Re: Apache reverse proxy x OWA authentication

[Robin P. Blanchard]

I finally got a reverse proxy to e2k via apache-1.3.2[6,7]. You need to 
install mod_proxy_add_forward with the following modification. On the 
IIS/OWA box, deselect "integrated windows auth". This allowsIE clients 
to auth through the apache1 proxy...

--- mod_proxy_add_forward-20020710.c    Tue Nov  5 14:22:06 2002
+++ mod_proxy_add_forward-ssl.c Tue Nov  5 14:25:26 2002
@@ -185,6 +185,8 @@
         ap_table_set(r->headers_in, "X-Server-Hostname",
                      r->server->server_hostname);
+       /* turn on front-end-https headed, so OWA will put HTTPS into 
urls */
+       ap_table_set(r->headers_in, "front-end-https","on");

        return OK;
     }

Fabiano Felix wrote:
Hello ,
I have success in reverse proxy to OWA/Exch2K with Apache2, but I have 
another problem: in some parts of OWA (specifically in pages that they 
require NTFS authentication), I receive the following message:
   Unknow authentication method.

I have too a https backend...
I search but I didnt find any solution, someone has some idea  ???
With best regards,
Fabiano
i.t wrote:
We are having a similar problem and haven't solved it yet. I believe 
that
the backend OWA server needs to have the original Host: header 
requested by
the browser passed through. There's a proxy directive in Apache 2 called
ProxyPreserveHost which sounds like it might do just that.

http://httpd.apache.org/docs-2.0/mod/mod_proxy.html#proxypreservehost
There's also a tech. note on Microsoft's web site that mentions that an
HTTP header may have to be set, but it isn't clear whether this is 
required
or not.

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q307347
We tried to get end-to-end SSL working with reverse proxy and ran into
problems with Apache 1.3.26 (haven't tried with Apache 2 yet). Our 
backend
https connection must pass through a regular Apache 1.3.26 proxy (not a
reverse proxy) and this doesn't appear to be implemented. The 
ProxyRemote
method seems to malfunction for backend SSL connections. A direct (no
intermediary proxy) https backend connection does appear to work.
  

what we have experienced with OWA-Clients and Exchange is:
to avoid problems with IE5/6 you have to use Squid (with extensions 
methods) or Apache 2.0.4x
we have even tested 1.3.28dev (beg. Oct);
1.3.24 works with basic auth, but you have to add dav support getting 
the client to work with the inbox and other webmail functionality

Regards
 



--
----------------------------------------
Robin P. Blanchard
Systems Integration Specialist
Georgia Center for Continuing Education
fon: 706.542.2404 <|> fax: 706.542.6546
----------------------------------------