hello,

as we find out squid cannot handle reverse proxy with authentification,
so we taken apache, because htacces for apache works fine.
well... a mistake?


settings:

apache-2.0.47 was compiled with:
--prefix=/usr/local/apache2 --enable-modules=all --enable-ssl \
--with-ssl=/usr/lib/ssl --enable-proxy --enable-proxy-connect \
--enable-proxy-http --enable-rewrite --enable-so

it works as a reverse proxy (for the moment http only)
for OWA on exchange2000. we must forward following dirs:

"/exchange"
"/exchweb"
"/public"

"/" has .htaccess and .htpasswd as well as an index.html with:
"<meta http-equiv="refresh" content="0; URL=/exchange">"

access for "/" redirect after verification to "/exchange",
but when anybody acces direct the redirected directories,
(http://server.org/exchange) there are not any verification.
he get promptly the exchangeserver (terrible because all of the iis-worms)

all of our attempts fail. either proxy ignored the .htaccess
and pass the proxy without verification, or it fails "no such directory"

have you any hints, if and how it is possible, to use htacces-verification
before directories redirection to exchange?

my httpd.conf


[...]
<Directory />
Options FollowSymLinks
AllowOverride AuthConfig
</Directory>
[...]

a) test1

<Location "/exchange">
ProxyPass http://server.org/exchange
ProxyPassReverse http://server.org/exchange
</Location>

<Location "/exchweb">
ProxyPass http://server.org/exchweb
ProxyPassReverse http://server.org/exchweb
</Location>

<Location "/public">
ProxyPass http://server.org/public
ProxyPassReverse http://server.org/public
</Location>

redirection works properly, but: "AllowOverride not allowed here" :(

b) test2

<Directory "/exchange">
AllowOverride AuthConfig
ProxyPass http://server.org/exchange
ProxyPassReverse http://server.org/exchange
</Directory>

<Directory "/exchweb">
AllowOverride AuthConfig
ProxyPass http://server.org/exchweb
ProxyPassReverse http://server.org/exchweb
</Directory>

<Directory "/public">
AllowOverride AuthConfig
ProxyPass http://server.org/public
ProxyPassReverse http://server.org/public
</Directory>

this fails too: "File does not exist: /usr/local/apache2/htdocs/exchange"

c) when we create these dirs (exchange,exchweb and public) and we got
verification for direct request, but after login, we got:

""GET /exchange// HTTP/1.1" 302 164"

=> why these "//" ???


Is anything wrong here? We have not any ideea more,
how to protect redirected dirs from direct access?

May you help us?
Many thanks in advance :)
Tobias


--
NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien...
Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService

Jetzt kostenlos anmelden unter http://www.gmx.net

+++ GMX - die erste Adresse für Mail, Message, More! +++

coUnt3r [at] gmx.net wrote:

> as we find out squid cannot handle reverse proxy with authentification,
> so we taken apache, because htacces for apache works fine.
> well... a mistake?

Using .htaccess for this definitely won't work, they only make sense for
directories locally on the Apache server. You need to place the
authorisation config directives inside the <Location> tags in the main
Apache config file, not inside .htaccess files, then your authorisation
will work fine.

If you're going to make this publically available on the net, you're
also encouraged to make sure that Apache is set up to use SSL. This will
ensure that passwords do not travel over the net in the clear. Details
in the docs.

> <Location "/exchange">
> ProxyPass http://server.org/exchange
> ProxyPassReverse http://server.org/exchange
[Put the contents of .htaccess here
> </Location>

Regards,
Graham
--

Hello Graham, hello Robin, hello maillist,


Graham Leggett <minfrin [at] sharp.fm> wrote:

> ><Location "/exchange">
> >ProxyPass http://server.org/exchange
> >ProxyPassReverse http://server.org/exchange
> [Put the contents of .htaccess here
> ></Location>

[at] Graham: Great! It works wonderful! :)

Many thanks!
Tobias

[at] Robin: maybe a solution for you too?


>
> Regards,
> Graham
> --