subject:"\[squid\-users\] OWA, SSL and HTTP Status 500\/501"

[squid-users] OWA, SSL and HTTP Status 500/501

2004-01-14 Thread Derek Winkler

I'm using squid-3.0-PRE3-20040108.

Want to do:

Browser --SSL-- Squid --SSL-- OWA

Here's my config:
visible_hostname klinger.algorithmics.com
cache_mgr [EMAIL PROTECTED]

https_port 443 cert=/opt/squid/etc/torxm.algorithmics.com.crt 
key=/opt/squid/etc/torxm.algorithmics.com.key cafile=/opt/squid/etc/cacert.crt 
defaultsite=torxm.algorithmics.com

cache_peer torxm.algorithmics.com parent 443 0 no-query ssl proxy-only 
sslcert=/opt/squid/etc/torxm.algorithmics.com.crt 
sslkey=/opt/squid/etc/torxm.algorithmics.com.key sslversion=2 sslflags=DONT_VERIFY_PEER

ssl_unclean_shutdown on

hierarchy_stoplist cgi-bin ? .dll

acl QUERY urlpath_regex cgi-bin \?
acl OWA urlpath_regex \.dll
no_cache deny QUERY
no_cache deny OWA

acl all src 0.0.0.0/0.0.0.0
acl all-dst dst 0.0.0.0/0.0.0.0

http_access allow all
http_access allow all-dst
http_reply_access allow all
http_reply_access allow all-dst

Here's my access.log:
1074094727.641   4383 10.1.10.103 TCP_MISS/501 368 GET 
https://torxm.algorithmics.com/dwinkler.htm - ANY_PARENT/torxm.algorithmics.com 
text/html

Why do I get the 501 error?

If I try to retrieve the page without squid it works.

Thanks,

Derek Winkler

Re: [squid-users] OWA, SSL and HTTP Status 500/501

2004-01-14 Thread Henrik Nordstrom

On Wed, 14 Jan 2004, Derek Winkler wrote:

 http_access allow all-dst
 http_reply_access allow all
 http_reply_access allow all-dst
 
 Here's my access.log:
 1074094727.641   4383 10.1.10.103 TCP_MISS/501 368 GET 
 https://torxm.algorithmics.com/dwinkler.htm - ANY_PARENT/torxm.algorithmics.com 
 text/html
 
 Why do I get the 501 error?

Good question. The 501 error is given by your OWA server and indicates 
Method not implemented.

 If I try to retrieve the page without squid it works.

What URL are you accessing without Squid?

Regards
Henrik

RE: [squid-users] OWA, SSL and HTTP Status 500/501

2004-01-14 Thread Henrik Nordstrom

It is your server which requires authentication.

If your Squid is set up to require authentication then both the Squid
reverse proxy and the server must use the same authentication, and you
must be using Basic HTTP authentication on both. In addition the Squid
reverse proxy must be configured to forward the login information (login
option in the cache_peer directive).

NTLM can not be used via reverse proxies. It does not matter if the 
backend connection is over SSL or not.

You can only use NTLM if you tunnel the SSL port directly to the OWA
server using a tcp forwarder or NAT, not using a proxy.

Regards
Henrik


On Wed, 14 Jan 2004, Derek Winkler wrote:

 Adding originserver to cache_peer got me past the 501 errors, but now I
 can't get past the authentication dialogue.
 
 Not sure if it is basic or NTLM.
 
 Here's the entry from my access.log
 
 1074116953.543 19 10.1.10.103 TCP_MISS/401 347 GET
 https://torxm.algorithmics.com/exchange/LogonFrm.asp? -
 FIRST_UP_PARENT/torxm.algorithmics.com text/html
 
 I thought it should work as Basic or NTLM if I was using SSL?
 
 Thanks,
 
 Derek
 
 -Original Message-
 From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, January 14, 2004 4:31 PM
 To: Derek Winkler
 Cc: 'Henrik Nordstrom'
 Subject: RE: [squid-users] OWA, SSL and HTTP Status 500/501
 
 
 Hmm.. did you remember to declare the OWA server as an originserver class 
 peer?
 
 Regards
 Henrik
 
 On Wed, 14 Jan 2004, Derek Winkler wrote:
 
  Sorry replying off-list, my Exchange server keeps converting emails to
 HTML
  and the list refuses them.
  
  I'm going to the same URL, https://torxm.algorithmics.com/dwinkler.htm
  without squid and it works, same browser and everything.
  
  -Original Message-
  From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
  Sent: Wednesday, January 14, 2004 1:39 PM
  To: Derek Winkler
  Cc: [EMAIL PROTECTED]
  Subject: Re: [squid-users] OWA, SSL and HTTP Status 500/501
  
  
  On Wed, 14 Jan 2004, Derek Winkler wrote:
  
   http_access allow all-dst
   http_reply_access allow all
   http_reply_access allow all-dst
   
   Here's my access.log:
   1074094727.641   4383 10.1.10.103 TCP_MISS/501 368 GET
  https://torxm.algorithmics.com/dwinkler.htm -
  ANY_PARENT/torxm.algorithmics.com text/html
   
   Why do I get the 501 error?
  
  Good question. The 501 error is given by your OWA server and indicates 
  Method not implemented.
  
   If I try to retrieve the page without squid it works.
  
  What URL are you accessing without Squid?
  
  Regards
  Henrik

[squid-users] OWA, SSL and HTTP Status 500/501

Re: [squid-users] OWA, SSL and HTTP Status 500/501

RE: [squid-users] OWA, SSL and HTTP Status 500/501

3 matches

Site Navigation

Mail list logo

Footer information