secure reverse proxy for exchange 2000
am 19.11.2002 20:02:01 von robin.blanchardapache1 will secure reverse proxy to e2k given:
1) mod_proxy_add_forward with source modification
2) IIS is configured to *not* use "integrated windows auth"
this breaks Exchange Management mmc among other things -- not good
apache2 will secure reverse proxy to e2k using a vhost similar to the
following. this does *not* require mod_proxy_add_forward, source
hacking, or fiddling with IIS/Exchange settings. this, i believe, *is*
the solution. this hopefully will prove useful to the community at large.
Listen 10.10.10.99:443
ServerName webmail.gactr.uga.edu
UseCanonicalName On
CustomLog /path/to/log combined
ErrorLog /path/to/log
SSLEngine On
SSLProxyEngine On
SSLCertificateFile /path/to/crt
SSLCertificateKeyFile /path/to/key
RequestHeader set front-end-https on
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/$
RewriteRule .* /exchange/ [R,L]
RewriteCond %{REQUEST_URI} !^/exchange [OR]
RewriteCond %{REQUEST_URI} !^/public [OR]
RewriteCond %{REQUEST_URI} !^/exchweb
RewriteRule .* - [F,L]
ProxyRequests Off
ProxyVia Full
ProxyPass /exchange/ http://webmail.gactr.uga.edu/exchange/
ProxyPassReverse /exchange/ http://webmail.gactr.uga.edu/exchange/
ProxyPass /public/ http://webmail.gactr.uga.edu/public/
ProxyPassReverse /public/ http://webmail.gactr.uga.edu/public/
ProxyPass /exchweb/ http://webmail.gactr.uga.edu/exchweb/
ProxyPassReverse /exchweb/ http://webmail.gactr.uga.edu/exchweb/
--
----------------------------------------
Robin P. Blanchard
Systems Integration Specialist
Georgia Center for Continuing Education
fon: 706.542.2404 <|> fax: 706.542.6546
----------------------------------------