[squid-users] Reverse proxying Exchange OWA wembail with SSL offloading - not working on IE/Chrome
Eliezer Croitor
ngtech1ltd at gmail.com
Tue Oct 27 19:30:16 UTC 2020
Hey Scott,
Can you attach any example cookie with and without the secure value?
(replace sensitive data)
Thanks,
Eliezer
----
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd at gmail.com
-----Original Message-----
From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Scott
Sent: Tuesday, October 27, 2020 11:24 AM
To: squid-users at lists.squid-cache.org
Subject: [squid-users] Reverse proxying Exchange OWA wembail with SSL offloading - not working on IE/Chrome
Hi,
I've been trying to track down why, when reverse proxying Microsoft Exchange OWA (Outlook Web Access), recent versions of IE and Chrome don't get past the logon page. Upon entering a username and password the browser just goes back to the login page with no error displayed. Firefox works fine.
It seems to be something to do with SSL offloading (when the cache peer is HTTP/80). Without SSL offloading (cache peer is HTTPS/443) everything works as expected.
I did some debugging and noticed that the cookie sent from the server when SSL offloading is ON (squid <-> OWA is HTTP) is missing the "secure"
attribute, whereas it is present when the data is HTTPS.
This makes perfect sense, and I'm wondering if that's the reason why some of the browsers are not working.
Given that the browser <-> Squid traffic is HTTPS, is there a way to get squid to add the "secure" attribute to cookies? At least for testing it clarify what's going on.
Thanks,
Scott
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list