgi-bin ?
logformat combined2 %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %
_________________________________________________________________
Show them the way! Add maps and directions to your party invites.
http://www.microsoft.com/windows/windowslive/products/events.aspx
Received on Mon Aug 10 2009 - 12:03:00 MDT

This archive was generated by hypermail 2.2.0 : Mon Aug 10 2009 - 12:00:15 MDT