httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Tomlinson <...@azuro.com>
Subject [users@httpd] OWA access over SSL reverse proxy
Date Fri, 10 Jun 2005 17:38:14 GMT
Hi all,

I know there are various threads on this subject (I have been reading
them all for weeks).  I have nearly cracked this and was wondering if
anyone here knew the answer to my problem.

The situation is as follows:

We have an Exchange 2000 server sitting nice and safe inside our
firewall with no external email access via any protocol.  My boss asked
if I could allow Outlook Web Access from the outside, so, knowing the
security issues with this I thought "I'll just route it over an
encrypting proxy".

That was 2 weeks ago and I still can't get the damn thing to work for
all users!  It works, but only for users with admin privialages.  Other
users just get endlessly repeating login prompts. 

Before you all shout - "thats an Exchange / IIS issue and your proxy is
working", I'll add that internally (ie: not through the proxy) OWA works
for all users.  So something is not getting properly proxied...

I am sure this is a *feature* of OWA to prevent people using this kind
of setup, but I just thought I would throw it out there to see if anyone
had come across this particular issue.

I include my proxy virtual host setup (note all the commented out
attempts at different config):
------------------------------------------------------------------

NameVirtualHost 1.1.1.1
<VirtualHost 1.1.1.1>
        ServerAdmin webmaster@nodomain.com
        ServerName webmail.nodomain.com

        DocumentRoot /var/www/

        RequestHeader set Front-End-Https "On"
        Header unset "WWW-Authenticate: NTLM"
        Header add WWW-Authenticate "Basic realm=mymailserver.nodomain.com"

        SSLEngine On
        SSLCertificateFile /etc/apache2/ssl/myproxyserver.cert.cert
        SSLCertificateKeyFile /etc/apache2/ssl/myproxyserver.cert.key

        # Set up this thing as a proxy for mymailserver's OWA
        ProxyRequests Off
        ProxyPreserveHost On

        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>

        <Location /exchange>
                ProxyPass http://mymailserver.nodomain.com/exchange
                ProxyPassReverse http://mymailserver.nodomain.com/exchange
#               SSLRequireSSL
        </Location>
        <Location /exchweb>
                ProxyPass http://mymailserver.nodomain.com/exchweb
                ProxyPassReverse http://mymailserver.nodomain.com/exchweb
#               SSLRequireSSL
        </Location>
        <Location /public>
                ProxyPass http://mymailserver.nodomain.com/public
                ProxyPassReverse http://mymailserver.nodomain.com/public
#               SSLRequireSSL
        </Location>

#       ProxyPass / http://mymailserver/Exchange/
#       ProxyPassReverse / http://mymailserver/Exchange/

#       SetEnv force-proxy-request-1.0 1
#       SetEnv proxy-nokeepalive 1

#       ProxyPass /Exchange/ http://mymailserver.nodomain.com/Exchange/
#       ProxyPassReverse /Exchange/
http://mymailserver.nodomain.com/Exchange/

#       ProxyPass /exchweb/ http://mymailserver.nodomain.com/exchweb/
#       ProxyPassReverse /exchweb/ http://mymailserver.nodomain.com/exchweb/

#       ProxyPass /public/ http://mymailserver.nodomain.com/public/
#       ProxyPassReverse /public/ http://mymailserver.nodomain.com/public/

        <Directory /var/www/>
                Order allow,deny
                allow from all
                RedirectMatch ^/$ /exchange
        </Directory>

        ErrorLog /var/log/apache2/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/access.log combined
        ServerSignature On

</VirtualHost>
------------------------------------------------------------------

I have also been fiddling with all the IIS / Exchange directory
permissions and authentication settings - leaving them as wide open as
possible, but it doesn't seem to have any effect!

Thanks in advance,
Dan

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message