On Wed, 29 Oct 2003, Jonathan Giles wrote:
> 1) forms based authentication mode turns on ssl on the exchange
> server. Https connections fail because it does not like the test cert
> we put on the exchange server. Is there any way to tell squid to
> ignore the problem with the ssl test cert on the 2003 exchange server?
If you use Squid-3 then you can tell Exchange that https is added by a
frontend server such as Squid. See the cache_peer directive in Squid-3.
> We can skip forms based auths if we can cause squid to time out
> sessions... Seems as though exchange credentials are stored on the web
> client, and are not destroyed until the web client is quit.
Correct.
> 2) if using IE on Windows, exchange2003 goes into high gear mode and
> gives special features to the client, and this does not work on the
> squid system I configured for exchange2000. I believe there is a
> redirect that is causing the proxy to spin it's gears, as the mail
> folder list never gets populated with mail messages. So, if someone
> here has a suggestion with regards to this issue, or if there is a way
> to stop letting Exchange 2003 know that the client is IE on windows, it
> would be very helpful.
You quite likely need to use the above Squid-3 feature for this to work
properly..
Modern Exchange OWA installations uses WebDAV for folder access etc when
accessed by MSIE clients and this requires that OWA knows exacly by which
means it is accessed. Any front-end server such as a Squid reverse proxy
MUST NOT modify the URL (including the host component) and if the
front-end uses SSL while using plain HTTP to the OWA server then it must
tell so to the OWA by using the custom X-Front-End-HTTPS header.
Regards
Henrik
Received on Wed Oct 29 2003 - 15:00:36 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:45 MST