[squid-users] Squid30 + Exchange OWA 2010 forms based authentication problem from Sergey Demochkin on 2011-10-03 (squid-users)

From: Sergey Demochkin <serdemo_at_mail.ru>
Date: Mon, 03 Oct 2011 23:45:57 +0400

Guys, I would appreciate your help on the following issue:

I setup squid30 on FreeBSD 8.1 release as reverse proxy for OWA 2010. Here is my squid's config:

####
visible_hostname owa.external.domain
cache_mgr squid
https_port 172.16.1.3:8080 accel vhost cert=/etc/ssl/crt/server-cert.crt key=/etc/ssl/key/server-key.key sslflags=DONT_VERIFY_DOMAIN clientca=/etc/ssl/CA/cacert.pem cafile=/etc/ssl/CA/cacert.pem capath=/etc/ssl/CA/ sslcontext=id
cache_peer 10.200.210.25 parent 8080 0 proxy-only no-query no-digest ssl sslflags=DONT_VERIFY_PEER,DONT_VERIFY_DOMAIN login=PASS front-end-https=on
cache_dir ufs /var/squid/cache 100 16 256
cache_access_log /var/squid/logs/access.log squid
cache_log /var/squid/logs/cache.log squid
cache_store_log /var/squid/logs/store.log squid
logfile_rotate 100
pid_filename /var/squid/squid.pid
acl OWA dstdomain owa.external.domain
acl OWA-DIRS urlpath_regex (\/rpc\/|\/owa\/|\/oab\/|\/autodiscover\/|\/Microsoft-Server-ActiveSync|\/public\/|\/exchweb\/|\/exchange\/)
acl OWA-SITE url_regex ^https://owa.external.domain
cache_peer_access 10.200.210.25 allow OWA
http_access allow OWA
http_access allow OWA OWA-DIRS OWA-SITE
http_access deny all
####

10.200.210.25 is the OWA server and it is set in hosts files on squid and on OWA itself as owa.external.domain

The problem is that when I connect to squid I see the OWA login page but when I enter login and pass into OWA authentication form I get an empty page with 400 status code. In squid's access.log I see:

client_ip TCP_MISS/400 528 POST https://owa.external.domain:8080/owa/auth.owa - FIRST_UP_PARENT/10.200.210.25 text/html

When I connect to OWA from LAN I have no problem athenticating through the form.

If I change the authentication settings on exchange server from Forms Based to Plain Text then when I connect via squid I get a login prompt and after providing login and pass I get to my mailbox and I can read/send/receive emails.

Any ideas how to make OWA's forms based authentication work with squid?

Sergey
Received on Mon Oct 03 2011 - 19:46:05 MDT

This archive was generated by hypermail 2.2.0 : Tue Oct 04 2011 - 12:00:03 MDT