httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Saunders Jack" <>
Subject RE: [users@httpd] Exchange 2K OWA w/IE clients
Date Thu, 18 Sep 2003 19:07:01 GMT
The OWA front-end server sends (embedded) hard links, based on the OWA front-end hostname:<standard-port>,
to the end-user through the Apache/reverse proxy.
	Use the same hostname for both the public- and backend- access point. That means, if the
 public entry point has the name "" then the hostname of the OWA backend server
must be named "" as well.

·	on the OWA front-end server,
create a VirtualHost named
·	on the reverse proxy,
in the VirtualHost add the following proxy rules:
ProxyPass /owa
ProxyPassReverse /owa
ProxyPass /exchweb
ProxyPassReverse /exchweb

in /etc/hosts on the Apache/RP enter the line

The OWA environment isn't aware of SSL if that is handled by another box
	To make the OWA environment understand that another box between itself and the end-user is
doing the SSL thing, a custom HTTP-HEADER must be sent to the OWA front-end server. This way
the embedded hard links sent to the end-user will be referenced as https://... .

<LocationMatch "/(owa|exchweb)">
  RequestHeader set Front-End-Https on

This is how we setup our environment and it works great!  

-----Original Message-----
From: Edward Muller []
Sent: Thursday, September 18, 2003 2:47 PM
Subject: [users@httpd] Exchange 2K OWA w/IE clients

A client of ours recently (last weekend) migrated to Exchange 2K, from
Exchange 5.5.

Before the migration apache proxied Exchange 5.5's OWA just fine with a
simple rewrite rule.

After the upgrade it didn't work. So we did a little research and came
up with the following directive set that works for NON-IE clients (i.e.
it works fine with Mozilla/FireBird, Opera seems to have the same
problem as IE though regardless of Identify string):

ProxyPreserveHost On
RequestHeader set front-end-https: on
ProxyPass /exchange
ProxyPassReverse /exchange
ProxyPass /exchweb
ProxyPassReverse /exchweb
ProxyPass /public
ProxyPassReverse /public

The IP is their exchange server sitting on a private subnet
behind the firewall.

The HTML passed to IE/Opera is different than the HTML passes to
Mozilla/Firebird. The HTML itself loads okay (with a single
authentication check), but I seem to get an authentication check for
each <img/> that is being loaded in the IE page. I took a look at the
HTML and the <img/>'s src is all withing the Proxied space so it's a
little confusing.. For instance...

One of the images is https://<webserver>/exchweb/img/tool-move.gif,
which should just be proxied without problems AFAICT.

Even if I put in the proper credentials for each img the img still
doesn't load.

Oh, and we did turn off windows integrated authentication as well.

Has anyone run into this? Does anyone know what we are doing wrong?


Edward Muller - - "Open Source Specialists"
Dedicated Zope Hosting - Web Hosting - Open Source Consulting
Network & PC Service & Support - Custom Programming
Phone: 417-862-0573 - Cell: 417-844-2435 - Fax: 417-862-0572
Jabber: - AIM: edwardam453 - ICQ: 287033

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message