3SP Knowledgebase
Information and FAQs about 3SP products 		  
Search  
   
Browse by Category
3SP Knowledgebase
 General FAQ
 SSL-Explorer
 About SSL-Explorer
 All Versions
 Access rights
 Agent
 Applications
 Attributes
 Authentication Schemes
 Documentation
 Extensions
 Internationalization
 IP restrictions
 Message queue
 Network Places
 Profiles
 SSL Certificates
 SSL Tunnels
 Update/Backup/Restore
 User Management
 Web Forwards
 Host-based reverse proxy
 Path-based reverse Proxy
 Replacement Proxy
 Tunneled proxy
 Enterprise Edition Only
 Improving Performance
 Installation Management
 rPath Appliance
 Support
3SP Knowledgebase .: SSL-Explorer .: All Versions .: Web Forwards .: Path-based reverse Proxy .: How do I configure Outlook Web Access in Reverse Proxy?

How do I configure Outlook Web Access in Reverse Proxy?

Configuring SSL-Explorer to proxy Outlook Web Access 2003 is a simple process. By taking advantage of SSL-Explorer you are now able to move your OWA servers from the demilitarized zone (DMZ) and place them deeper inside the corporate network. SSL-Explorer will act as an intermediary between clients and OWA, proxying web traffic and encrypting the data with SSL. You can also take advantage of the layered authentication schemes to provide greater security measures.

There are a couple of caveats to consider when using OWA through the reverse proxy.
  • Public folders cannot be accessed through the reverse proxy. The OWA application inserts direct links to the exchange server in the HTML so any attempt to access public folders will result in a direct connection with the exchange server,
  • Host headers are not processed correctly by the OWA application. This causes a problem when OWA or SSL-Explorer are running on a non-standard port. In order for this to work correctly OWA and SSL-Explorer must be listening on the same port. This can be worked around by adding an additional listening interface to the IIS server hosting OWA so that it listens on the same port as SSL-Explorer
  • We recommend that ActiveDNS is not used for OWA since the user will then have the ability to access any other web application that may be running on the OWA server. Entry of paths ensures that they are restricted to the OWA application only. This is the preferred method for all web forwards where possible.
The steps we recommend to configure OWA and SSL-Explorer are as follows:
  1. Configure Active Directory authentication in SSL-Explorer. This means that your users will not need to enter passwords to log-on to OWA. You can configure SSL-Explorer to authenticate to OWA using the credentials of the logged-on user.

  2. Create a Path-based Reverse Proxy web forward.

  3. In the resource wizard enter the path to the OWA application in the Destination URL field. e.g.

    OWA 2000/2003 - https://pdc.example.co.uk/exchange

    OWA 2007 - https://pdc.example.co.uk/owa

  4. In the 'paths' text area, enter the paths for your OWA version:

    OWA 2000/2003 -
    /exchange
    /exchweb

    OWA 2007 -
    /owa

  5. On the authentication details page, select the authentication type required by the OWA server. Insert ${Session:username} and ${session:password} into the authentication credential fields

  6. Assign the resource to a suitable policy

  7. Click 'Finish' to complete the wizard and save the web forward.
If your OWA is configured to use Forms Authentication you should review this article as the instruction above do not apply to your deployment.

How helpful was this article to you?

User Comments

Add Comment
No comments have been posted.


powered by Lore
© 2008 3SP Ltd. All Rights Reserved