Hi, I am writing to the mod_proxy list to ask a question. I am sorry if this has been brought up before and addressed. I figure it probably has not since it has not been available in the Apache distribution since 1.3.19 when I started using it.
What I am referring to is a patch a gentleman made for mod_proxy that allows header manipulation. Kwin Kramer is his name. The environment I work in we do not use commercial reverse proxy servers. We use entirely Apache and mod_securid to shield all of the wimpy IIS servers half our software REQUIRES to run on to be web enabled. I helped them web enable several applications over a period of time, 2 of which were Lotus iNotes for retrieving email and I-Manage, which is a document manager. Our users cannot use any web application until AFTER they have authenticated with their SecurID token. Problem came in when someone above me says, OK we are moving to Outlook, No more Lotus Notes.. so after they setup some beta boxes and got OWA (Outlook Web Access) running they asked me to setup some reverse proxy rules to pass OWA for clients. So with the help of another Co-worker we tried to get OWA working with mod_proxy and Apache. We could never get it 100%. (We do SSL to the Apache box, then non-ssl from the reverse proxy to the OWA box internally) After my co-worker figured out what was going on he stumbled onto the web site I linked to above. http://allafrica.com/tools/apache/mod_proxy/ There actually was a link if I remember correctly in MS knowledge base on OWA communication. There, a guy wrote a very handy patch that after adding one line we got OWA working 100% in our environment. The line winds up being: ProxyRequestHeader set Front-End-Https On Now you will have to forgive me if there is an easier way to accomplish this, we scoured the newsgroups and the ONLY other solution we found short of dropping Apache and using some other product was using a hacked mod_proxy_add_forward.c. I could not find anyone that actually accomplished this though. I found allot of unanswered questions in regards to OWA and Apache. (1.3.x) If their is another way to do this please let me know. And if this is even applicable to 2.x Now after this last weekend I had to upgrade all our reverse proxy servers because of the exploit floating around that effected pre 1.3.26 loads. To my dismay, the patch for 1.3.19 did not apply to 1.3.26. I was stuck, if I kept running the older version we were open to attack.. I thought of trying to match up the diffs on the patch files to figure out exactly what was going on to see if I could do something myself.. Instead, I emailed Kwin and got a very prompt response. He came up with new patched for 1.3.26 within a couple days which was really great! My question is, is there not some value with his patches he has made? Enough of a value to be added into the distribution? And does 2.x even need it? I have yet to look into running 2.x, I first have to find out if it supports our SecurID module and test it before I even think of that. I am sure there are applications to come that we will have to rely on this to get the app to be web enabled and play nice for a client. It would be really nice if this functionality was built in. And extra patches were not necessary. Now I am not the Apache expert, so I have no idea if what we were trying to accomplish above could have been pulled off with a bunch of complicated re-write rules or something else so please don't flame me to death if this is the case. Sorry for the long message and thanks for everyone's time that read this. Brian =========================================================== Important: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. ===========================================================
