We are using Apache server as reverse proxy solution for user access from
the internet to internal web

sites within the internal lan. We want to set access to OWA 2003 from the
internet while the OWA server
is located in the internal LAN.

User in the internet -> https://owa.domain.com/ ->
http://owainternal.internaldomain.com/exchange/

On the apache's httpd.conf I have the folowing configuration:

<VirtualHost *:443>

ServerName owa.domain.com

ProxyPass / http://owainternal.internaldomain.com/exchange/

ProxyPassReverse / http://owainternal.internaldomain.com/exchange/

</VirtualHost>

In the 1st page I'm getting contains the following tag:

<BASE href="http://owainternal.internaldomain.com/exchange/Username/">

Meaning that all relative links on the page will be changed to point to the
internal server

which is not accessible from the internet. Setting up the same name for both
external and
internal servers doesn't solve the problem because the BASE href points to
http and not https.

Is there a way to search and replace pages going back to the user (like
mod_rewrite in the
opposite Direction) ? Or other solution ?

10x

Best Regards,
Haim Marko, ITI Comverse

No, your configuration is incorrect!!!

Please read my stupid paper at =
http://www.connectionreset.it/homepage/documenti/Apache2-OWA .txt


Lombardo Federico, Network Administrator & IT Security Manager
Tel. +396.47841.362
Grandi Stazioni S.p.A.
Via G. Giolitti 34
00189 Roma
Italy

-----Original Message-----
From: Haim Marko [mailto:marcos75 [at] yahoo.com]
Sent: luned=EC 1 dicembre 2003 10.43
To: modproxy-dev [at] apache.org
Subject: Outlook Web Access behind Reverse proxy

We are using Apache server as reverse proxy solution for user access =
from
the internet to internal web

sites within the internal lan. We want to set access to OWA 2003 from =
the
internet while the OWA server
is located in the internal LAN.

User in the internet -> https://owa.domain.com/ ->
http://owainternal.internaldomain.com/exchange/

On the apache's httpd.conf I have the folowing configuration:

<VirtualHost *:443>

ServerName owa.domain.com

ProxyPass / http://owainternal.internaldomain.com/exchange/

ProxyPassReverse / http://owainternal.internaldomain.com/exchange/

</VirtualHost>

In the 1st page I'm getting contains the following tag:

<BASE href=3D"http://owainternal.internaldomain.com/exchange/Username/">

Meaning that all relative links on the page will be changed to point to =
the
internal server

which is not accessible from the internet. Setting up the same name for =
both
external and
internal servers doesn't solve the problem because the BASE href points =
to
http and not https.

Is there a way to search and replace pages going back to the user (like
mod_rewrite in the
opposite Direction) ? Or other solution ?

10x

Best Regards,
Haim Marko, ITI Comverse

I don't use owa, but I have similar configration for https.
in my case we use internal dns and external dns, so I can
use the same hostname in internal and external dns but for different
ip address. in internal dns, the hostname point to the real webserver
and in external dns it points to reverse proxy (revproxy use internal
dns).
so for owa connection , my configuration would look like:
User in the internet -> https://owa.mydomain.com/ ->
https://owa.mydomain.com/

<VirtualHost *:443>
ServerName owa.mydomain.com
SSLProxyEngine on
ProxyPass / https://owa.mydomain.com/
ProxyPassReverse / https://owa.mydomain.com/
</VirtualHost>

<VirtualHost *:80>
ServerName owa.mydomain.com
RewriteRule ^/(.*) https://owa.mydomain.com/$1
</VirtualHost>

the virtual host on port 80 is needed to redirect any http connection
to https in case the real webserver sent a url with http like
in your case with <BASE href="http://...">.

cahya.

On Mon, Dec 01, 2003 at 11:43:03AM +0200, Haim Marko wrote:
> User in the internet -> https://owa.domain.com/ ->
> http://owainternal.internaldomain.com/exchange/
>
> On the apache's httpd.conf I have the folowing configuration:
>
> <VirtualHost *:443>
>
> ServerName owa.domain.com
>
> ProxyPass / http://owainternal.internaldomain.com/exchange/
>
> ProxyPassReverse / http://owainternal.internaldomain.com/exchange/
>
> </VirtualHost>
>
> In the 1st page I'm getting contains the following tag:
>
> <BASE href="http://owainternal.internaldomain.com/exchange/Username/">
>
> Meaning that all relative links on the page will be changed to point to the
> internal server
>
> which is not accessible from the internet. Setting up the same name for both
> external and
> internal servers doesn't solve the problem because the BASE href points to
> http and not https.
>
> Is there a way to search and replace pages going back to the user (like
> mod_rewrite in the
> opposite Direction) ? Or other solution ?
>
> 10x
>
> Best Regards,
> Haim Marko, ITI Comverse
>
>
>
>

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C3B80E.CE596988
Content-Type: text/plain

I can't implement https->https proxing because I ame using apache server
version 1.
I can't upgrade it now since it is part of Checkpoint's Product called User
Authority Web Access Proxy
That gives me SSO (Single Sign ON) and AAA features.


"Lombardo, Federico" <FLombardo [at] grandistazioni.it> wrote in message
news:<DF71F1B1D60BD5118D2C0004AC538C651156F9 [at] db_srv.gstazioni.it>...
No, your configuration is incorrect!!!

Please read my stupid paper at
http://www.connectionreset.it/homepage/documenti/Apache2-OWA .txt


Lombardo Federico, Network Administrator & IT Security Manager
Tel. +396.47841.362
Grandi Stazioni S.p.A.
Via G. Giolitti 34
00189 Roma
Italy

-----Original Message-----
From: Haim Marko [mailto:marcos75 [at] yahoo.com]
Sent: luned? 1 dicembre 2003 10.43
To: modproxy-dev [at] apache.org
Subject: Outlook Web Access behind Reverse proxy

We are using Apache server as reverse proxy solution for user access from
the internet to internal web

sites within the internal lan. We want to set access to OWA 2003 from the
internet while the OWA server is located in the internal LAN.

User in the internet -> https://owa.domain.com/ ->
http://owainternal.internaldomain.com/exchange/

On the apache's httpd.conf I have the folowing configuration:

<VirtualHost *:443>

ServerName owa.domain.com

ProxyPass / http://owainternal.internaldomain.com/exchange/

ProxyPassReverse / http://owainternal.internaldomain.com/exchange/

</VirtualHost>

In the 1st page I'm getting contains the following tag:

<BASE href="http://owainternal.internaldomain.com/exchange/Username/">

Meaning that all relative links on the page will be changed to point to the
internal server

which is not accessible from the internet. Setting up the same name for both
external and internal servers doesn't solve the problem because the BASE
href points to http and not https.

Is there a way to search and replace pages going back to the user (like
mod_rewrite in the opposite Direction) ? Or other solution ?

10x

Best Regards,
Haim Marko, ITI Comverse







----------

------_=_NextPart_001_01C3B80E.CE596988
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2655.35">
<TITLE>Re: Outlook Web Access behind Reverse proxy</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2>I can't implement https->https proxing because I =
ame using apache server version 1.</FONT>
<BR><FONT SIZE=3D2>I can't upgrade it now since it is part of =
Checkpoint's Product called User Authority Web Access Proxy </FONT>
<BR><FONT SIZE=3D2>That gives me SSO (Single Sign ON) and AAA features. =
</FONT>
</P>
<BR>

<P><FONT SIZE=3D2>"Lombardo, Federico" =
<FLombardo [at] grandistazioni.it> wrote in message =
news:<DF71F1B1D60BD5118D2C0004AC538C651156F9 [at] db_srv.gstazioni.it >.=
...</FONT></P>

<P><FONT SIZE=3D2>No, your configuration is incorrect!!!</FONT>
</P>

<P><FONT SIZE=3D2>Please read my stupid paper at <A =
HREF=3D"http://www.connectionreset.it/homepage/documenti/Apa che2-OWA.txt=
" =
TARGET=3D"_blank">http://www.connectionreset.it/homepage/doc umenti/Apach=
e2-OWA.txt</A></FONT>
</P>
<BR>

<P><FONT SIZE=3D2>Lombardo Federico, Network Administrator & IT =
Security Manager </FONT>
<BR><FONT SIZE=3D2>Tel. +396.47841.362  </FONT>
<BR><FONT SIZE=3D2>Grandi Stazioni S.p.A. </FONT>
<BR><FONT SIZE=3D2>Via G. Giolitti 34 </FONT>
<BR><FONT SIZE=3D2>00189 Roma </FONT>
<BR><FONT SIZE=3D2>Italy </FONT>
</P>

<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: Haim Marko [<A =
HREF=3D"mailto:marcos75 [at] yahoo.com">mailto:marcos75 [at] yahoo.com</A>] =
</FONT>
<BR><FONT SIZE=3D2>Sent: luned? 1 dicembre 2003 10.43</FONT>
<BR><FONT SIZE=3D2>To: modproxy-dev [at] apache.org</FONT>
<BR><FONT SIZE=3D2>Subject: Outlook Web Access behind Reverse =
proxy</FONT>
</P>

<P><FONT SIZE=3D2>We are using Apache server as reverse proxy solution =
for user access from the internet to internal web</FONT>
</P>

<P><FONT SIZE=3D2>sites within the internal lan. We want to set access =
to OWA 2003 from the internet while the OWA server is located in the =
internal LAN.</FONT></P>

<P><FONT SIZE=3D2>User in the internet -> <A =
HREF=3D"https://owa.domain.com/" =
TARGET=3D"_blank">https://owa.domain.com/</A> -> <A =
HREF=3D"http://owainternal.internaldomain.com/exchange/" =
TARGET=3D"_blank">http://owainternal.internaldomain.com/exch ange/</A></F=
ONT>
</P>

<P><FONT SIZE=3D2>On the apache's httpd.conf I have the folowing =
configuration:</FONT>
</P>

<P><FONT SIZE=3D2><VirtualHost *:443></FONT>
</P>

<P><FONT SIZE=3D2>ServerName owa.domain.com</FONT>
</P>

<P><FONT SIZE=3D2>ProxyPass / <A =
HREF=3D"http://owainternal.internaldomain.com/exchange/" =
TARGET=3D"_blank">http://owainternal.internaldomain.com/exch ange/</A></F=
ONT>
</P>

<P><FONT SIZE=3D2>ProxyPassReverse / <A =
HREF=3D"http://owainternal.internaldomain.com/exchange/" =
TARGET=3D"_blank">http://owainternal.internaldomain.com/exch ange/</A></F=
ONT>
</P>

<P><FONT SIZE=3D2></VirtualHost></FONT>
</P>

<P><FONT SIZE=3D2>In the 1st page I'm getting contains the following =
tag:</FONT>
</P>

<P><FONT SIZE=3D2><BASE href=3D"<A =
HREF=3D"http://owainternal.internaldomain.com/exchange/Usern ame/" =
TARGET=3D"_blank">http://owainternal.internaldomain.com/exch ange/Usernam=
e/</A>"></FONT>
</P>

<P><FONT SIZE=3D2>Meaning that all relative links on the page will be =
changed to point to the internal server</FONT>
</P>

<P><FONT SIZE=3D2>which is not accessible from the internet. Setting up =
the same name for both external and internal servers doesn't solve the =
problem because the BASE href points to http and not https.</FONT></P>

<P><FONT SIZE=3D2>Is there a way to search and replace pages going back =
to the user (like mod_rewrite in the opposite Direction) ? Or other =
solution ?</FONT></P>

<P><FONT SIZE=3D2>10x</FONT>
</P>

<P><FONT SIZE=3D2>Best Regards,</FONT>
<BR><FONT SIZE=3D2>Haim Marko, ITI Comverse</FONT>
</P>
<BR>
<BR>
<BR>
<BR>
<BR>
<BR>

<P><FONT SIZE=3D2>----------</FONT>
</P>

</BODY>
</HTML>
------_=_NextPart_001_01C3B80E.CE596988--

Marko Haim wrote:

> I can't implement https->https proxing because I ame using apache server
> version 1.
> I can't upgrade it now since it is part of Checkpoint's Product called
> User Authority Web Access Proxy
> That gives me SSO (Single Sign ON) and AAA features.

> In the 1st page I'm getting contains the following tag:
>
> <BASE href="http://owainternal.internaldomain.com/exchange/Username/">

Your best bet is to find out in the MS Exchange docs how to change this
tag so that either the base tag is removed, or the base tag refers to
the "internet" version of the URL.

Another bit of advice - keep it simple - make sure that the inside and
outside networks _both_ go through the reverse proxy - this saves you a
tonne of headaches and ugly configuration. It also means your laptop
people who are sometime inside, and sometimes outside, do not have to
jump through any hoops to reach the website.

Regards,
Graham
--

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C3B8A5.4DD484D6
Content-Type: text/plain


Does ne1 succeeded doing OWA https->http proxing with apache 1.x ?


"Graham Leggett" <minfrin [at] sharp.fm> wrote in message
news:<3FCB62AC.5040204 [at] sharp.fm>...
> Marko Haim wrote:
>
> > I can't implement https->https proxing because I ame using apache
> > server
> > version 1.
> > I can't upgrade it now since it is part of Checkpoint's Product called
> > User Authority Web Access Proxy
> > That gives me SSO (Single Sign ON) and AAA features.
>
> > In the 1st page I'm getting contains the following tag:
> >
> > <BASE
> > href="http://owainternal.internaldomain.com/exchange/Usernam e/">
>
> Your best bet is to find out in the MS Exchange docs how to change
> this
> tag so that either the base tag is removed, or the base tag refers to
> the "internet" version of the URL.
>
> Another bit of advice - keep it simple - make sure that the inside and
> outside networks _both_ go through the reverse proxy - this saves you a
> tonne of headaches and ugly configuration. It also means your laptop
> people who are sometime inside, and sometimes outside, do not have to
> jump through any hoops to reach the website.
>
> Regards,
> Graham
> --
>
>

------_=_NextPart_001_01C3B8A5.4DD484D6
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2655.35">
<TITLE>Re: Outlook Web Access behind Reverse proxy</TITLE>
</HEAD>
<BODY>
<BR>

<P><FONT SIZE=3D2>Does ne1 succeeded doing OWA https->http proxing =
with apache 1.x ? </FONT>
</P>
<BR>

<P><FONT SIZE=3D2>"Graham Leggett" <minfrin [at] sharp.fm> =
wrote in message news:<3FCB62AC.5040204 [at] sharp.fm>...</FONT>
<BR><FONT SIZE=3D2>> Marko Haim wrote:</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> > I can't implement https->https proxing =
because I ame using apache </FONT>
<BR><FONT SIZE=3D2>> > server</FONT>
<BR><FONT SIZE=3D2>> > version 1.</FONT>
<BR><FONT SIZE=3D2>> > I can't upgrade it now since it is part of =
Checkpoint's Product called </FONT>
<BR><FONT SIZE=3D2>> > User Authority Web Access Proxy</FONT>
<BR><FONT SIZE=3D2>> > That gives me SSO (Single Sign ON) and AAA =
features.</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> > In the 1st page I'm getting contains the =
following tag:</FONT>
<BR><FONT SIZE=3D2>> > </FONT>
<BR><FONT SIZE=3D2>> > <BASE </FONT>
<BR><FONT SIZE=3D2>> > href=3D"<A =
HREF=3D"http://owainternal.internaldomain.com/exchange/Usern ame/" =
TARGET=3D"_blank">http://owainternal.internaldomain.com/exch ange/Usernam=
e/</A>"></FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> Your best bet is to find out in the MS Exchange =
docs how to change </FONT>
<BR><FONT SIZE=3D2>> this</FONT>
<BR><FONT SIZE=3D2>> tag so that either the base tag is removed, or =
the base tag refers to </FONT>
<BR><FONT SIZE=3D2>> the "internet" version of the =
URL.</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> Another bit of advice - keep it simple - make =
sure that the inside and</FONT>
<BR><FONT SIZE=3D2>> outside networks _both_ go through the reverse =
proxy - this saves you a </FONT>
<BR><FONT SIZE=3D2>> tonne of headaches and ugly configuration. It =
also means your laptop </FONT>
<BR><FONT SIZE=3D2>> people who are sometime inside, and sometimes =
outside, do not have to </FONT>
<BR><FONT SIZE=3D2>> jump through any hoops to reach the =
website.</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> Regards,</FONT>
<BR><FONT SIZE=3D2>> Graham</FONT>
<BR><FONT SIZE=3D2>> --</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> </FONT>
</P>

</BODY>
</HTML>
------_=_NextPart_001_01C3B8A5.4DD484D6--