Hi all,
I know there are various threads on this subject (I have been reading
them all for weeks). I have nearly cracked this and was wondering if
anyone here knew the answer to my problem.
The situation is as follows:
We have an Exchange 2000 server sitting nice and safe inside our
firewall with no external email access via any protocol. My boss asked
if I could allow Outlook Web Access from the outside, so, knowing the
security issues with this I thought "I'll just route it over an
encrypting proxy".
That was 2 weeks ago and I still can't get the damn thing to work for
all users! It works, but only for users with admin privialages. Other
users just get endlessly repeating login prompts.
Before you all shout - "thats an Exchange / IIS issue and your proxy is
working", I'll add that internally (ie: not through the proxy) OWA works
for all users. So something is not getting properly proxied...
I am sure this is a *feature* of OWA to prevent people using this kind
of setup, but I just thought I would throw it out there to see if anyone
had come across this particular issue.
I include my proxy virtual host setup (note all the commented out
attempts at different config):
------------------------------------------------------------------
NameVirtualHost 1.1.1.1
<VirtualHost 1.1.1.1>
ServerAdmin webmaster@xxxxxxxxxxxx
ServerName webmail.nodomain.com
DocumentRoot /var/www/
RequestHeader set Front-End-Https "On"
Header unset "WWW-Authenticate: NTLM"
Header add WWW-Authenticate "Basic realm=mymailserver.nodomain.com"
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/myproxyserver.cert.cert
SSLCertificateKeyFile /etc/apache2/ssl/myproxyserver.cert.key
# Set up this thing as a proxy for mymailserver's OWA
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location /exchange>
ProxyPass http://mymailserver.nodomain.com/exchange
ProxyPassReverse http://mymailserver.nodomain.com/exchange
# SSLRequireSSL
</Location>
<Location /exchweb>
ProxyPass http://mymailserver.nodomain.com/exchweb
ProxyPassReverse http://mymailserver.nodomain.com/exchweb
# SSLRequireSSL
</Location>
<Location /public>
ProxyPass http://mymailserver.nodomain.com/public
ProxyPassReverse http://mymailserver.nodomain.com/public
# SSLRequireSSL
</Location>
# ProxyPass / http://mymailserver/Exchange/
# ProxyPassReverse / http://mymailserver/Exchange/
# SetEnv force-proxy-request-1.0 1
# SetEnv proxy-nokeepalive 1
# ProxyPass /Exchange/ http://mymailserver.nodomain.com/Exchange/
# ProxyPassReverse /Exchange/
http://mymailserver.nodomain.com/Exchange/
# ProxyPass /exchweb/ http://mymailserver.nodomain.com/exchweb/
# ProxyPassReverse /exchweb/ http://mymailserver.nodomain.com/exchweb/
# ProxyPass /public/ http://mymailserver.nodomain.com/public/
# ProxyPassReverse /public/ http://mymailserver.nodomain.com/public/
<Directory /var/www/>
Order allow,deny
allow from all
RedirectMatch ^/$ /exchange
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
</VirtualHost>
------------------------------------------------------------------
I have also been fiddling with all the IIS / Exchange directory
permissions and authentication settings - leaving them as wide open as
possible, but it doesn't seem to have any effect!
Thanks in advance,
Dan
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|