Reverse proxy to access owa problem - Apache Web Server forum at WebmasterWorld - WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

Reverse proxy to access owa problem

sinkingfeeling

5:57 pm on Feb 14, 2009 (gmt 0)

10+ Year Member

I have managed to set up a reverse proxy to enable users to access their company email from the net. I thought I was doing so well until I tried to use it today and, with out supplying any username/password I was presented with someone elses mailbox.
The code i used was:

ProxyRequests off
ProxyPreserveHost on

#OWA % character in email subject fix
RewriteEngine On
RewriteMap percentsubject int:escape
RewriteCond $1 ^/exchange/.*\%.*$
RewriteRule (/exchange/.*) ${percentsubject:$1} [P]

#OWA
ProxyPass /exchange hxxp://email/exchange
ProxyPassReverse /exchange hxxp://email/exchange
ProxyPass /Exchange hxxp://email/exchange
ProxyPassReverse /Exchange hxxp://email/exchange
ProxyPass /exchweb hxxp://email/exchweb
ProxyPassReverse /exchweb hxxp://email/exchweb
ProxyPass /public hxxp://email/public
ProxyPassReverse /public hxxp://email/public
ProxyPass /iisadmpwd hxxp://email/iisadmpwd
ProxyPassReverse /iisadmpwd hxxp://email/iisadmpwd

Please help. I am very new to apache and have no idea if If i have missed something obvious.

jdMorgan

6:16 pm on Feb 14, 2009 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

You don't really need the RewriteCond. Just fully-qualify the Req_URI in the rule itself:


RewriteRule (/exchange/.*\%.*)$ ${percentsubject:$1} [P]

Note that I copied the function of what you had originally; The pattern should actually be start-anchored if that is possible.

However, I doubt that optimizing your rule will have any effect on the problem. I suspect that the trouble is caused by some factor in the webmail server's authentication -- Perhaps it assumes that any intranet access is already authenticated, and since these requests will appear to be coming from your front-end server inside your network instead of from a remote client, it may just let them in.

However, you should flush you browser cache and then test again. Repeat this several times. Do you get a different user's account each time, or always the same one? You might get some strong debugging clues from the answer to this question.

Jim

sinkingfeeling

6:24 pm on Feb 14, 2009 (gmt 0)

10+ Year Member

Many thanks Jim.
I have been presented with different users mailboxes at different attempts. If I try to look at my own mailbox it does ask for my username and pass and then continues to my mail. Could it be something to do with the last user to access their mail?

jdMorgan

6:53 pm on Feb 14, 2009 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

That's a good theory, but I don't know anything about your e-mail server, so I can't comment usefully.

I'd suggest searching for the name of your e-mail server, plus "proxy" and see if that truns up anything useful. Also try the support forum for that software.

In a setup like this, Apache is simply acting as an HTTP "pipe", so I have no idea how proxying the webmail requests might affect the e-mail program.

Another very-general tip: Try commenting-out all of the proxied request-path directive pairs but one, reducing your config to one ProxyPass and one ProxyPassReverse directive for the path of your choice. Debugging and testing may be a bit easier if you've got a reduced number of test-cases to work with.

Jim

sinkingfeeling

7:42 pm on Feb 14, 2009 (gmt 0)

10+ Year Member

How does the http pipe differ from NAT port map? When I direct web traffic through the firewall straight to the mail server i don't get the problem. And I know that "it aint broke so don't fix it" applies here but I want a web server as well as the email server available to the net and I thought the reverse proxy was the way to go. does appache do some sort of session caching (not sure what i'm talking about here!) that i can disable?
Many thanks for your help.