httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Edward Muller <edwar...@interlix.com>
Subject RE: [users@httpd] Exchange 2K OWA w/IE clients
Date Thu, 18 Sep 2003 19:38:12 GMT
This way:
RequestHeader set Front-End-Https on
RewriteCond %{REQUEST_URI} ^/exchange
RewriteRule ^/exchange(.*) http://mail.<domain>/exchange/$1 [L,P]
RewriteCond %{REQUEST_URI} ^/exchweb
RewriteRule ^/exchweb(.*) http://mail.<domain>/exchweb/$1 [L,P]
RewriteCond %{REQUEST_URI} ^/public
RewriteRule ^/public(.*) http://mail.<domain>/public/$1 [L,P]

works fine, but we get two logins (one from going to www.<domain>, then
one for mail.<domain>) and an SSL mismatch box because the SSL cert
doesn't match the host name (it was purchased for www.<domain>, not
mail.<domain>)

I still don't understand why my initial rules work in Mozilla 100%, but
don't work in IE.

On Thu, 2003-09-18 at 14:16, Edward Muller wrote:
> The ProxyPreserveHost On Directive seems to take that all into account
> and fixes it. The HTML produced contains the correct host names.
> 
> And hes, I am using the RequestHeader.
> 
> My client does not want a virtual host, they want to map it into
> existing URL space for historical reasons.
> 
> P.S. We had a setup like this in an earlier test with the IP changes and
> there were still problems with IE (if I am remembering correctly).
> 
> On Thu, 2003-09-18 at 14:07, Saunders Jack wrote:
> > The OWA front-end server sends (embedded) hard links, based on the OWA front-end
hostname:<standard-port>, to the end-user through the Apache/reverse proxy.
> > 	Use the same hostname for both the public- and backend- access point. That means,
if the  public entry point has the name "owa.webmail.com" then the hostname of the OWA backend
server must be named "owa.webmail.com" as well.
> > 
> > ·	on the OWA front-end server,
> > create a VirtualHost named owa.webmail.com
> > ·	on the reverse proxy,
> > in the VirtualHost owa.webmail.com add the following proxy rules:
> > ProxyPass /owa http://owa.webmail.com/owa
> > ProxyPassReverse /owa http://owa.webmail.com/owa
> > ProxyPass /exchweb http://owa.webmail.com/exchweb
> > ProxyPassReverse /exchweb http://owa.webmail.com/exchweb
> > 
> > in /etc/hosts on the Apache/RP enter the line
> > yourpublicipaddress  owa.webmail.com 
> > 
> > The OWA environment isn't aware of SSL if that is handled by another box
> > 	To make the OWA environment understand that another box between itself and the
end-user is doing the SSL thing, a custom HTTP-HEADER must be sent to the OWA front-end server.
This way the embedded hard links sent to the end-user will be referenced as https://... .
> > 
> > <LocationMatch "/(owa|exchweb)">
> >   RequestHeader set Front-End-Https on
> > </LocationMatch> 
> > 
> > This is how we setup our environment and it works great!  
> > 
> > 
> > -----Original Message-----
> > From: Edward Muller [mailto:edwardam@interlix.com]
> > Sent: Thursday, September 18, 2003 2:47 PM
> > To: users@httpd.apache.org
> > Subject: [users@httpd] Exchange 2K OWA w/IE clients
> > 
> > 
> > A client of ours recently (last weekend) migrated to Exchange 2K, from
> > Exchange 5.5.
> > 
> > Before the migration apache proxied Exchange 5.5's OWA just fine with a
> > simple rewrite rule.
> > 
> > After the upgrade it didn't work. So we did a little research and came
> > up with the following directive set that works for NON-IE clients (i.e.
> > it works fine with Mozilla/FireBird, Opera seems to have the same
> > problem as IE though regardless of Identify string):
> > 
> > ProxyPreserveHost On
> > RequestHeader set front-end-https: on
> > ProxyPass /exchange http://172.19.2.10/exchange
> > ProxyPassReverse /exchange http://172.19.2.10/exchange
> > ProxyPass /exchweb http://172.19.2.10/exchweb
> > ProxyPassReverse /exchweb http://172.19.2.10/exchweb
> > ProxyPass /public http://172.19.2.10/public
> > ProxyPassReverse /public http://172.19.2.10/public
> > 
> > The 172.19.2.10 IP is their exchange server sitting on a private subnet
> > behind the firewall.
> > 
> > The HTML passed to IE/Opera is different than the HTML passes to
> > Mozilla/Firebird. The HTML itself loads okay (with a single
> > authentication check), but I seem to get an authentication check for
> > each <img/> that is being loaded in the IE page. I took a look at the
> > HTML and the <img/>'s src is all withing the Proxied space so it's a
> > little confusing.. For instance...
> > 
> > One of the images is https://<webserver>/exchweb/img/tool-move.gif,
> > which should just be proxied without problems AFAICT.
> > 
> > Even if I put in the proper credentials for each img the img still
> > doesn't load.
> > 
> > Oh, and we did turn off windows integrated authentication as well.
> > 
> > Has anyone run into this? Does anyone know what we are doing wrong?
> > 
> > Thanks,
-- 
Edward Muller - http://www.interlix.com - "Open Source Specialists"
Dedicated Zope Hosting - Web Hosting - Open Source Consulting
Network & PC Service & Support - Custom Programming
Phone: 417-862-0573 - Cell: 417-844-2435 - Fax: 417-862-0572
Jabber: edwardam@jabber.interlix.com - AIM: edwardam453 - ICQ: 287033

Mime
View raw message