[squid-users] Reverse proxying Exchange OWA wembail with SSL offloading - not working on IE/Chrome

Scott 3m9n51s2ewut at thismonkey.com
Wed Oct 28 04:25:25 UTC 2020


On Tue, Oct 27, 2020 at 09:30:16PM +0200, Eliezer Croitor wrote:
> Hey Scott,
> 
> Can you attach any example cookie with and without the secure value?
> (replace sensitive data)
> 
> Thanks,
> Eliezer
> 
> ----
> Eliezer Croitoru
> Tech Support
> Mobile: +972-5-28704261
> Email: ngtech1ltd at gmail.com
> 
> -----Original Message-----
> From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Scott
> Sent: Tuesday, October 27, 2020 11:24 AM
> To: squid-users at lists.squid-cache.org
> Subject: [squid-users] Reverse proxying Exchange OWA wembail with SSL offloading - not working on IE/Chrome
> 
> Hi,
> 
> I've been trying to track down why, when reverse proxying Microsoft Exchange OWA (Outlook Web Access), recent versions of IE and Chrome don't get past the logon page.  Upon entering a username and password the browser just goes back to the login page with no error displayed.  Firefox works fine.
> 
> It seems to be something to do with SSL offloading (when the cache peer is HTTP/80).  Without SSL offloading (cache peer is HTTPS/443) everything works as expected.
> 
> I did some debugging and noticed that the cookie sent from the server when SSL offloading is ON (squid <-> OWA is HTTP) is missing the "secure" 
> attribute, whereas it is present when the data is HTTPS.
> 
> This makes perfect sense, and I'm wondering if that's the reason why some of the browsers are not working.
> 
> Given that the browser <-> Squid traffic is HTTPS, is there a way to get squid to add the "secure" attribute to cookies?  At least for testing it clarify what's going on.
> 
> Thanks,
> Scott
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
> 
>

Here are the logs (first not working, followed by working).

Note this is the login attempt, not the loading of the initial page.  You'll 
see in the NOT WORKING section that the browser does NOT return a cookie to 
the server, which is where the problem may be.  Again, I'm not sure why - I'm 
thinking perhaps the browser/javascript is rejecting the cookie as it's 
missing the "secure" attribute (because the back-end is talking plain HTTP).

As mentioned above Firefox has no issue with this.  I've fired up an iCAP 
server but need to brush up on my Python before I can test what happens if I 
add the "secure" attribute.

My cache peers are:
cache_peer exchange.domain.com parent  80 0 proxy-only no-query no-digest front-end-https originserver login=PASSTHRU connection-auth=on connect-timeout=3600 name=peer_exchange_80
cache_peer exchange.domain.com parent 443 0 proxy-only no-query no-digest front-end-https originserver login=PASSTHRU connection-auth=on connect-timeout=3600 ssl sslflags=DONT_VERIFY_PEER name=peer_exchange_443

Logs:

NOT WORKING

---------
2020/10/28 14:56:12.614 kid1| 11,2| client_side.cc(1306) parseHttpRequest: HTTP Client local=squid-external:443 remote=client-browser:22884 FD 19 flags=1
2020/10/28 14:56:12.614 kid1| 11,2| client_side.cc(1310) parseHttpRequest: HTTP Client REQUEST:
---------
POST /owa/auth.owa HTTP/1.1
Host: webmail.domain.com
Connection: keep-alive
Content-Length: 140
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: https://webmail.domain.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36 Edg/86.0.622.51
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://webmail.domain.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.domain.com%2fowa
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
Cookie: sm_spd_caution=0LCGM6rKJqGWF; PrivateComputer=true; PBack=0


----------
2020/10/28 14:56:12.627 kid1| 11,2| http.cc(2263) sendRequest: HTTP Server local=squid-internal:42139 remote=exchange:80 FD 17 flags=1
2020/10/28 14:56:12.628 kid1| 11,2| http.cc(2264) sendRequest: HTTP Server REQUEST:
---------
POST /owa/auth.owa HTTP/1.1
Content-Length: 140
Upgrade-Insecure-Requests: 1
Origin: https://webmail.domain.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36 Edg/86.0.622.51
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://webmail.domain.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.domain.com%2fowa
Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
Cookie: sm_spd_caution=0LCGM6rKJqGWF; PrivateComputer=true; PBack=0
Host: webmail.domain.com
Surrogate-Capability: webmail.domain.com="Surrogate/1.0"
X-Forwarded-For: client-browser
Cache-Control: max-age=0
Connection: keep-alive
Front-End-Https: On


----------
2020/10/28 14:56:12.748 kid1| ctx: enter level  0: 'https://webmail.domain.com/owa/auth.owa'
2020/10/28 14:56:12.748 kid1| 11,2| http.cc(719) processReplyHeader: HTTP Server local=squid-internal:42139 remote=exchange:80 FD 17 flags=1
2020/10/28 14:56:12.748 kid1| 11,2| http.cc(723) processReplyHeader: HTTP Server RESPONSE:
---------
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://webmail.domain.com/owa
Server: Microsoft-IIS/8.5
request-id: 85e28b7c-5a4c-4e89-a740-116359551a19
X-AspNet-Version: 4.0.30319
Set-Cookie: cadata=<data>; path=/;SameSite=None; HttpOnly
Set-Cookie: cadataTTL=<data>; path=/;SameSite=None; HttpOnly
Set-Cookie: cadataKey=<data>; path=/;SameSite=None; HttpOnly
Set-Cookie: cadataIV=<data>; path=/;SameSite=None; HttpOnly
Set-Cookie: cadataSig=<data>; path=/;SameSite=None; HttpOnly
X-Powered-By: ASP.NET
X-FEServer: exchange
Date: Wed, 28 Oct 2020 03:56:17 GMT
Content-Length: 151

----------
2020/10/28 14:56:12.748 kid1| ctx: exit level  0
2020/10/28 14:56:12.748 kid1| 11,2| Stream.cc(266) sendStartOfMessage: HTTP Client local=squid-external:443 remote=client-browser:22884 FD 19 flags=1
2020/10/28 14:56:12.748 kid1| 11,2| Stream.cc(267) sendStartOfMessage: HTTP Client REPLY:
---------
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://webmail.domain.com/owa
Server: Microsoft-IIS/8.5
request-id: 85e28b7c-5a4c-4e89-a740-116359551a19
X-AspNet-Version: 4.0.30319
Set-Cookie: cadata=<data>; path=/;SameSite=None; HttpOnly
Set-Cookie: cadataTTL=<data>; path=/;SameSite=None; HttpOnly
Set-Cookie: cadataKey=<data>; path=/;SameSite=None; HttpOnly
Set-Cookie: cadataIV=<data>; path=/;SameSite=None; HttpOnly
Set-Cookie: cadataSig=<data>; path=/;SameSite=None; HttpOnly
X-Powered-By: ASP.NET
X-FEServer: exchange
Date: Wed, 28 Oct 2020 03:56:17 GMT
Content-Length: 151
X-Cache: MISS from webmail.domain.com
X-Cache-Lookup: MISS from webmail.domain.com:443
Connection: keep-alive


----------
2020/10/28 14:56:12.838 kid1| 11,2| client_side.cc(1306) parseHttpRequest: HTTP Client local=squid-external:443 remote=client-browser:22884 FD 19 flags=1
2020/10/28 14:56:12.838 kid1| 11,2| client_side.cc(1310) parseHttpRequest: HTTP Client REQUEST:
---------
GET /owa HTTP/1.1
Host: webmail.domain.com
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36 Edg/86.0.622.51
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate 
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://webmail.domain.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.domain.com%2fowa
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
Cookie: sm_spd_caution=0LCGM6rKJqGWF; PrivateComputer=true; PBack=0


----------
2020/10/28 14:56:12.838 kid1| 11,2| http.cc(2263) sendRequest: HTTP Server local=squid-internal:42139 remote=exchange:80 FD 17 flags=1
2020/10/28 14:56:12.838 kid1| 11,2| http.cc(2264) sendRequest: HTTP Server REQUEST:
---------
GET /owa HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36 Edg/86.0.622.51
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://webmail.domain.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.domain.com%2fowa
Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
Cookie: sm_spd_caution=0LCGM6rKJqGWF; PrivateComputer=true; PBack=0
Host: webmail.domain.com
Surrogate-Capability: webmail.domain.com="Surrogate/1.0"
X-Forwarded-For: client-browser
Cache-Control: max-age=0
Connection: keep-alive
Front-End-Https: On


----------
2020/10/28 14:56:12.847 kid1| ctx: enter level  0: 'https://webmail.domain.com/owa'
2020/10/28 14:56:12.847 kid1| 11,2| http.cc(719) processReplyHeader: HTTP Server local=squid-internal:42139 remote=exchange:80 FD 17 flags=1
2020/10/28 14:56:12.847 kid1| 11,2| http.cc(723) processReplyHeader: HTTP Server RESPONSE:
---------
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
Location: https://webmail.domain.com/owa/auth/logon.aspx?url=https%3a%2f%2fwebmail.domain.com%2fowa&reason=0
Server: Microsoft-IIS/8.5
request-id: 8c3318c8-2eee-40bf-bfe0-dd94b20a5197
X-Powered-By: ASP.NET
X-FEServer: exchange
Date: Wed, 28 Oct 2020 03:56:17 GMT
Content-Length: 227

----------
2020/10/28 14:56:12.848 kid1| ctx: exit level  0
2020/10/28 14:56:12.848 kid1| 11,2| Stream.cc(266) sendStartOfMessage: HTTP Client local=squid-external:443 remote=client-browser:22884 FD 19 flags=1
2020/10/28 14:56:12.848 kid1| 11,2| Stream.cc(267) sendStartOfMessage: HTTP Client REPLY:
---------
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
Location: https://webmail.domain.com/owa/auth/logon.aspx?url=https%3a%2f%2fwebmail.domain.com%2fowa&reason=0
Server: Microsoft-IIS/8.5
request-id: 8c3318c8-2eee-40bf-bfe0-dd94b20a5197
X-Powered-By: ASP.NET
X-FEServer: exchange
Date: Wed, 28 Oct 2020 03:56:17 GMT
Content-Length: 227  
X-Cache: MISS from webmail.domain.com
X-Cache-Lookup: MISS from webmail.domain.com:443
Connection: keep-alive


----------
2020/10/28 14:56:12.861 kid1| 11,2| client_side.cc(1306) parseHttpRequest: HTTP Client local=squid-external:443 remote=client-browser:22884 FD 19 flags=1
2020/10/28 14:56:12.861 kid1| 11,2| client_side.cc(1310) parseHttpRequest: HTTP Client REQUEST:
---------
GET /owa/auth/logon.aspx?url=https%3a%2f%2fwebmail.domain.com%2fowa&reason=0 HTTP/1.1
Host: webmail.domain.com
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36 Edg/86.0.622.51
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://webmail.domain.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.domain.com%2fowa
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
Cookie: cookieTest=1; logondata=acc=0&lgn=user; sm_spd_caution=0LCGM6rKJqGWF; PrivateComputer=true; PBack=0


----------
2020/10/28 14:56:12.862 kid1| 11,2| http.cc(2263) sendRequest: HTTP Server local=squid-internal:42139 remote=exchange:80 FD 17 flags=1
2020/10/28 14:56:12.862 kid1| 11,2| http.cc(2264) sendRequest: HTTP Server REQUEST:
---------
GET /owa/auth/logon.aspx?url=https%3a%2f%2fwebmail.domain.com%2fowa&reason=0 HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36 Edg/86.0.622.51
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://webmail.domain.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.domain.com%2fowa
Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
Cookie: cookieTest=1; logondata=acc=0&lgn=user; sm_spd_caution=0LCGM6rKJqGWF; PrivateComputer=true; PBack=0
Host: webmail.domain.com
Surrogate-Capability: webmail.domain.com="Surrogate/1.0"
X-Forwarded-For: client-browser
Cache-Control: max-age=0
Connection: keep-alive
Front-End-Https: On


----------
2020/10/28 14:56:12.873 kid1| ctx: enter level  0: 'https://webmail.domain.com/owa/auth/logon.aspx?url=https%3a%2f%2fwebmail.domain.com%2fowa&reason=0'
2020/10/28 14:56:12.873 kid1| 11,2| http.cc(719) processReplyHeader: HTTP Server local=squid-internal:42139 remote=exchange:80 FD 17 flags=1
2020/10/28 14:56:12.874 kid1| 11,2| http.cc(723) processReplyHeader: HTTP Server RESPONSE:
---------
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
request-id: 076d002d-4d66-4bc7-93d2-0109bbb67892
X-Frame-Options: SAMEORIGIN
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 28 Oct 2020 03:56:17 GMT
Content-Length: 27968

----------
2020/10/28 14:56:12.874 kid1| ctx: exit level  0
2020/10/28 14:56:12.874 kid1| 11,2| Stream.cc(266) sendStartOfMessage: HTTP Client local=squid-external:443 remote=client-browser:22884 FD 19 flags=1
2020/10/28 14:56:12.874 kid1| 11,2| Stream.cc(267) sendStartOfMessage: HTTP Client REPLY:
---------
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
request-id: 076d002d-4d66-4bc7-93d2-0109bbb67892
X-Frame-Options: SAMEORIGIN
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 28 Oct 2020 03:56:17 GMT
Content-Length: 27968
X-Cache: MISS from webmail.domain.com
X-Cache-Lookup: MISS from webmail.domain.com:443
Connection: keep-alive


----------
2020/10/28 14:56:12.943 kid1| 11,2| client_side.cc(1306) parseHttpRequest: HTTP Client local=squid-external:443 remote=client-browser:22884 FD 19 flags=1
2020/10/28 14:56:12.943 kid1| 11,2| client_side.cc(1310) parseHttpRequest: HTTP Client REQUEST:
---------
GET /owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.domain.com%2fowa HTTP/1.1
Host: webmail.domain.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36 Edg/86.0.622.51
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://webmail.domain.com/owa/auth/logon.aspx?url=https%3a%2f%2fwebmail.domain.com%2fowa&reason=0
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
Cookie: cookieTest=1; logondata=acc=0&lgn=user; sm_spd_caution=0LCGM6rKJqGWF; PrivateComputer=true; PBack=0


----------
2020/10/28 14:56:12.944 kid1| 11,2| http.cc(2263) sendRequest: HTTP Server local=squid-internal:42139 remote=exchange:80 FD 17 flags=1
2020/10/28 14:56:12.944 kid1| 11,2| http.cc(2264) sendRequest: HTTP Server REQUEST:
---------
GET /owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.domain.com%2fowa HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36 Edg/86.0.622.51
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://webmail.domain.com/owa/auth/logon.aspx?url=https%3a%2f%2fwebmail.domain.com%2fowa&reason=0
Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
Cookie: cookieTest=1; logondata=acc=0&lgn=user; sm_spd_caution=0LCGM6rKJqGWF; PrivateComputer=true; PBack=0
Host: webmail.domain.com
Surrogate-Capability: webmail.domain.com="Surrogate/1.0"
X-Forwarded-For: client-browser
Cache-Control: max-age=259200
Connection: keep-alive
Front-End-Https: On


----------
2020/10/28 14:56:12.955 kid1| ctx: enter level  0: 'https://webmail.domain.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.domain.com%2fowa'
2020/10/28 14:56:12.955 kid1| 11,2| http.cc(719) processReplyHeader: HTTP Server local=squid-internal:42139 remote=exchange:80 FD 17 flags=1
2020/10/28 14:56:12.955 kid1| 11,2| http.cc(723) processReplyHeader: HTTP Server RESPONSE:
---------
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
request-id: 5b1807dd-0007-4d1e-8f5c-c6daf4d9dfa8
X-Frame-Options: SAMEORIGIN
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 28 Oct 2020 03:56:17 GMT
Content-Length: 58778

----------
2020/10/28 14:56:12.955 kid1| ctx: exit level  0
2020/10/28 14:56:12.956 kid1| 11,2| Stream.cc(266) sendStartOfMessage: HTTP Client local=squid-external:443 remote=client-browser:22884 FD 19 flags=1
2020/10/28 14:56:12.956 kid1| 11,2| Stream.cc(267) sendStartOfMessage: HTTP Client REPLY:
---------
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
request-id: 5b1807dd-0007-4d1e-8f5c-c6daf4d9dfa8
X-Frame-Options: SAMEORIGIN
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 28 Oct 2020 03:56:17 GMT
Content-Length: 58778
X-Cache: MISS from webmail.domain.com
X-Cache-Lookup: MISS from webmail.domain.com:443
Connection: keep-alive



WORKING

----------
2020/10/28 12:01:23.527 kid1| 11,2| client_side.cc(1306) parseHttpRequest: HTTP Client local=squid-external:443 remote=client-browser:2600 FD 24 flags=1
2020/10/28 12:01:23.527 kid1| 11,2| client_side.cc(1310) parseHttpRequest: HTTP Client REQUEST:
---------
POST /owa/auth.owa HTTP/1.1
Host: webmail.domain.com
Connection: keep-alive
Content-Length: 143
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: https://webmail.domain.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36 Edg/86.0.622.51
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://webmail.domain.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.domain.com%2fowa%2f
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
Cookie: sm_spd_caution=qPZGM6JTJHMDM; PrivateComputer=true; PBack=0

----------
2020/10/28 12:01:23.549 kid1| 11,2| http.cc(2263) sendRequest: HTTP Server local=squid-internal:62597 remote=exchange:443 FD 30 flags=1
2020/10/28 12:01:23.549 kid1| 11,2| http.cc(2264) sendRequest: HTTP Server REQUEST:
---------
POST /owa/auth.owa HTTP/1.1
Content-Length: 143
Upgrade-Insecure-Requests: 1
Origin: https://webmail.domain.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36 Edg/86.0.622.51
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://webmail.domain.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.domain.com%2fowa%2f
Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
Cookie: sm_spd_caution=qPZGM6JTJHMDM; PrivateComputer=true; PBack=0
Host: webmail.domain.com
Surrogate-Capability: webmail.domain.com="Surrogate/1.0"
X-Forwarded-For: client-browser
Cache-Control: max-age=0
Connection: keep-alive
Front-End-Https: On

----------
2020/10/28 12:01:23.649 kid1| ctx: enter level  0: 'https://webmail.domain.com/owa/auth.owa'
2020/10/28 12:01:23.649 kid1| 11,2| http.cc(719) processReplyHeader: HTTP Server local=squid-internal:62597 remote=exchange:443 FD 30 flags=1
2020/10/28 12:01:23.650 kid1| 11,2| http.cc(723) processReplyHeader: HTTP Server RESPONSE:
---------
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://webmail.domain.com/owa/
Server: Microsoft-IIS/8.5
request-id: 320cfc6b-e678-480e-8fa9-87126ee679d4
X-AspNet-Version: 4.0.30319
Set-Cookie: cadata=<data>; path=/;SameSite=None; secure; HttpOnly
Set-Cookie: cadataTTL=<data>; path=/;SameSite=None; secure; HttpOnly
Set-Cookie: cadataKey=<data>; path=/;SameSite=None; secure; HttpOnly
Set-Cookie: cadataIV=<data>; path=/;SameSite=None; secure; HttpOnly
Set-Cookie: cadataSig=<data>; path=/;SameSite=None; secure; HttpOnly
X-Powered-By: ASP.NET
X-FEServer: exchange
Date: Wed, 28 Oct 2020 01:01:28 GMT
Content-Length: 152

----------
2020/10/28 12:01:23.651 kid1| ctx: exit level  0
2020/10/28 12:01:23.651 kid1| 11,2| Stream.cc(266) sendStartOfMessage: HTTP Client local=squid-external:443 remote=client-browser:2600 FD 24 flags=1
2020/10/28 12:01:23.651 kid1| 11,2| Stream.cc(267) sendStartOfMessage: HTTP Client REPLY:
---------
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://webmail.domain.com/owa/
Server: Microsoft-IIS/8.5
request-id: 320cfc6b-e678-480e-8fa9-87126ee679d4
X-AspNet-Version: 4.0.30319
Set-Cookie: cadata=<data>; path=/;SameSite=None; secure; HttpOnly
Set-Cookie: cadataTTL=<data>; path=/;SameSite=None; secure; HttpOnly
Set-Cookie: cadataKey=<data>; path=/;SameSite=None; secure; HttpOnly
Set-Cookie: cadataIV=<data>; path=/;SameSite=None; secure; HttpOnly
Set-Cookie: cadataSig=<data>; path=/;SameSite=None; secure; HttpOnly
X-Powered-By: ASP.NET
X-FEServer: exchange
Date: Wed, 28 Oct 2020 01:01:28 GMT
Content-Length: 152
X-Cache: MISS from webmail.domain.com
X-Cache-Lookup: MISS from webmail.domain.com:443
Connection: keep-alive

----------
2020/10/28 12:01:23.750 kid1| 11,2| client_side.cc(1306) parseHttpRequest: HTTP Client local=squid-external:443 remote=client-browser:2600 FD 24 flags=1
2020/10/28 12:01:23.750 kid1| 11,2| client_side.cc(1310) parseHttpRequest: HTTP Client REQUEST:
---------
GET /owa/ HTTP/1.1
Host: webmail.domain.com
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36 Edg/86.0.622.51
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://webmail.domain.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.domain.com%2fowa%2f
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
Cookie: sm_spd_caution=qPZGM6JTJHMDM; PrivateComputer=true; PBack=0; cadata=<data>; cadataTTL=<data>; cadataKey=<data>; cadataIV=<data>; cadataSig=<data>

----------
2020/10/28 12:01:23.751 kid1| 11,2| http.cc(2263) sendRequest: HTTP Server local=squid-internal:62597 remote=exchange:443 FD 30 flags=1
2020/10/28 12:01:23.751 kid1| 11,2| http.cc(2264) sendRequest: HTTP Server REQUEST:
---------
GET /owa/ HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36 Edg/86.0.622.51
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://webmail.domain.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.domain.com%2fowa%2f
Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
Cookie: sm_spd_caution=qPZGM6JTJHMDM; PrivateComputer=true; PBack=0; cadata=<data>; cadataTTL=<data>; cadataKey=<data>; cadataIV=<data>; cadataSig=<data>
Host: webmail.domain.com
Surrogate-Capability: webmail.domain.com="Surrogate/1.0"
X-Forwarded-For: client-browser
Cache-Control: max-age=0
Connection: keep-alive
Front-End-Https: On

----------
2020/10/28 12:01:23.896 kid1| ctx: enter level  0: 'https://webmail.domain.com/owa/'
2020/10/28 12:01:23.896 kid1| 11,2| http.cc(719) processReplyHeader: HTTP Server local=squid-internal:62597 remote=exchange:443 FD 30 flags=1
2020/10/28 12:01:23.896 kid1| 11,2| http.cc(723) processReplyHeader: HTTP Server RESPONSE:
---------
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
request-id: ea651da4-e232-4990-995e-72e015c573fb
X-CalculatedBETarget: exchange.domain.com
X-Content-Type-Options: nosniff
X-OWA-Version: 15.1.1979.3
X-OWA-OWSVersion: V2017_08_18
X-OWA-MinimumSupportedOWSVersion: V2_6
X-Frame-Options: SAMEORIGIN
X-OWA-DiagnosticsInfo: 46;15;7
X-BackEnd-Begin: 2020-10-28T12:01:28.905
X-BackEnd-End: 2020-10-28T12:01:28.952
X-DiagInfo: exchange
X-BEServer: exchange
X-UA-Compatible: IE=EmulateIE7
X-AspNet-Version: 4.0.30319
Set-Cookie: ClientId=567C1AE2155A441B9B9135F021DE8E49; expires=Thu, 28-Oct-2021 01:01:28 GMT; path=/; secure
Set-Cookie: UC=5caf337600204e1aa6add4af567d64ba; path=/; secure; HttpOnly
Set-Cookie: X-OWA-CANARY=ALo_AnoqYkOZD3FVdSCHPoDMmQDdetgI1eFx8F31UnwyEefwAxmPCeDfu7qodXti7-KYJeZb_Ts.; path=/; secure
Set-Cookie: X-BackEndCookie=<data>; expires=Fri, 27-Nov-2020 01:01:28 GMT; path=/owa; secure; HttpOnly
X-Powered-By: ASP.NET
X-FEServer: exchange
Date: Wed, 28 Oct 2020 01:01:28 GMT 

----------
2020/10/28 12:01:23.897 kid1| ctx: exit level  0
2020/10/28 12:01:23.897 kid1| 11,2| Stream.cc(266) sendStartOfMessage: HTTP Client local=squid-external:443 remote=client-browser:2600 FD 24 flags=1
2020/10/28 12:01:23.897 kid1| 11,2| Stream.cc(267) sendStartOfMessage: HTTP Client REPLY:
---------
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
request-id: ea651da4-e232-4990-995e-72e015c573fb
X-CalculatedBETarget: exchange.domain.com
X-Content-Type-Options: nosniff
X-OWA-Version: 15.1.1979.3
X-OWA-OWSVersion: V2017_08_18
X-OWA-MinimumSupportedOWSVersion: V2_6
X-Frame-Options: SAMEORIGIN
X-OWA-DiagnosticsInfo: 46;15;7
X-BackEnd-Begin: 2020-10-28T12:01:28.905
X-BackEnd-End: 2020-10-28T12:01:28.952
X-DiagInfo: exchange
X-BEServer: exchange
X-UA-Compatible: IE=EmulateIE7
X-AspNet-Version: 4.0.30319
Set-Cookie: ClientId=567C1AE2155A441B9B9135F021DE8E49; expires=Thu, 28-Oct-2021 01:01:28 GMT; path=/; secure
Set-Cookie: UC=5caf337600204e1aa6add4af567d64ba; path=/; secure; HttpOnly
Set-Cookie: X-OWA-CANARY=ALo_AnoqYkOZD3FVdSCHPoDMmQDdetgI1eFx8F31UnwyEefwAxmPCeDfu7qodXti7-KYJeZb_Ts.; path=/; secure
Set-Cookie: X-BackEndCookie=<data>; expires=Fri, 27-Nov-2020 01:01:28 GMT; path=/owa; secure; HttpOnly
X-Powered-By: ASP.NET
X-FEServer: exchange
Date: Wed, 28 Oct 2020 01:01:28 GMT
X-Cache: MISS from webmail.domain.com
X-Cache-Lookup: MISS from webmail.domain.com:443
Transfer-Encoding: chunked
Connection: keep-alive


More information about the squid-users mailing list