Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 2210 invoked from network); 18 Sep 2003 20:24:10 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 18 Sep 2003 20:24:10 -0000 Received: (qmail 18354 invoked by uid 500); 18 Sep 2003 20:23:39 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 18318 invoked by uid 500); 18 Sep 2003 20:23:38 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 18195 invoked from network); 18 Sep 2003 20:23:37 -0000 Received: from unknown (HELO sccimhc02.asp.att.net) (63.240.76.164) by daedalus.apache.org with SMTP; 18 Sep 2003 20:23:37 -0000 Received: from palin. (12-218-106-230.client.mchsi.com[12.218.106.230]) by sccimhc02.asp.att.net (sccimhc02) with SMTP id <20030918202342im200qr5mue> (Authid: emullerlpc@mchsi.com); Thu, 18 Sep 2003 20:23:42 +0000 From: Edward Muller Reply-To: edwardam@interlix.com To: users@httpd.apache.org In-Reply-To: <1063910791.20992.47.camel@palin.> References: <1063910791.20992.47.camel@palin.> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-0lybH3jOz1hnKcXDYw0E" Organization: Edward Muller Message-Id: <1063916617.20992.69.camel@palin.> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.4 Date: Thu, 18 Sep 2003 15:23:38 -0500 X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Subject: Re: [users@httpd] Exchange 2K OWA w/IE clients X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N --=-0lybH3jOz1hnKcXDYw0E Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Figured it out: The problem was not with my rules, but with IIS. I needed to not only enable Basic Authentication (which was done when we disabled Integrated Windows Authentication) but also specify a default domain for /exchange (which was already done I think) and also /public and /exchweb. This allows the authentication to work for those urls as well. Anyway ... Here are the rules we are using so everyone else doesn't need to do it the other way: #EXCHANGE #The ProxyPreserceHost needs to be done in the serverconfig or virtual host only, won't work in a LocationMatch ProxyPreserveHost On RequestHeader set Front-End-Https on ProxyPass /exchange http://172.19.2.10/exchange ProxyPassReverse /exchange http://172.19.2.10/exchange ProxyPass /exchweb http://172.19.2.10/exchweb ProxyPassReverse /exchweb http://172.19.2.10/exchweb ProxyPass /public http://172.19.2.10/public ProxyPassReverse /public http://172.19.2.10/public #/EXCHANGE replace the 172.19.2.10 IP address with the IP address of your exchange server. You should then be able to access OWA via https:///exchange Public folders and all work. On Thu, 2003-09-18 at 13:46, Edward Muller wrote: > A client of ours recently (last weekend) migrated to Exchange 2K, from > Exchange 5.5. >=20 > Before the migration apache proxied Exchange 5.5's OWA just fine with a > simple rewrite rule. >=20 > After the upgrade it didn't work. So we did a little research and came > up with the following directive set that works for NON-IE clients (i.e. > it works fine with Mozilla/FireBird, Opera seems to have the same > problem as IE though regardless of Identify string): >=20 > ProxyPreserveHost On > RequestHeader set front-end-https: on > ProxyPass /exchange http://172.19.2.10/exchange > ProxyPassReverse /exchange http://172.19.2.10/exchange > ProxyPass /exchweb http://172.19.2.10/exchweb > ProxyPassReverse /exchweb http://172.19.2.10/exchweb > ProxyPass /public http://172.19.2.10/public > ProxyPassReverse /public http://172.19.2.10/public >=20 > The 172.19.2.10 IP is their exchange server sitting on a private subnet > behind the firewall. >=20 > The HTML passed to IE/Opera is different than the HTML passes to > Mozilla/Firebird. The HTML itself loads okay (with a single > authentication check), but I seem to get an authentication check for > each that is being loaded in the IE page. I took a look at the > HTML and the 's src is all withing the Proxied space so it's a > little confusing.. For instance... >=20 > One of the images is https:///exchweb/img/tool-move.gif, > which should just be proxied without problems AFAICT. >=20 > Even if I put in the proper credentials for each img the img still > doesn't load. >=20 > Oh, and we did turn off windows integrated authentication as well. >=20 > Has anyone run into this? Does anyone know what we are doing wrong? >=20 > Thanks, --=20 Edward Muller - http://www.interlix.com - "Open Source Specialists" Dedicated Zope Hosting - Web Hosting - Open Source Consulting Network & PC Service & Support - Custom Programming Phone: 417-862-0573 - Cell: 417-844-2435 - Fax: 417-862-0572 Jabber: edwardam@jabber.interlix.com - AIM: edwardam453 - ICQ: 287033 --=-0lybH3jOz1hnKcXDYw0E Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA/ahRJ9mQI3ghpenkRAoMdAJ9P1Al9CwFe4UjBd4Z9UlixXCCpywCgqU4+ uSWTn0ihK80Yx0+mnKyCFXI= =iZeV -----END PGP SIGNATURE----- --=-0lybH3jOz1hnKcXDYw0E--