Re: [users@httpd] Mod_Proxy_html, MS exchange, and another web server

Tue, 30 May 2006 08:04:20 -0700 

Hi,

> Currently I am using Apache 2.0.52 (patched with the ProxyPassCookie)
> and what we are trying to do is rather complicated, but let me explain.
> I am using mod_proxy_html as well to try to make the following work:
> 
> We have the Apache server running as a proxy.  Behind it we have an
> exchange server and another server running more asp/dotnet pages. We
> want both of the web servers to "appear" like one server being proxied
> by Apache, and only hand out exchange requests when the user hits an
> exchange folder (i.e. /exchange, /exweb, etc.), and the other pages when
> it hits the other site (i.e. /  ).  I have tried mod_proxy_html to
> rewrite the header and links, but this appears to "break" the NTLM
> authentication when it is in use.  
> 
> As a proxy, Apache works with both of these as disjointed web sites. The
> problem comes when trying to "put them together" as it were.
> 
> My main question is about the mod_proxy_html usage, although at this
> point I am happy to get anything that will help.

NTLM authentication itself is fundamentally broken anyway - it makes
assumptions which it shouldn't do.  It won't work through a proxy
(unless that proxy takes special steps to ensure that it doesn't break
it, which it shouldn't need to bother with).

The moral of the story is - don't use NTLM!

You may be able to perform the authentication in Apache and pass it
through to Exchange in a header - I've worked with other products that
allow this but I've never worked with Exchange.  I'm currently using
mod_auth_kerb to do this with a backend proprietary server.


HTH,


                                Neil.

-- 
Neil Hillard                    [EMAIL PROTECTED]
Westland Helicopters Ltd.       http://www.whl.co.uk/

Disclaimer: This message does not necessarily reflect the
            views of Westland Helicopters Ltd.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to