| Davide DG 2006-05-31, 1:19 pm |
| Greetings,
I configured an Apache 2.0.54 (debian sarge) as a reverse www proxy
server for OWA 2003.
IIS/Exchange server is in LAN, Apache is in a DMZ.
The configuration is very similar to the one discussed in this article:
http://3cx.org/item/46
The whole thing seems to work very well.
I use these directives to leave the "Integrated Windows Authentication"
on the IIS server and to force Basic Auth only on Apache:
Header unset "WWW-Authenticate: NTLM"
Header add WWW-Authenticate "Basic realm=owa"
So users in LAN do not have to type in their user names and pass, while
users connecting from the Internet are prompted for Basic
Authentication (WWW-Authenticate header).
When users connect from the LAN to the IIS, they must always be able to
use OWA.
Instead, when they connect from the Internet to Apache, they must be
allowed or
not on a per-user basis.
So what I am looking for is a way to filter (deny or not) the requests
using the
"Authorization: Basic <base64>" header sent by the client browser.
I know how to use the "Require" directive in Apache for Basic Auth, but
only for content
hosted *on* the Apache server, not for reversed proxy contents.
Is there any way to accomplish this?
Thank you very much for any replies.
Best Regards.
Davide DG.
|