Reverse Proxy for OWA ActiveSync ?
Hi there,
I'm looking for some solution to handle OWA publishing with some reverse proxy
function on the firewall. No Web Proxy on DMZ. No TMG and no directly NAT to the inside Exchange.
I have managed to do WebSSL with external portal and SSO on the ASA for Webmail access. ActiveSync (e.g. Ipad) isn't working through that kind of portal.
Any suggestions? Cut-Passthrough? Or who is facing the same issue, with TMG been discontinued? Fortigate and Sophos mentioned to handle reverse proxy.
How about Cisco?
Kind regards,
Norbert
Sent from Cisco Technical Support iPhone App
Only by NAT/PAT to a reverse proxy (Citrix Netscaler) in the DMZ.
Several installation are done with fortigate.
http://www.boll.ch/fortinet/assets/TMGtoFortinet-Howto.pdf
Norbert
Similar Messages
-
OHS Webtier 11.1.1.5 reverse proxy to OWA
Hi,
I am trying to create a reverse proxy to OWA (Microsoft Exchange) https but to no avail.
As you can see the code below:
<Location /owa>
ProxyPass https://10.6.145.64/owa
ProxyPassReverse https://10.6.145.64/owa
#Redirect / https://10.6.145.64/
</Location>
Redirect is working but Reverse proxy is not working. Are there any additionals code needed to make it works?
I am actually setting up SSO for OWA but I have no idea how to configure this part. :(
Please help."And what is it about the ip it's pointing to in the opmn log. "216.8.179.25,6700: BIND (Cannot assign requested address)"?
The IP 216.8.179.25 is probably some internal address that is found when it was unable to find the 127.0.0.1 loopback.
Could be this address is found through the virtualization platform (which usually installs some network adapters on the system) - if you are using virtualization, otherwise
you have to check with you network administrators, and see if they can make something the IP you were getting.
"But i am not sure as to why / how this has happenned."
We had the same problems (were using DHCP) - with 11.1.1.2 no problems. With a patch to 11.1.1.5 it broke down - I think it is a bug in OPMN (the 11.1.1.5 version).
But to be sure it is a bug, you better check with Oracle Support, maybe they can shed a light on this. There are no known issues mentioned in the 11.1.1.5 release notes
- http://docs.oracle.com/cd/E21764_01/doc.1111/e14770/partpage3.htm#sthref17 -
Hi,
Setup:
3 CAS servers - Exchange 2010
1 IIS ARR reverse proxy
I followed these two
1 2 write-ups on how to setup Exchange 2010 OWA to use IIS ARR as a reverse proxy. The problem I'm having is
when all three servers are online in the server farm OWA doesn't work properly. You can log in fine, but it appears to not load fully and you can't click on anything (eg Calendar, emails, forward, reply, etc). If I were to take all the servers offline except
for one (doesn't matter which one), OWA functions normally.
Since some users also access OWA internally I have configured IIS on each CAS server to redirect to HTTPS and the OWA virtual directoy. I don't think this is causing the problem, but I thought I should mention it.
I followed the articles exactly. I'm not sure what could be causing the problem.
ThanksHi,
According to your description, there may be some problem on the configuration of your IIS ARR.
Thus, let’s troubleshoot ARR using Failed Request Tracing Rules to find the root cause.
For the detail steps, please refer to the following article:
http://www.iis.net/learn/troubleshoot/using-failed-request-tracing/using-failed-request-tracing-rules-to-troubleshoot-application-request-routing-arr
And we can also check if the URL rewrite rules are working as expected:
For more steps, please refer to the partition named Verifying if the above rules are working as expected in the reference below:
http://blogs.technet.com/b/exchange/archive/2013/08/05/part-3-reverse-proxy-for-exchange-server-2013-using-iis-arr.aspx
Thanks,
Angela
Angela Shi
TechNet Community Support -
Reverse Proxy for SharePoint 2013
Hi,
I need to setup SharePoint 2013 environment which needs to be accessible from mobile devices e.g. iPAD/Android, for reverse proxy, I am looking at apache or IIS ARR since UAG is going to be deprecated. So far any one setup apache (on
RHEL 6.x)
or IIS ARR(on W2K8R2) successfully as reverse proxy for SharePoint 2013 access? Is there any issue? and which SharePoint authentication method should be configured?
Must is be Form based authentication? As I read some articles it seems ARR supports Windows authentication. Thanks in advance.IIS ARR doesn't authenticate users, it is a pass-through (unlike UAG which can do auth or anon). Both IIS AAR and the new Web Proxy Role in Server 2012 R2 do not work with SharePoint 2013 Apps.
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
Why do we use reverse proxy for Oracle RAC Cluster setup
Hello All,
I got this question lately.. "why do we use reverse proxy for Oracle RAC Cluster setup". I know we use the reverse proxy at Middleware level for multiple security reasons.
Thanks.."why do we use reverse proxy for Oracle RAC Cluster setup".
I wouldn't. I wouldn't use a proxy of any sort for the Cluster Interconnect for sure.
Cheers,
Brian -
Apache as Reverse Proxy for UWC and Webmail
Hi,
for several reasons i want to use apache 2 as reverse proxy and ssl accelerator for UWC.
internet <-> apache/ssl <-> backend port 80
I configured my apache with mod_proxy and mod_proxy_html.
Here are the concerning config lines:
LoadModule headers_module modules/mod_headers.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadFile /usr/lib/libxml2.so
LoadModule proxy_html_module modules/mod_proxy_html.so
ProxyPass / http://backend.domain.com/
ProxyPassReverse / http://backend.domain.com/
<Location />
ProxyPassReverse /
SetOutputFilter proxy-html
ProxyHTMLURLMap / /
ProxyHTMLURLMap http://backend.domain.com:80/ http://webplex.domain.com/
ProxyHTMLExtended On
RequestHeader unset Accept-Encoding
</Location>For Webmail this configuration works most of the time. There are some minor problems in ie with the folder view. But the real problem is: I can't get UWC to work. The problem seems to be that mod_proxy_html can't replace all of the occurences of backend.domain.com in the html pages.
Especially:
onsubmit="handleSubmit()" action="http://webplex.domain.com/amserver/UI/Login?goto=http://backend.domain.com:80/uwc/&gotoOnFail=http://backend.domain.com:80/uwc/?err=1&module=LDAP" method="POST">in the uwc login page.
So my question is:
Is anybody out there who got apache working as reverse proxy for uwc?
Thanks a lot.
PS1:Solaris 10 on V20z, JES2005Q4
PS2: I already configured UWC with the reverse plugin for sun webserver on backend host so that uwc is working through port 80 only. So there should be no problems arise from that.Hopefully, you'll hear from somebody. I have zero knowledge or experience with Apache.
-
Issues using IIS 8.5 with ARR 3.0 as Reverse Proxy for Lync 2013
Dear reader, after searching for a day without finding a solution to my problem I end up here ;-)
Working Lync 2013 environment (gradually adding functionality) consisting of 2 FE servers, Persistent Chat Server, Web Apps server, Edge Server, Reverse Proxy Server (IIS 8.5/ARR 3.0), SQL Server.
Set up a fresh Windows 2012 R2 with IIS 8.5, installed ARR 3.0 and followed along this
TechNet article.
So far so good, external clients (incl. mobile phone apps) can all connect.
Now trying to add Web Apps to the reverse proxy, which is slightly different from the others by not forwarding 80/8080 and 443/4443, but just 80 and 443 to internal Web Apps server.
After creating the server farm/URL rewrite, browsing to the webapps.FQDN/hosting/discovery ends up with a 404 error (instead of XML, which is shown when try from the LAN).
After moving this rewrite rule to the top, it started working, but now my lyncdiscover.FQDN stops working.
Ofcourse moving the webapps rule down restores the lyncdiscover.
Any ideas? (everything setup as described in above mentioned TechNet article, so using wildcards. Tried fiddling around with webext.* and lyncdiscover.* and so, but no luck. (I'm completely new to ARR)
Thanks,
BarryCan you confirm that for each URL Rewrite Rule, you have an {http_host} record that matches something like webext.* as you referenced above and as seen in step 15 here:
http://blogs.technet.com/b/nexthop/archive/2013/02/19/using-iis-arr-as-a-reverse-proxy-for-lync-server-2013.aspx
It might help if you posted a screenshot of your URL rewrite rules.
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
SWC Unified Communications -
Is it possible IIS reverse Proxy for WAS ( BSP) ?????
Hi
I am able to setup IIS reverse proxy for Portal and other some internal website and it works well from outside the firewall. But for WAS (for BSP application), it repeatly prompt login screen even after gave correct user ID and password when call through proxy. But it work inside firewall.
So really wonder is it possible to use IIS reverse proxy for WAS?
Thanks
RaibinHi Raja
Thanks for your message. But I already read this same and many other BLOGs. Everything talk about manything. And nothing helped me to find the solution. But friday I found the solution myself and happy to share with you and all others.
The problem was related to the extra string getting added with in url to replace /bsp/ to /bsp(xxxxxxxxxxxxx)/ and finally when I put the entry as below in my IISProxy.xml file, everything became OK.
And I saw so many question related to EP 7.0 for outside access. There is one extra entry we have to put for webdynpro to make EP 7.0 working outside specially for admin screens.
In the below example 'sapep' is Portal and 'sapecc' is ECC 5.0 server.
<ISAPI-config version="1.6">
<filter name="IisProxy filter" />
<extension name="IisProxy extension" />
<mapping name="PORTAL">
<source>
<protocol>http</protocol>
<prefix>/irj</prefix>
<new-prefix>/irj/</new-prefix>
</source>
<source>
<protocol>http</protocol>
<prefix>/logon/</prefix>
</source>
<source>
<protocol>http</protocol>
<prefix>/webdynpro/</prefix>
</source>
<target>
<protocol>http</protocol>
<host>sapep.domain.com</host>
<port>50000</port>
</target>
</mapping>
<mapping name="BSP">
<source>
<protocol>http</protocol>
<prefix>/sap/</prefix>
</source>
<source>
<protocol>http</protocol>
<prefix>/sap(bD1lbiZjPTA5NiZkPW1pbg==)/</prefix>
</source>
<target>
<protocol>http</protocol>
<host>sapecc.domain.com</host>
<port>1080</port>
</target>
<compress-types>text/html, text/plain</compress-types>
</mapping>
</ISAPI-config>
I hope this will many to solve their problems.
Thanks
Raibin -
Setting apache reverse proxy for EP6SP2
Hi friends,
I want to set apache reverse proxy for EP6SP2. But after doing the following changes, it is showing the SAP J2EE Engine documentation page.
The following changes has been dont to httpd.conf:
NameVirtualHost 1.1.1.1:80
<VirtualHost 1.1.1.1:80>
ProxyRequests Off
ServerName ep6.xyz.com
ProxyPreserveHost On
proxyPass / http://ep6.xyz.com:50000/
proxyPassReverse / http://ep6.xyz.com:50000/
ErrorLog logs/base.80.error.log
CustomLog logs/base.80.custom.log common
</VirtualHost>
Help needed.
Regards,
NilzHi,
I have a problem with my proxy:
ssl.conf.in like
ProxyPass /irj http://debmsu06.server.###.de:50300/irj
ProxyPassReverse /irj http://debmsu06.server.###.de:50300/irj
RewriteRule ^/$ /irj/portal [R]
If I use URL:
https://bebuyer.###.de/ goto https://bebuyer.###.de/irj/portal
but if I use
https://bebuyer.###.de/irj/
I get the info:
https://bebuyer.###.de/irj/HTTPS:/bebuyer.###.de:443/irj/index.html
What is happened? How I can redirect to /irj/portal?
Of course I can use
http://debmsu06.server.###.de:50300/irj/
Could you please give me some tips?
Best Thanks!
Heren Zhou -
Reverse Proxy for OIF on iPlanet
hi,
I am trying to implement reverse proxy for OIF r3 Identity Provider on iPlanet.
I configured the obj.conf of iPlanet accordingly.
<Object name="passthrough1">
Service fn="service-passthrough" servers="http://backendIDP.com:80"
Error reason="Bad Gateway" fn="send-error" uri="C:/Sun/WebServer6.1/docs/badgateway.html"
</Object>
<Object Default>
NameTrans fn="assign-name" from="/fed/" name="passthrough1"
NameTrans fn="assign-name" from="/fed/*" name="passthrough2"
</Object>
when i tried the IDP initiated proxy url in a browser like (http://proxy.com/fed/idp/initiatesso?providerid=XXXXXXXX&returnurl=YYYY)
immediately its being forwaded to backend Identity Provider for authentication like(http://backendIDP.com/sso/jsp/salogin.jsp?doneURL=/user/loginsso&refID=id-ysJ-7-1PR9k-QI2bg9zZkPdyHPw-)
I was expecting that it is redirected to Proxy URL like (http://proxy.com/sso/jsp/salogin.jsp?doneURL=/user/loginsso&refID=id-ysJ-7-1PR9k-QI2bg9zZkPdyHPw-)
At the end it is giving me null pointer exception instead of return URL "YYYYY"
Does any one know how to fix the error.web or weblogic.xml files on your RPS needs to define for each case like if inbound port is 7011 then send it to PIA:7011 and http and the same for 7012 then send it to PIA:7012 and https. in the webprofile configuration for your RPS profile, set both https and http relative URLS. I believe you could start using this info and I am sure you could figure out the rest.
-
When I look up alternatives to TMG many other answers say something like "Don't worry about it. TMG 2010 is under support until 2020."
Well, we don't have TMG and can't buy it since it is off the market. Can it still be legitimately purchased through any resellers?
We need a reverse proxy that specifically supports SSL-Bridging so that device certificate authentication is not broken when the connection passes through the proxy.
Which reverse proxies that are currently on the market are known to work successfully with System Center Config Manager Internet-Based Client Management and also with other Microsoft products such as Lync 2010 and RD Gateway 2012 R2?
Do any Cisco ASA or ACE models support the required functionality for machine certificate authentication?
We have ISA 2006 licenses available, but I would hate to roll that out and then have to replace it in only 2 years rather than using something that can stay in place long term. Maybe we could use ISA 2006 temporarily as a stopgap if the next version
released of Windows Server Web Application Proxy would meet the requirements and can be deployed in production before ISA 2006 is completely EOL.
I hate that Microsoft keeps discontinuing all the related products to this before they have their replacements ready.Hi,
You are correct, all TMG product sales officially ended in December 2012.
In addition, an ISA Server and a TS Gateway server can be used together to enhance security for remote connections to internal network resources. However, it
seems that ISA 2006 cannot support that on Windows Server 2012 R2. For more detailed information:
Configuring the TS Gateway ISA Server Scenario
Personally, Web application proxy would be an alternate. In addition, for the question related to Cisco product, you can contact Cisco for assistance.
Best regards,
Susie -
Apache as a reverse proxy for E-recruiting
We are trying to use apache as a reverse procy for e-recruting. The call to the web proxy is being forwareded correctly but whereas if the page is opened directly on the e-recruiting box it opens a page with a bsp generated logon screen, when using the portal it generates a window dialog for logon and i the get the following message :
BSP Exception: Das Objekt sap/bc/bsp/sap/hrrcf_start_int/sap/bc/bsp/sap/hrrcf_start_int/application.do in der URL /sap/bc/bsp/sap/hrrcf_start_int/sap/bc/bsp/sap/hrrcf_start_int/sap/bc/bsp/sap/hrrcf_start_int/application.do?sap-client=100&sap-language=EN&BspClient=100&BspLanguage=EN&rcfSpId=0003&rcfContext=LMUGEN ist nicht gültig.
Has anyone done apache as a proxy for e-recruting who can share an example or offer any advice?
ThanksHi Richard,
you can take this link as a starting point: /people/sap.user72/blog/2006/04/18/the-reverse-proxy-series--part-32-apache-as-a-complex-reverse-proxy
In your case it seems to me that "/sap/bc/bsp/sap/hrrcf_start_int" gets concatenated 2 more times in your URL than it should.
That looks like a loop resp. an apache directive which gets executed too often.
regards, Norbert -
Using IIS AAR as a reverse proxy for Exchange 2010 & Lync 2013
hi
i am planning to use IIS AAR as reverse proxy solution for both Exchange 2010 & Lync 2013 . need clarifications on the below.
Is it production ready proof solution of using IIS AAR as a reverse proxy solution , if yes what is the sizing considerations for the same.
Can we have exchange reverse proxy and lync reverse proxy on the same IIS ARR server.
Is there any special consideration(license/certificates/cal licenses) needs to be taken care while using this solution
4. Deployment Guide available?hi steve.. thanks for reply..
1 have gone through that.. however having both exchange & lync reverse proxy on single server is unanswered and the reason for having this in exchange forum is to have consideration from exchange prospective as well ...
I am also wondering this. Can both exist on the same set of proxy servers? I also plan to have a load balanced solution. Has anyone had any luck with doing that? -
How To configure Apache As Reverse Proxy for SharePoint Application
Hi,
I recently integrated Apache as ReverseProxy for SharePoint 2010. When accessing the SharePoint application via the reverse proxy url e.g. http://<reverse-proxy-url>/SitePages/Home.aspx the images/css and JavaScript files does not comeup
fine.
I had defined the following mapping in the httpd.conf file.
ProxyPass /SitePages http://<actual-url>/SitePages
<Location /SitePages>
ProxyPassReverse http://<actual-url>/SitePages
SetEnv force-nokeepalive 1
</Location>
Regards,
Bunty RayHi Trevor,
I did not understand your point. Currently i tried the following in the httpd.conf as well, but still did not help
######Mapping SharePoint Server#######
ProxyPass /SitePages http://<actual-url>/SitePages
ProxyPass /WebResource.axd http://<actual-url>/WebResource.axd
ProxyPass /ScriptResource.axd http://<actual-url>/ScriptResource.axd
<Location /SitePages>
SetOutputFilter INFLATE;proxy-html;DEFLATE
ProxyHTMLMeta On
ProxyHTMLEnable On
ProxyHTMLExtended On
ProxyHTMLLogVerbose On
ProxyPassReverse http://<actual-url>/SitePages
ProxyHTMLURLMap /SitePages http://<actual-url>/SitePages ec
ProxyHTMLURLMap http://<actual-url>/SitePages /SitePages ec
SetEnv force-nokeepalive 1
SetEnv force-proxy-request-1.01
SetEnv proxy-initial-not-pooled 1
</Location>
<Location /ScriptResource.axd>
SetOutputFilter INFLATE;proxy-html;DEFLATE
ProxyHTMLMeta On
ProxyHTMLEnable On
ProxyHTMLExtended On
ProxyHTMLLogVerbose On
ProxyPassReverse http://<actual-url>/ScriptResource.axd
ProxyHTMLURLMap /ScriptResource.axd http://<actual-url>/ScriptResource.axd ec
ProxyHTMLURLMap http://<actual-url>/ScriptResource.axd /ScriptResource.axd ec
SetEnv force-proxy-request-1.01
SetEnv force-nokeepalive 1
SetEnv proxy-initial-not-pooled 1
</Location>
<Location /WebResource.axd>
SetOutputFilter INFLATE;proxy-html;DEFLATE
ProxyHTMLMeta On
ProxyHTMLEnable On
ProxyHTMLExtended On
ProxyHTMLLogVerbose On
ProxyPassReverse http://<actual-url>/WebResource.axd
ProxyHTMLURLMap /WebResource.axd http://<actual-url>/WebResource.axd ec
ProxyHTMLURLMap http://<actual-url>/WebResource.axd /WebResource.axd ec
SetEnv force-proxy-request-1.01
SetEnv force-nokeepalive 1
SetEnv proxy-initial-not-pooled 1
</Location>
<Location /_layouts>
SetOutputFilter INFLATE;proxy-html;DEFLATE
ProxyHTMLMeta On
ProxyHTMLEnable On
ProxyHTMLExtended On
ProxyHTMLLogVerbose On
ProxyPassReverse http://<actual-url>/_layouts
ProxyHTMLURLMap /_layouts/1033/styles/Themable http://<actual-url>/_layouts/1033/styles/Themable ec
ProxyHTMLURLMap http://<actual-url>/_layouts/1033/styles/Themable /_layouts/1033/styles/Themable ec
SetEnv force-proxy-request-1.01
SetEnv force-nokeepalive 1
SetEnv proxy-initial-not-pooled 1
</Location>
Regards,
Bunty Ray -
How to set 3rd Party Reverse Proxy for smp 3.0 ?
Hi am new to SMP 3.0 . Please help me out .
hi am fallowing the steps in SyBooks Online for reverse proxy settings.
I added the below proxy settings in Apache2.2\conf\httpd.conf .
Listen 8080
<VirtualHost *:8080>
ServerName proxy-server
ErrorLog "C:/Apache2.2/logs/error.log"
TransferLog "C:/Apache2.2/logs/access.log"
<Location />
ProxyPass http://172.22.26.199:8080/
ProxyPassReverse http://172.22.26.199:8080/
</Location>
</VirtualHost>
After adding this proxy setting am unable to run apche server am getting error like "The requested operation has failed " . How to resolve this error ?
Maybe you are looking for
-
Can I install a SSD on an optical drive in a HP Envy Phoenix
I just purchased a customized HP ENVY Phoenix Desktop - 810-350se CTO with a Raid 5 configuration (3 x 2 TB), but I noticed and researched that it seems that is better to have a SSD installed to have your computer access data faster, of course, I wan
-
How to put the new developed Requirement into an output type procedure...
Hi, If we developed an new Requirement for an output type, how to put this new requirement number into the output type procedure??? for example: RV61B912 The requirement number is 912. Thanks
-
Secure Copy and Paste in Sandboxed mode
Hi, while working on copy-and-paste of mathematical formulae for our ActivMath learning environment, a web-based one, I, of course, chopped to the problem that sandboxes (be them in Java applets, JNLP, JavaScript, Flash, ...) refuse the access to the
-
Unable to validate Invoice Lines
Hi, I have an invoice and it has 5 lines .This particular invoice has been accounted and later i have added 5 more lines to the same invoice by mistake i have cancelled the entire invoice with out validating the newly added 5 lines. My issue is every
-
I've tried to download Solaris 8-ia-binary CD images(Installation cd,software 1) for 3 times, but winzip always told me "..it doesn't appear to be a valid archive...try to download again." Is there anybody same to me? or these files are not right eve