Squid Exchange reverse proxy - Multiple digest authentifications



  • I'am trying to configure squid as reverse proxy for my exchange owa website. When opening the website I can login using my username and password, but after that every subsequent request also opens the digest login dialog. Does anyone know how to solve this problem? Here is my squid config:

    
    # Reverse Proxy settings
    http_port 84.74.152.211:80 accel defaultsite=www.test.com vhost
    https_port 84.74.152.211:443 accel cert=/usr/local/etc/squid/5106c8b77e5de.crt key=/usr/local/etc/squid/5106c8b77e5de.key defaultsite=www.test.com vhost
    http_port 172.17.1.1:80 accel defaultsite=www.test.com vhost
    https_port 172.17.1.1:443 accel cert=/usr/local/etc/squid/5106c8b77e5de.crt key=/usr/local/etc/squid/5106c8b77e5de.key defaultsite=www.test.com vhost
    cache_peer 172.17.2.11 parent 443 0 proxy-only no-query originserver login=PASS connection-auth=on ssl sslflags=DONT_VERIFY_PEER front-end-https=on name=OWA_HOST_pfs
    
    #EXCHSRV
    cache_peer 172.17.2.4 parent 80 0 proxy-only no-query no-digest originserver login=PASS name=rvp_EXCHSRV
    
    acl OWA_URI_pfs url_regex -i ^https://www.test.com:?[0-9]*/owa.*$
    acl OWA_URI_pfs url_regex -i ^https://www.test.com:?[0-9]*/exchange.*$
    acl OWA_URI_pfs url_regex -i ^https://www.test.com.ch:?[0-9]*/public.*$
    acl OWA_URI_pfs url_regex -i ^https://www.test.com.ch:?[0-9]*/exchweb.*$
    acl OWA_URI_pfs url_regex -i ^https://www.test.com.ch:?[0-9]*/ecp.*$
    acl OWA_URI_pfs url_regex -i ^https://www.test.com.ch:?[0-9]*/OAB.*$
    acl OWA_URI_pfs url_regex -i ^https://www.test.com:?[0-9]*/Microsoft-Server-ActiveSync.*$
    acl OWA_URI_pfs url_regex -i ^https://www.test.com:?[0-9]*/rpc/rpcproxy.dll.*$
    acl OWA_URI_pfs url_regex -i ^https://www.test.com:?[0-9]*/rpcwithcert/rpcproxy.dll.*$
    acl OWA_URI_pfs url_regex -i ^https://www.test.com:?[0-9]*/autodiscover.*$
    cache_peer_access OWA_HOST_pfs allow OWA_URI_pfs
    cache_peer_access OWA_HOST_pfs deny allsrc
    never_direct allow OWA_URI_pfs
    http_access allow OWA_URI_pfs
    
    


  • I just found out that this problem only occurs in Firefox, on Internet Explorer and on Chrome appears only one login dialog. I think the problem ist the NTLM authentification. Is there a way to get this to work with squid on firefox browsers?



  • I think I found a solution for my problem. I just switched the owa website to forms based authentification and now it works also in Firefox.



  • TheNetStriker,

    Thanks for your feedback, this topic will help other users that search forum/google with the same issue.

    att,
    Marcello Coutinho


Log in to reply