Outlook Web Access behind Reverse proxy

Outlook Web Access behind Reverse proxy

am 01.12.2003 10:43:03 von Haim Marko

We are using Apache server as reverse proxy solution for user access from
the internet to internal web

sites within the internal lan. We want to set access to OWA 2003 from the
internet while the OWA server
is located in the internal LAN.

User in the internet -> https://owa.domain.com/ ->
http://owainternal.internaldomain.com/exchange/

On the apache's httpd.conf I have the folowing configuration:



ServerName owa.domain.com

ProxyPass / http://owainternal.internaldomain.com/exchange/

ProxyPassReverse / http://owainternal.internaldomain.com/exchange/



In the 1st page I'm getting contains the following tag:



Meaning that all relative links on the page will be changed to point to the
internal server

which is not accessible from the internet. Setting up the same name for both
external and
internal servers doesn't solve the problem because the BASE href points to
http and not https.

Is there a way to search and replace pages going back to the user (like
mod_rewrite in the
opposite Direction) ? Or other solution ?

10x

Best Regards,
Haim Marko, ITI Comverse

RE: Outlook Web Access behind Reverse proxy

am 01.12.2003 11:56:06 von FLombardo

No, your configuration is incorrect!!!

Please read my stupid paper at =
http://www.connectionreset.it/homepage/documenti/Apache2-OWA .txt


Lombardo Federico, Network Administrator & IT Security Manager=20
Tel. +396.47841.362 =20
Grandi Stazioni S.p.A.=20
Via G. Giolitti 34=20
00189 Roma=20
Italy=20

-----Original Message-----
From: Haim Marko [mailto:marcos75@yahoo.com]=20
Sent: luned=EC 1 dicembre 2003 10.43
To: modproxy-dev@apache.org
Subject: Outlook Web Access behind Reverse proxy

We are using Apache server as reverse proxy solution for user access =
from
the internet to internal web

sites within the internal lan. We want to set access to OWA 2003 from =
the
internet while the OWA server
is located in the internal LAN.

User in the internet -> https://owa.domain.com/ ->
http://owainternal.internaldomain.com/exchange/

On the apache's httpd.conf I have the folowing configuration:



ServerName owa.domain.com

ProxyPass / http://owainternal.internaldomain.com/exchange/

ProxyPassReverse / http://owainternal.internaldomain.com/exchange/



In the 1st page I'm getting contains the following tag:



Meaning that all relative links on the page will be changed to point to =
the
internal server

which is not accessible from the internet. Setting up the same name for =
both
external and
internal servers doesn't solve the problem because the BASE href points =
to
http and not https.

Is there a way to search and replace pages going back to the user (like
mod_rewrite in the
opposite Direction) ? Or other solution ?

10x

Best Regards,
Haim Marko, ITI Comverse

Re: Outlook Web Access behind Reverse proxy

am 01.12.2003 13:58:23 von Cahya Wirawan

I don't use owa, but I have similar configration for https.
in my case we use internal dns and external dns, so I can
use the same hostname in internal and external dns but for different
ip address. in internal dns, the hostname point to the real webserver
and in external dns it points to reverse proxy (revproxy use internal
dns).
so for owa connection , my configuration would look like:
User in the internet -> https://owa.mydomain.com/ ->
https://owa.mydomain.com/


ServerName owa.mydomain.com
SSLProxyEngine on
ProxyPass / https://owa.mydomain.com/
ProxyPassReverse / https://owa.mydomain.com/



ServerName owa.mydomain.com
RewriteRule ^/(.*) https://owa.mydomain.com/$1


the virtual host on port 80 is needed to redirect any http connection
to https in case the real webserver sent a url with http like
in your case with .

cahya.

On Mon, Dec 01, 2003 at 11:43:03AM +0200, Haim Marko wrote:
> User in the internet -> https://owa.domain.com/ ->
> http://owainternal.internaldomain.com/exchange/
>
> On the apache's httpd.conf I have the folowing configuration:
>
>
>
> ServerName owa.domain.com
>
> ProxyPass / http://owainternal.internaldomain.com/exchange/
>
> ProxyPassReverse / http://owainternal.internaldomain.com/exchange/
>
>
>
> In the 1st page I'm getting contains the following tag:
>
>
>
> Meaning that all relative links on the page will be changed to point to the
> internal server
>
> which is not accessible from the internet. Setting up the same name for both
> external and
> internal servers doesn't solve the problem because the BASE href points to
> http and not https.
>
> Is there a way to search and replace pages going back to the user (like
> mod_rewrite in the
> opposite Direction) ? Or other solution ?
>
> 10x
>
> Best Regards,
> Haim Marko, ITI Comverse
>
>
>
>

Re: Outlook Web Access behind Reverse proxy

am 01.12.2003 14:29:05 von Marko Haim

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C3B80E.CE596988
Content-Type: text/plain

I can't implement https->https proxing because I ame using apache server
version 1.
I can't upgrade it now since it is part of Checkpoint's Product called User
Authority Web Access Proxy
That gives me SSO (Single Sign ON) and AAA features.


"Lombardo, Federico" wrote in message
news:...
No, your configuration is incorrect!!!

Please read my stupid paper at
http://www.connectionreset.it/homepage/documenti/Apache2-OWA .txt


Lombardo Federico, Network Administrator & IT Security Manager
Tel. +396.47841.362
Grandi Stazioni S.p.A.
Via G. Giolitti 34
00189 Roma
Italy

-----Original Message-----
From: Haim Marko [mailto:marcos75@yahoo.com]
Sent: luned? 1 dicembre 2003 10.43
To: modproxy-dev@apache.org
Subject: Outlook Web Access behind Reverse proxy

We are using Apache server as reverse proxy solution for user access from
the internet to internal web

sites within the internal lan. We want to set access to OWA 2003 from the
internet while the OWA server is located in the internal LAN.

User in the internet -> https://owa.domain.com/ ->
http://owainternal.internaldomain.com/exchange/

On the apache's httpd.conf I have the folowing configuration:



ServerName owa.domain.com

ProxyPass / http://owainternal.internaldomain.com/exchange/

ProxyPassReverse / http://owainternal.internaldomain.com/exchange/



In the 1st page I'm getting contains the following tag:



Meaning that all relative links on the page will be changed to point to the
internal server

which is not accessible from the internet. Setting up the same name for both
external and internal servers doesn't solve the problem because the BASE
href points to http and not https.

Is there a way to search and replace pages going back to the user (like
mod_rewrite in the opposite Direction) ? Or other solution ?

10x

Best Regards,
Haim Marko, ITI Comverse







----------

------_=_NextPart_001_01C3B80E.CE596988
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable




charset=3Dus-ascii">
5.5.2655.35">
Re: Outlook Web Access behind Reverse proxy



I can't implement https->https proxing because I =
ame using apache server version 1.

I can't upgrade it now since it is part of =
Checkpoint's Product called User Authority Web Access Proxy

That gives me SSO (Single Sign ON) and AAA features. =





"Lombardo, Federico" =
<FLombardo@grandistazioni.it> wrote in message =
news:<DF71F1B1D60BD5118D2C0004AC538C651156F9@db_srv.gstazioni.it >.=
...



No, your configuration is incorrect!!!



Please read my stupid paper at HREF=3D"http://www.connectionreset.it/homepage/documenti/Apa che2-OWA.txt=
" =
TARGET=3D"_blank">http://www.connectionreset.it/homepage/doc umenti/Apach=
e2-OWA.txt





Lombardo Federico, Network Administrator & IT =
Security Manager

Tel. +396.47841.362 

Grandi Stazioni S.p.A.

Via G. Giolitti 34

00189 Roma

Italy



-----Original Message-----

From: Haim Marko [ HREF=3D"mailto:marcos75@yahoo.com">mailto:marcos75@yahoo.com] =


Sent: luned? 1 dicembre 2003 10.43

To: modproxy-dev@apache.org

Subject: Outlook Web Access behind Reverse =
proxy



We are using Apache server as reverse proxy solution =
for user access from the internet to internal web



sites within the internal lan. We want to set access =
to OWA 2003 from the internet while the OWA server is located in the =
internal LAN.



User in the internet -> HREF=3D"https://owa.domain.com/" =
TARGET=3D"_blank">https://owa.domain.com/ -> HREF=3D"http://owainternal.internaldomain.com/exchange/" =
TARGET=3D"_blank">http://owainternal.internaldomain.com/exch ange/ ONT>



On the apache's httpd.conf I have the folowing =
configuration:



<VirtualHost *:443>



ServerName owa.domain.com



ProxyPass / HREF=3D"http://owainternal.internaldomain.com/exchange/" =
TARGET=3D"_blank">http://owainternal.internaldomain.com/exch ange/ ONT>



ProxyPassReverse / HREF=3D"http://owainternal.internaldomain.com/exchange/" =
TARGET=3D"_blank">http://owainternal.internaldomain.com/exch ange/ ONT>



</VirtualHost>



In the 1st page I'm getting contains the following =
tag:



<BASE href=3D" HREF=3D"http://owainternal.internaldomain.com/exchange/Usern ame/" =
TARGET=3D"_blank">http://owainternal.internaldomain.com/exch ange/Usernam=
e/">



Meaning that all relative links on the page will be =
changed to point to the internal server



which is not accessible from the internet. Setting up =
the same name for both external and internal servers doesn't solve the =
problem because the BASE href points to http and not https.



Is there a way to search and replace pages going back =
to the user (like mod_rewrite in the opposite Direction) ? Or other =
solution ?



10x



Best Regards,

Haim Marko, ITI Comverse















----------





------_=_NextPart_001_01C3B80E.CE596988--

Re: Outlook Web Access behind Reverse proxy

am 01.12.2003 16:47:56 von Graham Leggett

Marko Haim wrote:

> I can't implement https->https proxing because I ame using apache server
> version 1.
> I can't upgrade it now since it is part of Checkpoint's Product called
> User Authority Web Access Proxy
> That gives me SSO (Single Sign ON) and AAA features.

> In the 1st page I'm getting contains the following tag:
>
>

Your best bet is to find out in the MS Exchange docs how to change this
tag so that either the base tag is removed, or the base tag refers to
the "internet" version of the URL.

Another bit of advice - keep it simple - make sure that the inside and
outside networks _both_ go through the reverse proxy - this saves you a
tonne of headaches and ugly configuration. It also means your laptop
people who are sometime inside, and sometimes outside, do not have to
jump through any hoops to reach the website.

Regards,
Graham
--

Re: Outlook Web Access behind Reverse proxy

am 02.12.2003 08:26:20 von Marko Haim

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C3B8A5.4DD484D6
Content-Type: text/plain


Does ne1 succeeded doing OWA https->http proxing with apache 1.x ?


"Graham Leggett" wrote in message
news:<3FCB62AC.5040204@sharp.fm>...
> Marko Haim wrote:
>
> > I can't implement https->https proxing because I ame using apache
> > server
> > version 1.
> > I can't upgrade it now since it is part of Checkpoint's Product called
> > User Authority Web Access Proxy
> > That gives me SSO (Single Sign ON) and AAA features.
>
> > In the 1st page I'm getting contains the following tag:
> >
> > > > href="http://owainternal.internaldomain.com/exchange/Usernam e/">
>
> Your best bet is to find out in the MS Exchange docs how to change
> this
> tag so that either the base tag is removed, or the base tag refers to
> the "internet" version of the URL.
>
> Another bit of advice - keep it simple - make sure that the inside and
> outside networks _both_ go through the reverse proxy - this saves you a
> tonne of headaches and ugly configuration. It also means your laptop
> people who are sometime inside, and sometimes outside, do not have to
> jump through any hoops to reach the website.
>
> Regards,
> Graham
> --
>
>

------_=_NextPart_001_01C3B8A5.4DD484D6
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable




charset=3Dus-ascii">
5.5.2655.35">
Re: Outlook Web Access behind Reverse proxy





Does ne1 succeeded doing OWA https->http proxing =
with apache 1.x ?





"Graham Leggett" <minfrin@sharp.fm> =
wrote in message news:<3FCB62AC.5040204@sharp.fm>...

> Marko Haim wrote:

>

> > I can't implement https->https proxing =
because I ame using apache

> > server

> > version 1.

> > I can't upgrade it now since it is part of =
Checkpoint's Product called

> > User Authority Web Access Proxy

> > That gives me SSO (Single Sign ON) and AAA =
features.

>

> > In the 1st page I'm getting contains the =
following tag:

> >

> > <BASE

> > href=3D" HREF=3D"http://owainternal.internaldomain.com/exchange/Usern ame/" =
TARGET=3D"_blank">http://owainternal.internaldomain.com/exch ange/Usernam=
e/">

>

> Your best bet is to find out in the MS Exchange =
docs how to change

> this

> tag so that either the base tag is removed, or =
the base tag refers to

> the "internet" version of the =
URL.

>

> Another bit of advice - keep it simple - make =
sure that the inside and

> outside networks _both_ go through the reverse =
proxy - this saves you a

> tonne of headaches and ugly configuration. It =
also means your laptop

> people who are sometime inside, and sometimes =
outside, do not have to

> jump through any hoops to reach the =
website.

>

> Regards,

> Graham

> --

>

>





------_=_NextPart_001_01C3B8A5.4DD484D6--