Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

OWA Apache Proxy

Status
Not open for further replies.
wcuz

wcuz

MIS
Mar 22, 2002
54
US
I can't seem to get OWA to load completely using Apache proxy, IIS, Exchange 2003, and Wins2k3.

I type
I get a login screen and enter my username and password.
OWA loads but only displays the outer frames (preview panes) of the application. OWA works correctly from the LAN connecting directly to the Exchange server: //servername/exchange/ but I can't get it to work from the outside.

Any ideas??

Thanks
 
Sort by date Sort by votes
This isn't really an Exchange question, it's an Apache question. You'd likely be better served in that forum...
 
Upvote 0 Downvote
That's exactly an Exchange question.
There are basically three approaches for providing a secure OWA access to the internet – using ISA, Apache or Squid proxy.
I believe that such a discussion would be interesting to the visitors of the Exchange forum.
How did you configure your Apache proxy Wcuz?


forum.gif
Dean
 
Upvote 0 Downvote
Thanks for the reply netometer. I've also posted this in the Apache forum but haven't received a response.

Basic setup:

Linux 8.0, Apache 2.0.40, openssl

I've created my own certs. and setup the Linux box in my DMZ. SSL seems to be working fine.

Exchange 2003, OWA, Wins2k3

Exchange is running on the trusted LAN and being proxied by the apache server.

SSL.conf (Proxy Portion)

<VirtualHost ip-address-of apache server:443>

DocumentRoot "/var/ServerName FQDN of apache server:443
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log

RequestHeader set Front-End-Https "On"

ProxyRequests Off
ProxyPreserveHost On
ProxyVia On

ProxyPass / OWA server/exchange
ProxyPassReverse / OWA server/exchange
ProxyPass / OWA server/exchweb
ProxyPassReverse / OWA server/exchweb
ProxyPass / OWA server/public
ProxyPassReverse / OWA server/public
ProxyPass / OWA server/iisadmpwd
ProxyPassReverse / OWA server/iisadmpwd

Using the above configuration, I type and establish a secure connection via the apache server.

I get a login screen and enter my username and password.
OWA loads but only displays the outer frames (preview panes) of the application. Where the graphics and messages should be I get the "http 404 file or directory not found" message. OWA works correctly from the LAN connecting directly to the Exchange server: //servername/exchange/ but I can't get it to work from the outside/going through the proxy. When I right click and select properties on the page displaying the 404 error it says it's looking for /exchange/postmaster/Inbox/?Cmd=contents
 
Upvote 0 Downvote
Hi!
It would like to start with pointing to the best step-by-step tutorial I have found about configuring OWA 2k/2k3 proxy using Apache:

Here are the general steps which you need to go through:
1. Lock down the traffic to and from Apache – only incoming traffic on port 443 and outgoing on 80 (the Apache talks to the Exchange server on port 80). You can achieve that either configuring the corresponding ACL (Access Control Lists) for the DMZ on your firewall or configuring iptables on the Apache server.
2. Configure Apache to use mod_proxy modules.
3. Add the “RequestHeader”, “ProxyPass” and “ProxyPassReverse” directives (you have done this – the only think that I don’t see is the “CacheDisable *” command).
4. Modify the “/etc/hosts” file – add an entry for ip-address-of OWA server/exchange.
5. Fix the problem with the “%” symbol in the message subject line using “mod_rewrite”.


In addition you can check the end of the article for configuring Outlook RPC over HTTP with Apache.

I hope you find this post helpful.



forum.gif
Dean
 
Upvote 0 Downvote
I see a problem in your proxypass statements--it looks like you're only passing the root level. Shouldn't it instead be:

Code: 
ProxyPass /exchange [URL unfurl="true"]http://ip-address-of[/URL] OWA server/exchange
ProxyPassReverse /exchange [URL unfurl="true"]http://ip-address-of[/URL] OWA server/exchange

etc

Also, I'd personally use https instead of http.
 
Upvote 0 Downvote
That's exactly an Exchange question.
Click to expand...

While he's trying to provide Exchange services, his problem is certainly not with Exchange (it works without the proxy) but with Apache. I wasn't suggesting his post didn't belong here, but rather that a bunch of Exchange guys probably had less to contribute to his problem than a bunch of Apache guys. While it's certainly interesting for the peanut gallery, my primary motivation in his position would be solving my problem, and not simply to provide education for others (that comes later, once you have solved the problem...)

FWIW, I agree with you otherwise: proxying Exchange is a must.
 
Upvote 0 Downvote
Thanks for the replies.....

netometer:

I started with the article you referenced. I agree it's a good step-by-step procedure, I just haven't been able to get it to work in my situation.

jkupski:

I've tried my configuration with and without the preceding directory definitions.

Without any preceding definitions I get the blank frames and 404 error.

With only the /exchange definition I get the error "Directory Listing Denied, This virtual directory does not allow contents to be listed".

With both the /exchange and /exchweb definitions I get a 404 Object Not Found error from Apache

In IIS, the /exchange virtual directory has all access permisions selected. The /exchweb virtual directory has read, log visists, and index this resource selected.

Thanks again for any help you can provide.
 
Upvote 0 Downvote
I've also posted this question in the apache forum but haven't received any responses yet......
 
Upvote 0 Downvote
First, what version of Apache are you running?
I have just tried the following configuration on RHEL 4 and the Apache/2.0.52 and it works:
Code: 
#Make sure the following modules are loaded
LoadModule proxy_module <path to modules dir>/mod_proxy.so
LoadModule proxy_http_module <path to modules dir>/mod_proxy_http.so
LoadModule proxy_connect_module <path to modules dir>/mod_proxy_connect.so


RequestHeader set Front-End-Https "On"
ProxyRequests Off
ProxyPreserveHost On

#OWA % character in email subject fix
RewriteEngine On
RewriteMap percentsubject int:escape
RewriteCond $1 ^/exchange/.*\%.*$
RewriteRule (/exchange/.*) ${percentsubject:$1} [P]

#OWA
ProxyPass /exchange [URL unfurl="true"]https://exchangserver.example.com/exchange[/URL]
ProxyPassReverse /exchange [URL unfurl="true"]https://exchangeserver.example.com/exchange[/URL]
ProxyPass /Exchange [URL unfurl="true"]https://exchangeserver.example.com/exchange[/URL]
ProxyPassReverse /Exchange [URL unfurl="true"]https://exchangeserver.example.com/exchange[/URL]
ProxyPass /exchweb [URL unfurl="true"]https://exchangeserver.example.com/exchweb[/URL]
ProxyPassReverse /exchweb [URL unfurl="true"]https://exchangeserver.example.com/exchweb[/URL]
ProxyPass /public [URL unfurl="true"]https://exchangeserver.example.com/public[/URL]
ProxyPassReverse /public [URL unfurl="true"]https://exchangeserver.example.com/public[/URL]
ProxyPass /iisadmpwd [URL unfurl="true"]https://exchangeserver.example.com/iisadmpwd[/URL]
ProxyPassReverse /iisadmpwd [URL unfurl="true"]https://exchangeserver.example.com/iisadmpwd[/URL]

#OMA
ProxyPass /oma [URL unfurl="true"]https://exchangeserver.example.com/oma[/URL]
ProxyPassReverse /oma [URL unfurl="true"]https://exchangeserver.example.com/oma[/URL]

#ActiveSync (for WM5+ devices)
ProxyPass /Microsoft-Exchange-ActiveSync [URL unfurl="true"]https://exchangeserver.example.com/Microsoft-Exchange-ActiveSync[/URL]
ProxyPassReverse /Microsoft-Exchange-ActiveSync [URL unfurl="true"]https://exchangeserver.example.com/Microsoft-Exchange-ActiveSync[/URL]

The RewriteEngine does not replace the “%” character as expected so if you have an e-mail with “%” in the subject the Apache will not be able to display it. You get a screen with the message “Your browser sent a request that this server could not understand.” You have to try the script suggested in the 3cx.org article.
I was able to configure and run FBA (Forms Based Authentication) on the Exchange server. By default FBA requires the use of SSL so I had to add the following registry entry in Exchange 2003server:
Under “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeWeb\OWA” (if the key OWA does not exist you have to create it)
Create a DWORD value named “AllowRetailHTTPAuth” and give it a value of 1.



forum.gif
Dean
 
Upvote 0 Downvote
I'm also running RHEL4 and apache/2.0.52 and my config looks identical to netometer's (minus the OMA and activesync, which we don't use, and the % rewrite rule, which caused problems for me--FWIW, the % bug is fixed in 2.0.55 which you will, unfortunately, never see in RHEL4.) I'm also using FBA.

Oddball thought: is your OWA machine also a DC? I've seen no end of problems running OWA on a DC.
 
Upvote 0 Downvote
Well..... I'm running RedHat 8.0 and Apache 2.0.40. OWA is running on a dedicated exchange machine and not a DC. I've tried the exact configuration you presented and couldn't get it to go no matter what I tried. Considering the config worked for both of you on Apache 2.0.52, I think I'll upgrade and give it another try. I'll post back with results....

Thanks again for the input.
 
Upvote 0 Downvote
netometer,

Did you build that yourself, or is there a supported RPM for RHEL4 that I haven't noticed?
 
Upvote 0 Downvote
Okay..... this just keeps getting better. I've got apache/openssl working again so when I access my secure site via https:// I get prompted for a certificate. This is where it gets intersting. If I include the preceding /exchange in the ProxyPass directive I don't get prompted to login after accepting the cert. but only get the default apache page.

ProxyPass /exchange // owa server/exchange

If I remove the preceding /exchange I get prompted to login but after entering my credentials I get a http 404 file or directory not found error from IIS. If I leave that page open and remove the preceding /exchange then restart apache and refresh my browser, OWA comes up correctly.

What do you think???
 
Upvote 0 Downvote
Well..... If I add an additional ProxyPass directive without /exchange

ProxyPass / OWA server

and leave all other directives as they're listed above it works but I have to include the /exchange at the end of the address line in my browser. instead of
That's progress.... now I just need to figure out how to do it without the /exchange at the end of my https://
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

microsGuy16
  • Locked
  • Question
Global Address List Names not showing in Outlook OWA 365
Replies
0
Views
2K
microsGuy16
microsGuy16
ponoodle
  • Locked
  • Question
Disabling OWA for on prem Exchange while in a hybrid envirenment.
Replies
0
Views
1K
ponoodle
ponoodle
intel233
  • Locked
  • Question
Export proxy addresses for distribution group
Replies
0
Views
88
intel233
intel233
lwhalo
  • Locked
  • Question
Domain Admins - Active Sync/OWA question
Replies
1
Views
97
ntinlin
ntinlin
joblack23
  • Locked
  • Question
owa lock
Replies
0
Views
60
joblack23
joblack23

Part and Inventory Search

Sponsor

Back
Top