(lightbulb) This is still in progress. Please do not modify (lightbulb)

Enable Apache as a Proxy For OWA

There are plenty of reasons why you may want to protect an OWA service with an Apache Proxy. You may want too use mod_security for example. You may also already have an Apache HTTPD Server in a public facing role, and you would rather _ 'hide'_ your IIS instance from the public directly.

If you want to use Apache as a Front-End proxy for an OWA service you are going to need several modules.

  1. mod_ssl
  2. mod_proxy
  3. mod_proxy_http
  4. mod_proxy_connect

In this recipe we will not go into detail on how to configure an SSL enabled VirtualHost, or on how to install modules. If you need help with any of these please consult the Apache Docs.

Load Modules

You will need to modify your Apache config file (usually httpd.conf) to include the following lines to enable the modules:

LoadModule   proxy_module            modules/mod_proxy.so
LoadModule   proxy_http_module       modules/mod_proxy_http.so
LoadModule   proxy_connect_module    modules/mod_proxy_connect.so
LoadModule   ssl_module              modules/mod_ssl.so

Proxy Directives

Now in your SSL enabled VirtualHost add the following:

RequestHeader set Front-End-Https "On"

ProxyPass /exchange http://owa.yourdomain.tld/exchange/
ProxyPass /exchweb http://owa.yourdomain.tld/exchweb/
ProxyPass /public http://owa.yourdomain.tld/public/
ProxyPass /iisadmpwd http://owa.yourdomain.tld/iisadmpwd/

ProxyPassReverse /exchange http://owa.yourdomain.tld/exchange/
ProxyPassReverse /exchweb http://owa.yourdomain.tld/exchweb/
ProxyPassReverse /public http://owa.yourdomain.tld/public/
ProxyPassReverse /iisadmpwd http://owa.yourdomain.tld/iisadmpwd/

CacheDisable *

n.b. Make sure that you replace owa.yourdomain.tld with your domain name.

Hosts File

Now you need to modify your local hosts file, this is too make the server pass the traffic to the internal server, on a different IP address.

In /etc/hosts add:

192.168.1.1     owa.yourdomain.tld

Now in your /etc/host.conf ensure that the hosts file is checked before any other name resolution service, i.e.:

order hosts, bind
multi on
  • No labels