Could you eloborate on why you say that reverse proxy with SSL won't work? We've been running it for years on our Exchange system here, although granted that uses 5.5 rather than 2000. Testing of access to OWA 2000 is on my to-do list.
Thank you. - John Airey, BSc (Jt Hons), CNA, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] Theories of evolution are like buses - there'll be another one along in a minute > -----Original Message----- > From: Robin P. Blanchard [mailto:[EMAIL PROTECTED]] > Sent: 30 September 2002 14:29 > To: [EMAIL PROTECTED] > Subject: mod_ssl / mod_proxy interaction > > > > in effort to eventually setup a secure apache reverse proxy > for exchange > 2000's OWA, i've run into the following dilemma.... > > per the mod-ssl docs, i had the following declared globally: > SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown > downgrade-1.0 force-response-1.0 > > and realised after much wailing and gnashing of teeth that that line > caused the following (non-ssl) virtual host failed to operate > correctly > under IE: > > Listen 10.10.10.99:80 > <VirtualHost 10.10.10.99:80> > ServerName webmail.gactr.uga.edu > UseCanonicalName Off > CustomLog /tmp/webmail-trans.log combined > ErrorLog /tmp/webmail-error.log > > RedirectPermanent / http://webmail.gactr.uga.edu/exchange/ > ProxyRequests Off > ProxyVia Full > ProxyPass /exchange/ http://webmail.gactr.uga.edu/exchange/ > ProxyPassReverse /exchange/ > http://webmail.gactr.uga.edu/exchange/ > ProxyPass /public/ http://webmail.gactr.uga.edu/public/ > ProxyPassReverse /public/ > http://webmail.gactr.uga.edu/public/ > ProxyPass /ex2k/ http://webmail.gactr.uga.edu/ex2k/ > ProxyPassReverse /ex2k/ http://webmail.gactr.uga.edu/ex2k/ > ProxyPass /exchweb/ http://webmail.gactr.uga.edu/exchweb/ > ProxyPassReverse /exchweb/ > http://webmail.gactr.uga.edu/exchweb/ > > </VirtualHost> > > So, I placed User-Agent config out of the global config and into each > SSL config. Now, the exchange 2000 proxy (currently non-SSL) is > correctly handled by IE. Obviously, though, I will be wanting to put > this proxy behind SSL, which I've already determined will not work > (using the mod_ssl recommended settings). Has anyone else run into a > similar situation? Is there a reasonable work-around for this? > > -- > ---------------------------------------- > Robin P. Blanchard > Systems Integration Specialist > Georgia Center for Continuing Education > fon: 706.542.2404 <|> fax: 706.542.6546 > ---------------------------------------- > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
