Hi,

 

I have a fairly common requirement of needing to reverse proxy Microsoft's Oulook Web Access ("OWA"- web browser access to Exchange).

I have a Linux box located in our DMZ which will act as the reverse proxy and I'm reasonably sure that all the required ports are open. The external client will speak to the reverse proxy using https which will then speak to the OWA server using http, thereby providing improved security. I started off trying to do this using Apache but could not get it to work, so I decided to try pound as it looked to be more straight forward to configure but still can't get it to work. I'm using the IE6 browser but have tried Mozilla as well with no sucess. I can connect to the OWA server directly over http with no problems.

 

This is what happens (I'm testing this from an internal PC client just now as external access to the pound server is not enabled yet) :

 

1. I hit the URL https://poundserver/exchange and get a message back complaining about my temporarily generated certificate and asking me whether I want to trust it. I click yes.

2. A login box pop's up asking me to login into Outlook Web access. I type in my login details

3. My browser starts to load the site (skeleton frames are set up in my browser) but a box pops up saying this site contains secure and nonsecure items (which is weird) and do I want to display the nonsecure  ones. I click yes

4. Both of the frames in my browser display "The Page cannot be displayed" error.

 

This is exactly where I got with Apache! I would really appreciate advice from anyone who has this working. I have read all the archives relating to this but most seem to for earlier versions of Pound and the keywords won't work with Pound v2.1.

I suspect that somehow the OWA server is redirecting my browser so that it is by passing the proxy and speaking directly to it, the error about secure and nonsecure items seems to confirm this (remember I'm testing this from an internal PC)

 

This is my pound.cfg

 

Loglevel 4
ListenHTTPS
      Address 192.168.50.11
      AddHeader "Front-End_https: on"
      WebDAV 1
      Port    443
      Cert    "/usr/local/etc/server.pem"
          Service
              BackEnd
                 Address 10.123.0.6
                 Port    80
               End
          End
End
 

Does anyone have this working  or have any general advice on how to debug this problem, before I go insane.

 

Thanks & Regards

Robin