Actually, we use squid and OpenBSD for just that purpose, and I don't recall falling into the issue with the absolute URLs, though. It might be because squid is rewriting the URLs on their way through - its been a year since we set it up and we haven't had to touch it since..
-------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Ken Cornetet [mailto:[EMAIL PROTECTED] > Sent: Wednesday, September 17, 2003 5:30 PM > To: Exchange Discussions > Subject: RE: OWA front end server - licensing and security > > > We use a Network Appliance NetCache in the DMZ as a reverse > proxy & SSL > front end. Internet OWA users hit the NetCache with HTTPS, and the > NetCache decrypts and forwards HTTP to a front-end server. > Works great, > but was a little pricey. > > Also, because OWA likes to send out absolute URLs, there is a > widget you > have to install in IIS on the front-end server that makes it > change the > outputted URLS from "http:" to "https:". This has the side effect of > making that front-end server unusable from inside traffic. > Come to think > of it, I guess you could add another OWA virtual site and not install > the widget on it. Untested. > > If the NetCache is too pricey for you, and you've got someone > with unix > experience, you can do much the same thing with squid on linux or BSD. > > > > -----Original Message----- > From: Erick Thompson [mailto:[EMAIL PROTECTED] > Sent: Tuesday, September 16, 2003 6:05 PM > To: Exchange Discussions > Subject: OWA front end server - licensing and security > > > I'm setting up OWA in my organization, and I have two > choices. I can set > up Exchange on the web server (in the DMZ), and specify it as a front > end server, or I can open port 80 to the primary Exchange > server. From a > security standpoint, I really like the first option, but I'm thinking > that I need a second Exchange Enterprise license. Am I > correct in this? > > Am I being too paranoid about opening port 80 through to the internal > Exchange server? I've never liked the idea of raw traffic entering my > LAN.... > > Thanks, > Erick > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=& lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
