[squid-users] Reverse proxying Exchange OWA wembail with SSL offloading - not working on IE/Chrome
Scott
3m9n51s2ewut at thismonkey.com
Tue Oct 27 09:24:04 UTC 2020
Hi,
I've been trying to track down why, when reverse proxying Microsoft Exchange
OWA (Outlook Web Access), recent versions of IE and Chrome don't get past the
logon page. Upon entering a username and password the browser just goes back
to the login page with no error displayed. Firefox works fine.
It seems to be something to do with SSL offloading (when the cache peer is
HTTP/80). Without SSL offloading (cache peer is HTTPS/443) everything works
as expected.
I did some debugging and noticed that the cookie sent from the server when
SSL offloading is ON (squid <-> OWA is HTTP) is missing the "secure"
attribute, whereas it is present when the data is HTTPS.
This makes perfect sense, and I'm wondering if that's the reason why some of
the browsers are not working.
Given that the browser <-> Squid traffic is HTTPS, is there a way to get
squid to add the "secure" attribute to cookies? At least for testing it
clarify what's going on.
Thanks,
Scott
More information about the squid-users
mailing list