Re: [squid-users] EXCHANGE - RPC over HTTPS not handled?

From: Nicola Bucci <n.bucci_at_gmde.it>
Date: Thu, 6 Oct 2011 12:12:19 +0200

Thanks for the quick reply, OWA works fine for me... is RPC the problem. Anyway, here is my squid.conf:

acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl EXCH dstdomain .gmde.it
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT

http_access allow SSL_ports

ssl_unclean_shutdown on

#Allow ICP queries from local networks only

icp_access allow all all

#http_port 3128

###LISTEN ON ###
https_port 443 cert=/etc/squid3/exchange.pem key=/etc/squid3/nopassexchange.key defaultsite=gmdeag3.gmde.it

###CACHE PEER###
#cache_peer 10.0.0.3 parent 443 0 no-query proxy-only connection-auth=on originserver front-end-https=on login=PASS ssl sslflags=DONT_VERIFY_PEER sslcert=/etc/squid3/exchange.pem sslkey=/etc/squid3/nopassexchange.key
#cache_peer 10.0.0.3 parent 443 0 no-query originserver login=PASS ssl sslcert=/etc/squid/exchange.pem sslkey=/etc/squid/nopassexchange.key
cache_peer 10.0.0.3 parent 443 0 connection-auth=off ssl sslflags=DONT_VERIFY_PEER sslcert=/etc/squid3/exchange.pem sslkey=/etc/squid3/nopassexchange.key proxy-only no-query no-digest front-end-https=on sourcehash round-robin originserver login=PASS name=exchangeServer

#We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?

access_log /var/log/squid3/access.log squid

cache_effective_user proxy
cache_effective_group root
never_direct allow all all
miss_access allow EXCH
miss_access deny all
cache_peer_access exchangeServer allow EXCH
cache_peer_access exchangeServer deny all
never_direct allow EXCH

and "squid3 -v":

configure options: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' '--srcdir=.' '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3' '--mandir=/usr/share/man' '--with-cppunit-basedir=/usr' '--enable-ssl' '--enable-inline' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-underscores' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth=basic,digest,ntlm,negotiate' '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam,squid_radius_auth,multi-domain-NTLM' '--enable-ntlm-auth-helpers=smb_lm,' '--enable-digest-auth-helpers=ldap,password' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group' '--enable-arp-acl' '--enable-esi' '--disable-translation' '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -g -Wall -O2' 'LDFLAGS=' 'CPPFLAGS=' 'CXXFLAGS=-g -O2 -g -Wall -O2' --with-squid=/usr/src/squid3-3.1.6

Is there something wrong i'm doing? Or simply squid don't handle RPC over HTTP with exchange? My goal will be to use squid instead other commercial products. Obviously :)
Thanks

On 6Oct, 2011, at 12:06 PM, Jakob Curdes wrote:

> Am 06.10.2011 11:58, schrieb Nicola Bucci:
>> Hi all,
>> i'm trying to publish exchange web services on the web trough squid 3.1 on Debian. From my mac it works fine (mail and outlook for mac, OWA is working fine too) but from windows machines outlook asks me every time for the authentication credentials. The reason is because it use on mac a normal web service (hos/EWS/exchange.asmx), but from windows, outlook uses RPC over HTTP (in my case HTTPS). Suggestions?
> http://wiki.squid-cache.org/ConfigExamples/Reverse/OutlookWebAccess ?
>
> JC
>
>
Received on Thu Oct 06 2011 - 10:12:26 MDT

This archive was generated by hypermail 2.2.0 : Thu Oct 06 2011 - 12:00:02 MDT