mod_proxy 1.3.26 vs. 2.0.42 - reverse p. conf. - IE5/6
am 01.10.2002 17:54:35 von i.tit would be very interesting if somebody could sheld some light due to the
differences for the below described proxy reverse configuration - why
proxying with 2.0.42 for IE5/6 succeeds and for 1.3.26 NOT. Finally auth will
fail for IE5/6 being proxied by 1.3.26
Using Mozilla, Netscape, lynx etc. works also with 1.3.26.
OWA clients will connect through IE to their Exchange webmail what should be
reverse proxied.
Here is the relevant configuration part:
# cat http.webmail.gactr.uga.edu.inc
Listen 10.10.10.99:80
ServerName webmail.gactr.uga.edu
UseCanonicalName On
CustomLog /tmp/transfer.log combined
ErrorLog /tmp/error.log
#SetEnv force-proxy-request-1.0
#SetEnv proxy-nokeepalive
##SetEnv nokeepalive
#SetEnv downgrade-1.0
#SetEnv force-response-1.0
#SetEnv redirect-carefully
##SetEnv force-no-vary
Redirect / http://webmail.gactr.uga.edu/exchange/
ProxyRequests Off
ProxyVia Full
#ProxyRemote * http://webmail.gactr.uga.edu
ProxyPass /exchange/ http://webmail.gactr.uga.edu/exchange/
ProxyPassReverse /exchange/ http://webmail.gactr.uga.edu/exchange/
ProxyPass /public/ http://webmail.gactr.uga.edu/public/
ProxyPassReverse /public/ http://webmail.gactr.uga.edu/public/
ProxyPass /ex2k/ http://webmail.gactr.uga.edu/ex2k/
ProxyPassReverse /ex2k/ http://webmail.gactr.uga.edu/ex2k/
ProxyPass /exchweb/ http://webmail.gactr.uga.edu/exchweb/
ProxyPassReverse /exchweb/ http://webmail.gactr.uga.edu/exchweb/
#RewriteEngine On
#RewriteRule ^/(.*) http://webmail.gactr.uga.edu/$1 [P]
I've not removed the comments since there was some trial and error :-
1) successful (2.0.42) proxy
# wget --server-response webmail.gactr.uga.edu
--10:01:24-- http://webmail.gactr.uga.edu/
=> `index.html.3'
Resolving webmail.gactr.uga.edu... done.
Connecting to webmail.gactr.uga.edu[10.10.10.99]:80... connected.
HTTP request sent, awaiting response...
1 HTTP/1.1 302 Found
2 Date: Tue, 01 Oct 2002 14:01:24 GMT
3 Server: Apache/2.0.42 (Unix)
4 Location: http://webmail.gactr.uga.edu/exchange/
5 Content-Length: 302
6 Keep-Alive: timeout=15, max=100
7 Connection: Keep-Alive
8 Content-Type: text/html; charset=iso-8859-1
Location: http://webmail.gactr.uga.edu/exchange/ [following]
--10:01:24-- http://webmail.gactr.uga.edu/exchange/
=> `index.html.3'
Connecting to webmail.gactr.uga.edu[10.10.10.99]:80... connected.
HTTP request sent, awaiting response...
1 HTTP/1.1 401 Access Denied
2 Date: Tue, 01 Oct 2002 14:01:24 GMT
3 Server: Microsoft-IIS/5.0
4 WWW-Authenticate: Negotiate
5 WWW-Authenticate: NTLM
6 WWW-Authenticate: Basic realm="webmail.gactr.uga.edu"
7 Content-Type: text/html; charset=ISO-8859-1
8 Via: 1.0 webmail.gactr.uga.edu (Apache/2.0.42)
9 Content-Length: 24
10 Connection: close
Unknown authentication scheme.
2) failed (1.3.26) proxy
# wget --server-response webmail.gactr.uga.edu
--13:13:54-- http://webmail.gactr.uga.edu/
=> `index.html'
Resolving webmail.gactr.uga.edu... done.
Connecting to webmail.gactr.uga.edu[10.10.10.99]:80... connected.
HTTP request sent, awaiting response...
1 HTTP/1.1 302 Found
2 Date: Mon, 30 Sep 2002 17:13:54 GMT
3 Server: Apache/1.3.26 (Unix) mod_mp3/0.35 PHP/4.2.3 mod_perl/1.27
mod_ssl/2.8.10 OpenSSL/0.9.6g
4 Location: http://webmail.gactr.uga.edu/exchange/
5 Connection: close
6 Content-Type: text/html; charset=iso-8859-1
Location: http://webmail.gactr.uga.edu/exchange/ [following]
--13:13:54-- http://webmail.gactr.uga.edu/exchange/
=> `index.html'
Connecting to webmail.gactr.uga.edu[10.10.10.99]:80... connected.
HTTP request sent, awaiting response...
1 HTTP/1.1 401 Access Denied
2 Date: Mon, 30 Sep 2002 17:13:54 GMT
3 Server: Microsoft-IIS/5.0
4 WWW-Authenticate: Negotiate
5 WWW-Authenticate: NTLM
6 WWW-Authenticate: Basic realm="webmail.gactr.uga.edu"
7 Content-Length: 24
8 Content-Type: text/html
9 Via: 1.1 webmail.gactr.uga.edu (Apache/1.3.26)
10 X-Cache: MISS from webmail.gactr.uga.edu
11 Keep-Alive: timeout=15, max=100
12 Connection: Keep-Alive
Unknown authentication scheme.
The Admin of the EDU-site wants to stay with 1.3.26 since auth_ldap and php is
used, and setting up a reverse 2.0.42 proxy would be a little overkill.
Is there anything apparent what we may have overseen?
Thanks very much for any answer
i.t
--
. ___
| | Irmund Thum
| |