In effort to build up a reverse proxy for Exchange 2000, I've determined:
1) using 1.3.26 or 1.3.28dev (CVS from a few minutes ago) a. IE clients fail IIS's auth challenge b. if those clients are sent first through squid, auth succeeds. c. mozilla, netscape 4x, clients succeed.
here are the http header responses from 1.3.26 and 1.3.28dev: # wget --server-response webmail.gactr.uga.edu --13:13:54-- http://webmail.gactr.uga.edu/ => `index.html' Resolving webmail.gactr.uga.edu... done. Connecting to webmail.gactr.uga.edu[10.10.10.99]:80... connected. HTTP request sent, awaiting response... 1 HTTP/1.1 302 Found 2 Date: Mon, 30 Sep 2002 17:13:54 GMT 3 Server: Apache/1.3.26 (Unix) mod_mp3/0.35 PHP/4.2.3 mod_perl/1.27 mod_ssl/2.8.10 OpenSSL/0.9.6g 4 Location: http://webmail.gactr.uga.edu/exchange/ 5 Connection: close 6 Content-Type: text/html; charset=iso-8859-1 Location: http://webmail.gactr.uga.edu/exchange/ [following] --13:13:54-- http://webmail.gactr.uga.edu/exchange/ => `index.html' Connecting to webmail.gactr.uga.edu[10.10.10.99]:80... connected. HTTP request sent, awaiting response... 1 HTTP/1.1 401 Access Denied 2 Date: Mon, 30 Sep 2002 17:13:54 GMT 3 Server: Microsoft-IIS/5.0 4 WWW-Authenticate: Negotiate 5 WWW-Authenticate: NTLM 6 WWW-Authenticate: Basic realm="webmail.gactr.uga.edu" 7 Content-Length: 24 8 Content-Type: text/html 9 Via: 1.1 webmail.gactr.uga.edu (Apache/1.3.26) 10 X-Cache: MISS from webmail.gactr.uga.edu 11 Keep-Alive: timeout=15, max=100 12 Connection: Keep-Alive Unknown authentication scheme.
# wget --server-response webmail.gactr.uga.edu --15:36:10-- http://webmail.gactr.uga.edu/ => `index.html.3' Resolving webmail.gactr.uga.edu... done. Connecting to webmail.gactr.uga.edu[10.10.10.99]:80... connected. HTTP request sent, awaiting response... 1 HTTP/1.1 302 Found 2 Date: Wed, 02 Oct 2002 19:36:10 GMT 3 Server: Apache/1.3.28-dev (Unix) 4 Location: http://webmail.gactr.uga.edu/exchange/ 5 Connection: close 6 Content-Type: text/html; charset=iso-8859-1 Location: http://webmail.gactr.uga.edu/exchange/ [following] --15:36:10-- http://webmail.gactr.uga.edu/exchange/ => `index.html.3' Connecting to webmail.gactr.uga.edu[10.10.10.99]:80... connected. HTTP request sent, awaiting response... 1 HTTP/1.1 401 Access Denied 2 Date: Wed, 02 Oct 2002 19:36:10 GMT 3 Server: Microsoft-IIS/5.0 4 WWW-Authenticate: Negotiate 5 WWW-Authenticate: NTLM 6 WWW-Authenticate: Basic realm="webmail.gactr.uga.edu" 7 Content-Length: 24 8 Content-Type: text/html 9 Via: 1.1 webmail.gactr.uga.edu (Apache/1.3.28-dev) 10 X-Cache: MISS from webmail.gactr.uga.edu 11 Keep-Alive: timeout=15, max=100 12 Connection: Keep-Alive Unknown authentication scheme.
2) using 2.0.42 the proxy works properly. here are its http headers: # wget --server-response webmail.gactr.uga.edu --15:34:06-- http://webmail.gactr.uga.edu/ => `index.html.3' Resolving webmail.gactr.uga.edu... done. Connecting to webmail.gactr.uga.edu[10.10.10.99]:80... connected. HTTP request sent, awaiting response... 1 HTTP/1.1 302 Found 2 Date: Wed, 02 Oct 2002 19:34:06 GMT 3 Server: Apache/2.0.42 (Unix) 4 Location: http://webmail.gactr.uga.edu/exchange/ 5 Content-Length: 302 6 Keep-Alive: timeout=15, max=100 7 Connection: Keep-Alive 8 Content-Type: text/html; charset=iso-8859-1 Location: http://webmail.gactr.uga.edu/exchange/ [following] --15:34:06-- http://webmail.gactr.uga.edu/exchange/ => `index.html.3' Connecting to webmail.gactr.uga.edu[10.10.10.99]:80... connected. HTTP request sent, awaiting response... 1 HTTP/1.1 401 Access Denied 2 Date: Wed, 02 Oct 2002 19:34:06 GMT 3 Server: Microsoft-IIS/5.0 4 WWW-Authenticate: Negotiate 5 WWW-Authenticate: NTLM 6 WWW-Authenticate: Basic realm="webmail.gactr.uga.edu" 7 Content-Type: text/html; charset=ISO-8859-1 8 Via: 1.0 webmail.gactr.uga.edu (Apache/2.0.42) 9 Content-Length: 24 10 Connection: close Unknown authentication scheme.
Below in the vhost config I've been using to test this. As it seems to me that the glaring difference between the 1.3.x proxy and the 2.0.x proxy is the http 1.1 vs http 1.0 (also why IE clients will work with the 1.3.x proxy when first sent through squid). I thus attempted to play with the variables (commented out in the below config) for the 1.3.x proxy. They produced no different results (as if the variables were ignored).
I am hoping to implement this reverse proxy (behind SSL also) by 01 January and would very much like to have a 1.3.x solution as the platform in question is FreeBSD; and PHP and auth_ldap modules will be required. Thanks very much in advance.
I will gladly attempt to elaborate more if necessary.
# cat http.webmail.gactr.uga.edu.inc Listen 10.10.10.99:80 <VirtualHost 10.10.10.99:80> ServerName webmail.gactr.uga.edu UseCanonicalName On CustomLog /tmp/transfer.log combined ErrorLog /tmp/error.log
#SetEnv force-proxy-request-1.0
#SetEnv proxy-nokeepalive
##SetEnv nokeepalive
#SetEnv downgrade-1.0
#SetEnv force-response-1.0
#SetEnv redirect-carefully
##SetEnv force-no-varyRedirect / http://webmail.gactr.uga.edu/exchange/ ProxyRequests Off ProxyVia Full #ProxyRemote * http://webmail.gactr.uga.edu ProxyPass /exchange/ http://webmail.gactr.uga.edu/exchange/ ProxyPassReverse /exchange/ http://webmail.gactr.uga.edu/exchange/ ProxyPass /public/ http://webmail.gactr.uga.edu/public/ ProxyPassReverse /public/ http://webmail.gactr.uga.edu/public/ ProxyPass /ex2k/ http://webmail.gactr.uga.edu/ex2k/ ProxyPassReverse /ex2k/ http://webmail.gactr.uga.edu/ex2k/ ProxyPass /exchweb/ http://webmail.gactr.uga.edu/exchweb/ ProxyPassReverse /exchweb/ http://webmail.gactr.uga.edu/exchweb/
</VirtualHost>
-- ---------------------------------------- Robin P. Blanchard Systems Integration Specialist Georgia Center for Continuing Education fon: 706.542.2404 <|> fax: 706.542.6546 ----------------------------------------
