Comments on: Protecting OWA with Apache

By: djitz.com » Blog Archive » Setup Reverse Proxy with Apache for Lotus Notes Webmail

Thu, 18 Jan 2007 23:52:34 +0000

[...] - Running a Reverse Proxy with Apache - Apache Reverse Proxy - Waikato Linux Users Group - Protecting OWA with Apache - Other posts that I forgot their link address [...]

By: slowe

slowe — Mon, 21 Aug 2006 01:47:23 +0000

Vladimir,

Glad you finally got it to work. Thanks for getting back and letting us know!

By: Vladimir Jirasek

Vladimir Jirasek — Sun, 20 Aug 2006 22:22:03 +0000

Hi,
I have got it working. All it needed was:
Allof from all
in Localtion section

Cheers

Vladimir

By: Vladimir Jirasek

Vladimir Jirasek — Sun, 20 Aug 2006 11:50:45 +0000

Hi,
the hostname lawin-srv01 is reasolvable and actually when I do lynx http://lawin-srv01/Exchange and authenticate using basic authentication I can access my inbox. Actually I changed the config to proxy to IP address specifically - nothing. DNS resolves the correct IP address of the internal server.

Also the access with certificate works fine for files on the local system (proxy server itself). The fact is the proxy server does not even send any packets towards internal OWA server. Simply denies the request! Even when I direct it to proxy to enother Linux based server on the same LAN it does not work….
Thanks for help…
Vladimir

By: slowe

slowe — Sat, 19 Aug 2006 05:02:40 +0000

Generally, the ProxyPass and ProxyPassReverse directives will have the externally accessible DNS name listed. It looks like you are using your inernal name there…is that accurate? If so, be sure to specify the externally accessible name, and make sure that name can be properly resolved from the proxy system itself as well.

Hope this helps!

By: Vladimir Jirasek

Vladimir Jirasek — Fri, 18 Aug 2006 21:39:42 +0000

Hello,
I have been trying to protect OWA with Apache2 reverse proxy but I am receiving the error message: client denied by server configuration: proxy:http://xxxxxxxxx/Exchange/.

Even when I changed the confirguration slightly according to your blog it did not work. I have basic authentication enable on OWA server and from within the internal network the OWA works fine. I simply supply my credentials and log in.

The only difference in the config is that I use client certificates to authenticate to reverse proxy:

ProxyPass http://lawin-srv01/Exchange/
ProxyPassReverse http://lawin-srv01/Exchange/
SetEnv force-proxy-request-1.0 1
SetEnvIf User-Agent “.*MSIE.*” \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
SetEnv proxy-nokeepalive 1
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +OptRenegotiate
# +StdEnvVars +ExportCertData
SSLRequire %{SSL_CLIENT_S_DN_O} eq “company name”
#Require 128 and more bits
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128

But even when I remove lines !SSLRequire %{SSL_CLIENT_S_DN_O} eq “company name”! it does not work.

Will continue looking for the solution.
Vladimir