Fw: Apache2 Proxy and Domino Http Server Webmail Redirect

Fw: Apache2 Proxy and Domino Http Server Webmail Redirect

am 07.01.2005 17:12:23 von scott.pichelman

This is a multipart message in MIME format.
--=_alternative 0059064186256F82_=
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

Hi,

I have been trying to get apache's modproxy(ProxyPass/Reverse) or even
Modrewrite(RewriteCond/Rules) to work properly with Domino's
WebmailRedirect.nsf file.

Here is a Notes forum Post that hopefully explains the problem I am having
in a nutshell:
http://www-10.lotus.com/ldd/nd6forum.nsf/55c38d716d632d9b852 5689b005ba1c0/17=
5d0edd0639071485256e5c000915d4=3FOpenDocument

An explaination of my scenario below:
All behind our Firewall - PIX515:

User(Internet) --> FW --> Apache2 WebServer(DMZ) --> Domino Http
Server(COMM-different network)

Starting from the backend first...
The domino Web server is running on port 81 and it's Home URL is "
/DominoWe.nsf". ( I believe this file has code or references the Webmail
redirect db/code)
We are using an IBM/Lotus supplied Domino Webmail "redirect" called
"WebAccessRedirect650.ntf".
If I use the Domino webserver address & port to access webmail it works
fine.
A single sign-on and we are redirected to our mail file without any
problems.(The redirect takes the info given with username/pwd from
names.nsf and any other files & directs the browser to the mail/*.nsf and
loads up webmail interface/template)

However, it's get's more complex as you know when we add Apache2 and its
Reverse Proxy into the mix.
I have tried using modrewrite w/ rewriterules and I get the same result. (
I tried your method and many others as well)

RewriteEngine on
RewriteLog "/var/log/httpd/rewrite.log"
RewriteLogLevel 2
RewriteCond %{REQUEST=5FURI} ^/
RewriteRule /(.*) http://203.57.228.7:81/$1 [P]

And with a Pound Proxy added to the configuration, just these two Proxy
directives worked for me!

ProxyPass / http://203.57.228.7:81/
ProxyPassReverse / http://203.57.228.7:81/

The IP's listed above are of course the backend Domino Server.
So, as you can see I didn't need modrewrite w/ rewriterules or
rewriteconditions.
The reason why is because a used another reverse proxy called "Pound".
URL located below:
http://www.apsis.ch/pound/

Then, for the above ProxyPass/Reverse directives I had the IP and port of
the Pound Proxy and the Pound Proxy had the values of the Domino server:

Apache:
ProxyPass / https://webmail.weirslurry.com:8080/
ProxyPassReverse / http://webmail.weirslurry.com:8080/

Pound:
ListenHTTPS 66.170.10.6,8080
BackEnd 203.57.228.7,81,1

Another rudimentary diagram below:
User(Internet) --> FW --> Apache Web Server/Proxy & Pound Proxy on same
machine(DMZ - behind FW) --> Domino Http Server(COMM-another different
network behind FW)

So, somehow the addition of the Pound Proxy helped the Http
headers/URI/URL's,etc understand teh DominoWEbmailRedirect in Domino Http
so it would ask for our username and pwd "only" once and not reveal the IP
address of the backend Domino server after serving up the webmail
redirect!=3F!
I know it sounds strange, but it works.

In conclusion, my issue is with the Domino Redirect.
If I could write home-grown html, php, perl, jsp or =3F script/code with my=

own "redirect" I would think that apache would behave better=3F
I found some examples of creating a work-around or a homegrown solution in
the Notes forums where others have had the same problem but the
explanations & answers weren't clear for me.
Here are some examples:
http://www-10.lotus.com/ldd/nd6forum.nsf/55c38d716d632d9b852 5689b005ba1c0/87=
423972d7b74bca85256dec0059a08d=3FOpenDocument
http://www.notestips.com/80256B3A007F2692/1/NAMO5RX3PX
None of which seem to work for me!=3F!

And this last one I would like to try but haven't given it any thought or
know how to start w/ Lotus forms/agents...
http://www-10.lotus.com/ldd/nd6forum.nsf/55c38d716d632d9b852 5689b005ba1c0/df=
d6abb19c3c699585256e5f00334932=3FOpenDocument

Should I be using vhosts and then add some rewriterules together in order
to remedy my problem=3F

If you are still confused I can allow you access the Domino Web server
Webmail front-end I am working on from the net.
I appreciate any feedback, thanks!

Regards,

Scott Pichelman
Systems Administrator
Weir Slurry TM
North America
2701 S Stoughton Rd
Madison WI 53716 USA

T: +001 608 226 5615
F: +001 608 221 5807
M: +001 608 346 2784
E: scott.pichelman@weirslurry.com
W: http://weirslurry.com


The information contained in this email (including any attachments) is confi=
dential, subject to copyright and for the use of the intended recipient only=
.. If you are not the intended recipient please delete this message after not=
ifying the sender. Unauthorised retention, alteration or distribution of thi=
s email is forbidden and may be actionable.

Attachments are opened at your own risk and you are advised to scan incoming=
email for viruses before opening any attached files. We give no guarantee t=
hat any communication is virus-free and accept no responsibility for virus c=
ontamination or other system loss or damage of any kind.

--=_alternative 0059064186256F82_=
Content-Type: text/html; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable



Hi,



I have been trying to get apache's mo=
dproxy(ProxyPass/Reverse)
or even Modrewrite(RewriteCond/Rules) to work properly with Domino's Webmail=
Redirect.nsf
file.




Here is a Notes forum Post that hopef=
ully
explains the problem I am having in a nutshell:


http://www-10.lotus.com/ldd/nd6forum.=
nsf/55c38d716d632d9b8525689b005ba1c0/175d0edd0639071485256e5 c000915d4=3FOpen=
Document




An explaination of my scenario below:=


All behind our Firewall - PIX515: nt>



        User(Inte=
rnet)
--> FW --> Apache2 WebServer(DMZ) --> Domino Http Server(COMM-diffe=
rent
network)




Starting from the backend first... ont>

The domino Web server is running on
 port 81 and it's Home URL is "
serif">/DominoWe.nsf".
( I believe this file has code or references the Webmail redirect db/code) font>

We are using an IBM/Lotus supplied Do=
mino
Webmail "redirect" called "WebAccessRedirect650.ntf". ont>

If I use the Domino webserver address=

& port to access webmail it works fine.


A single sign-on and we are redirecte=
d
to our mail file without any problems.(The redirect takes the info given
with username/pwd from names.nsf and any other files & directs the
browser to the mail/*.nsf and loads up webmail interface/template)




However, it's get's more complex as
you know when we add Apache2 and its Reverse Proxy into the mix.


I have tried using modrewrite w/ rewr=
iterules
and I get the same result. ( I tried your method and many others as well) ont>



RewriteEngine on

RewriteLog "/var/log/httpd/rewri=
te.log"


RewriteLogLevel 2

RewriteCond %{REQUEST=5FURI} ^/ >

RewriteRule /(.*) http://203.57.228.7=
:81/$1
[P]




And with a Pound Proxy added to the
configuration, just these two Proxy directives worked for me!




ProxyPass / http://203.57.228.7:81/ font>

ProxyPassReverse / http://203.57.228.=
7:81/




The IP's listed above are of course
the backend Domino Server.


So, as you can see I didn't need modr=
ewrite
w/ rewriterules or rewriteconditions.


The reason why is because a used anot=
her
reverse proxy called "Pound".


URL located below:

http://www.apsis.ch/pound/



Then, for the above ProxyPass/Reverse=

directives I had the IP and port of the Pound Proxy and the Pound Proxy
had the values of the Domino server:




Apache:

ProxyPass / https://webmail.weirslurr=
y.com:8080/


ProxyPassReverse / http://webmail.wei=
rslurry.com:8080/




Pound:

ListenHTTPS 66.170.10.6,8080

BackEnd 203.57.228.7,81,1



Another rudimentary  diagram bel=
ow:


User(Internet) --> FW --> Apach=
e
Web Server/Proxy & Pound Proxy on same machine(DMZ - behind FW) -->
Domino Http Server(COMM-another different network behind FW)




So, somehow the addition of the Pound=

Proxy helped the Http headers/URI/URL's,etc understand teh DominoWEbmailRedi=
rect
in Domino Http so it would ask for our username and pwd "only"
once and not reveal the IP address of the backend Domino server after servin=
g
up the webmail redirect!=3F!


I know it sounds strange, but it work=
s.




In conclusion, my issue is with the
Domino Redirect.


If I could write  home-grown htm=
l,
php, perl, jsp or =3F script/code with my own "redirect" I would
think that apache would behave better=3F


I found some examples of creating a
work-around or a homegrown solution in the Notes forums where others have
had the same problem but the explanations & answers weren't clear for
me.


Here are some examples:

http://www-10.lotus.com/ldd/nd6forum.=
nsf/55c38d716d632d9b8525689b005ba1c0/87423972d7b74bca85256de c0059a08d=3FOpen=
Document


http://www.notestips.com/80256B3A007F=
2692/1/NAMO5RX3PX


None of which seem to work for me!=3F=
!




And this last one I would like to try=

but haven't given it any thought or know how to start w/ Lotus forms/agents.=
...


http://www-10.lotus.com/ldd/nd6forum.=
nsf/55c38d716d632d9b8525689b005ba1c0/dfd6abb19c3c699585256e5 f00334932=3FOpen=
Document




Should I be using vhosts and then add=

some rewriterules together in order to remedy my problem=3F


 

If you are still confused I can allow=

you access the Domino Web server Webmail front-end I am working on from
the net.


I appreciate any feedback, thanks! ont>



Regards,



Scott Pichelman

Systems Administrator

Weir Slurry TM

North America

2701 S Stoughton Rd

Madison WI 53716  USA



T: +001 608 226 5615

F: +001 608 221 5807

M: +001 608 346 2784

E: scott.pichelman@weirslurry.com

W: http://weirslurry.com


size=3D3 color=3D#000000 >
000000 >The information contained in this email (including any attachments) =
is confidential, subject to copyright and for the use of the intended recipi=
ent only. If you are not the intended recipient please delete this message a=
fter notifying the sender. Unauthorised retention, alteration or distributio=
n of this email is forbidden and may be actionable.

Helv" size=3D3 color=3D#000000 >
r=3D#000000 >Attachments are opened at your own risk and you are advised to =
scan incoming email for viruses before opening any attached files. We give n=
o guarantee that any communication is virus-free and accept no responsibilit=
y for virus contamination or other system loss or damage of any kind.
=


--=_alternative 0059064186256F82_=--

Re: Fw: Apache2 Proxy and Domino Http Server Webmail Redirect

am 07.01.2005 19:21:20 von scott.pichelman

This is a multipart message in MIME format.
--=_alternative 0064D45086256F82_=
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

Hi,

I found out that the Domino Webmailredirect was at fault!
If anyone ever configures this solution, remember to use the "fixed"
server setting instead of "dynamic", unless you have multiple servers with
your proxy!
Talked to IBM Lotus Support and they helped out...phew.
Sorry for any wasted thoughts on this post...

Regards,

Scott Pichelman
Systems Administrator
Weir Slurry TM
North America
2701 S Stoughton Rd
Madison WI 53716 USA

T: +001 608 226 5615
F: +001 608 221 5807
M: +001 608 346 2784
E: scott.pichelman@weirslurry.com
W: http://weirslurry.com



scott.pichelman@weirslurry.com
01/07/2005 10:12 AM
Please respond to
modproxy-dev@apache.org


To
modproxy-dev@apache.org
cc

Subject
Fw: Apache2 Proxy and Domino Http Server Webmail Redirect







Hi,

I have been trying to get apache's modproxy(ProxyPass/Reverse) or even
Modrewrite(RewriteCond/Rules) to work properly with Domino's
WebmailRedirect.nsf file.

Here is a Notes forum Post that hopefully explains the problem I am having
in a nutshell:
http://www-10.lotus.com/ldd/nd6forum.nsf/55c38d716d632d9b852 5689b005ba1c0/17=
5d0edd0639071485256e5c000915d4=3FOpenDocument


An explaination of my scenario below:
All behind our Firewall - PIX515:

User(Internet) --> FW --> Apache2 WebServer(DMZ) --> Domino Http
Server(COMM-different network)

Starting from the backend first...
The domino Web server is running on port 81 and it's Home URL is "
/DominoWe.nsf". ( I believe this file has code or references the Webmail
redirect db/code)
We are using an IBM/Lotus supplied Domino Webmail "redirect" called
"WebAccessRedirect650.ntf".
If I use the Domino webserver address & port to access webmail it works
fine.
A single sign-on and we are redirected to our mail file without any
problems.(The redirect takes the info given with username/pwd from
names.nsf and any other files & directs the browser to the mail/*.nsf and
loads up webmail interface/template)

However, it's get's more complex as you know when we add Apache2 and its
Reverse Proxy into the mix.
I have tried using modrewrite w/ rewriterules and I get the same result. (
I tried your method and many others as well)

RewriteEngine on
RewriteLog "/var/log/httpd/rewrite.log"
RewriteLogLevel 2
RewriteCond %{REQUEST=5FURI} ^/
RewriteRule /(.*) http://203.57.228.7:81/$1 [P]

And with a Pound Proxy added to the configuration, just these two Proxy
directives worked for me!

ProxyPass / http://203.57.228.7:81/
ProxyPassReverse / http://203.57.228.7:81/

The IP's listed above are of course the backend Domino Server.
So, as you can see I didn't need modrewrite w/ rewriterules or
rewriteconditions.
The reason why is because a used another reverse proxy called "Pound".
URL located below:
http://www.apsis.ch/pound/

Then, for the above ProxyPass/Reverse directives I had the IP and port of
the Pound Proxy and the Pound Proxy had the values of the Domino server:

Apache:
ProxyPass / https://webmail.weirslurry.com:8080/
ProxyPassReverse / http://webmail.weirslurry.com:8080/

Pound:
ListenHTTPS 66.170.10.6,8080
BackEnd 203.57.228.7,81,1

Another rudimentary diagram below:
User(Internet) --> FW --> Apache Web Server/Proxy & Pound Proxy on same
machine(DMZ - behind FW) --> Domino Http Server(COMM-another different
network behind FW)

So, somehow the addition of the Pound Proxy helped the Http
headers/URI/URL's,etc understand teh DominoWEbmailRedirect in Domino Http
so it would ask for our username and pwd "only" once and not reveal the IP
address of the backend Domino server after serving up the webmail
redirect!=3F!
I know it sounds strange, but it works.

In conclusion, my issue is with the Domino Redirect.
If I could write home-grown html, php, perl, jsp or =3F script/code with my=

own "redirect" I would think that apache would behave better=3F
I found some examples of creating a work-around or a homegrown solution in
the Notes forums where others have had the same problem but the
explanations & answers weren't clear for me.
Here are some examples:
http://www-10.lotus.com/ldd/nd6forum.nsf/55c38d716d632d9b852 5689b005ba1c0/87=
423972d7b74bca85256dec0059a08d=3FOpenDocument

http://www.notestips.com/80256B3A007F2692/1/NAMO5RX3PX
None of which seem to work for me!=3F!

And this last one I would like to try but haven't given it any thought or
know how to start w/ Lotus forms/agents...
http://www-10.lotus.com/ldd/nd6forum.nsf/55c38d716d632d9b852 5689b005ba1c0/df=
d6abb19c3c699585256e5f00334932=3FOpenDocument


Should I be using vhosts and then add some rewriterules together in order
to remedy my problem=3F

If you are still confused I can allow you access the Domino Web server
Webmail front-end I am working on from the net.
I appreciate any feedback, thanks!

Regards,

Scott Pichelman
Systems Administrator
Weir Slurry TM
North America
2701 S Stoughton Rd
Madison WI 53716 USA

T: +001 608 226 5615
F: +001 608 221 5807
M: +001 608 346 2784
E: scott.pichelman@weirslurry.com
W: http://weirslurry.com

The information contained in this email (including any attachments) is
confidential, subject to copyright and for the use of the intended
recipient only. If you are not the intended recipient please delete this
message after notifying the sender. Unauthorised retention, alteration or
distribution of this email is forbidden and may be actionable.

Attachments are opened at your own risk and you are advised to scan
incoming email for viruses before opening any attached files. We give no
guarantee that any communication is virus-free and accept no
responsibility for virus contamination or other system loss or damage of
any kind.



The information contained in this email (including any attachments) is confi=
dential, subject to copyright and for the use of the intended recipient only=
.. If you are not the intended recipient please delete this message after not=
ifying the sender. Unauthorised retention, alteration or distribution of thi=
s email is forbidden and may be actionable.

Attachments are opened at your own risk and you are advised to scan incoming=
email for viruses before opening any attached files. We give no guarantee t=
hat any communication is virus-free and accept no responsibility for virus c=
ontamination or other system loss or damage of any kind.

--=_alternative 0064D45086256F82_=
Content-Type: text/html; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable



Hi,



I found out that the Domino Webmailre=
direct
was at fault!


If anyone ever configures this soluti=
on,
remember to use the "fixed" server setting instead of "dynami=
c",
unless you have multiple servers with your proxy!


Talked to IBM Lotus Support and they
helped out...phew.


Sorry for any wasted thoughts on this=

post...




Regards,



Scott Pichelman

Systems Administrator

Weir Slurry TM

North America

2701 S Stoughton Rd

Madison WI 53716  USA



T: +001 608 226 5615

F: +001 608 221 5807

M: +001 608 346 2784

E: scott.pichelman@weirslurry.com

W: http://weirslurry.com









scott.pichelman@weirsl=
urry.com


01/07/2005 10:12 AM




Please respond to
=

modproxy-dev@apache.org









To

modproxy-dev@apache.org

cc



Subject

Fw: Apache2 Proxy and Domino Http Ser=
ver
Webmail Redirect
















Hi,




I have been trying to get apache's modproxy(ProxyPass/Reverse) or even
Modrewrite(RewriteCond/Rules) to work properly with Domino's WebmailRedirect=
..nsf
file.




Here is a Notes forum Post that hopefully explains the problem I am having
in a nutshell:
f">

http://www-10.lotus.com/ldd/nd6forum.nsf/55c38d716d632d9b852 5689b005ba1c0/17=
5d0edd0639071485256e5c000915d4=3FOpenDocument





An explaination of my scenario below:
e=3D2 face=3D"sans-serif">

All behind our Firewall - PIX515:




       User(Internet) --> FW --> Apache2 WebServe=
r(DMZ)
--> Domino Http Server(COMM-different network)

=



Starting from the backend first...
2 face=3D"sans-serif">

The domino Web server is running on  port 81 and it's Home URL is
"
/DominoWe.nsf ze=3D2 face=3D"sans-serif">".
( I believe this file has code or references the Webmail redirect db/code) font>


We are using an IBM/Lotus supplied Domino Webmail "redirect"
called "WebAccessRedirect650.ntf".
ont size=3D2 face=3D"sans-serif">

If I use the Domino webserver address & port to access webmail it works
fine.


A single sign-on and we are redirected to our mail file without any problems=
..(The
redirect takes the info given with username/pwd from names.nsf and any
other files & directs the browser to the mail/*.nsf and loads up webmail=

interface/template)




However, it's get's more complex as you know when we add Apache2 and its
Reverse Proxy into the mix.
=3D"sans-serif">

I have tried using modrewrite w/ rewriterules and I get the same result.
( I tried your method and many others as well)




RewriteEngine on
rif">

RewriteLog "/var/log/httpd/rewrite.log"
nt>

RewriteLogLevel 2
erif">

RewriteCond %{REQUEST=5FURI} ^/
face=3D"sans-serif">

RewriteRule /(.*) http://203.57.228.7:81/$1 [P]




And with a Pound Proxy added to the configuration, just these two Proxy
directives worked for me!




ProxyPass / http://203.57.228.7:81/
2 face=3D"sans-serif">

ProxyPassReverse / http://203.57.228.7:81/




The IP's listed above are of course the backend Domino Server.
ize=3D3>


So, as you can see I didn't need modrewrite w/ rewriterules or rewritecondit=
ions.



The reason why is because a used another reverse proxy called "Pound&qu=
ot;.



URL located below:
serif">

http://www.apsis.ch/pound/




Then, for the above ProxyPass/Reverse directives I had the IP and port
of the Pound Proxy and the Pound Proxy had the values of the Domino server:<=
/font>




Apache:

=

ProxyPass / https://webmail.weirslurry.com:8080/
t>

ProxyPassReverse / http://webmail.weirslurry.com:8080/
=





Pound:


ListenHTTPS 66.170.10.6,8080
e=3D"sans-serif">

BackEnd 203.57.228.7,81,1




Another rudimentary  diagram below:
size=3D2 face=3D"sans-serif">

User(Internet) --> FW --> Apache Web Server/Proxy & Pound Proxy
on same machine(DMZ - behind FW) --> Domino Http Server(COMM-another
different network behind FW)




So, somehow the addition of the Pound Proxy helped the Http headers/URI/URL'=
s,etc
understand teh DominoWEbmailRedirect in Domino Http so it would ask for
our username and pwd "only" once and not reveal the IP address
of the backend Domino server after serving up the webmail redirect!=3F! t>


I know it sounds strange, but it works.




In conclusion, my issue is with the Domino Redirect.



If I could write  home-grown html, php, perl, jsp or =3F script/code
with my own "redirect" I would think that apache would behave
better=3F
r>
I found some examples of creating a work-around or a homegrown solution
in the Notes forums where others have had the same problem but the explanati=
ons
& answers weren't clear for me.
2 face=3D"sans-serif">

Here are some examples:
sans-serif">

http://www-10.lotus.com/ldd/nd6forum.nsf/55c38d716d632d9b852 5689b005ba1c0/87=
423972d7b74bca85256dec0059a08d=3FOpenDocument



http://www.notestips.com/80256B3A007F2692/1/NAMO5RX3PX
=



None of which seem to work for me!=3F!




And this last one I would like to try but haven't given it any thought
or know how to start w/ Lotus forms/agents...
<=
font size=3D2 face=3D"sans-serif">

http://www-10.lotus.com/ldd/nd6forum.nsf/55c38d716d632d9b852 5689b005ba1c0/df=
d6abb19c3c699585256e5f00334932=3FOpenDocument





Should I be using vhosts and then add some rewriterules together in order
to remedy my problem=3F
sans-serif">

 

If you are still confused I can allow you access the Domino Web server
Webmail front-end I am working on from the net.
>

I appreciate any feedback, thanks!




Regards,




Scott Pichelman

Systems Administrator

Weir Slurry TM

North America

2701 S Stoughton Rd

Madison WI 53716  USA



T: +001 608 226 5615

F: +001 608 221 5807

M: +001 608 346 2784

E: scott.pichelman@weirslurry.com

W: http://weirslurry.com




The information contained in this email (including any attachments) is
confidential, subject to copyright and for the use of the intended recipient=

only. If you are not the intended recipient please delete this message
after notifying the sender. Unauthorised retention, alteration or distributi=
on
of this email is forbidden and may be actionable.



Attachments are opened at your own risk and you are advised to scan incoming=

email for viruses before opening any attached files. We give no guarantee
that any communication is virus-free and accept no responsibility for virus
contamination or other system loss or damage of any kind.




size=3D3 color=3D#000000 >
000000 >The information contained in this email (including any attachments) =
is confidential, subject to copyright and for the use of the intended recipi=
ent only. If you are not the intended recipient please delete this message a=
fter notifying the sender. Unauthorised retention, alteration or distributio=
n of this email is forbidden and may be actionable.

Helv" size=3D3 color=3D#000000 >
r=3D#000000 >Attachments are opened at your own risk and you are advised to =
scan incoming email for viruses before opening any attached files. We give n=
o guarantee that any communication is virus-free and accept no responsibilit=
y for virus contamination or other system loss or damage of any kind.
=


--=_alternative 0064D45086256F82_=--