Hello TJ,
Thank you
From: "Tim Jordan" <tim@xxxxxxxxxxxxx> Reply-To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx> To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx> Subject: [exchangelist] RE: Exchange with SSL - OWA Access Date: Wed, 22 Dec 2004 16:33:11 -0900
http://www.MSExchange.org/
Hi Tom, Your comments left me a little confused. If the client is using SSL to connect to the Apache server which then passes the request to the internal OWA server...where does the "security nightmare" come into play?
I personally use https://mywebsite/exchange to connect to my OWA server which is proxied by Apache. It works great and the user is prompted to accept the cert from the OWA server. So the Apache server is running SSL and so is the OWA server.
TJ
-----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, December 22, 2004 1:05 PM To: [ExchangeList] Subject: [exchangelist] RE: Exchange with SSL - OWA Access
http://www.MSExchange.org/
HI Tim,
That allows for SSL to HTTP bridging! A security nightmare. And he has the gall to say that IIS is insure after describing such a config. Arrg!
Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls
-----Original Message----- From: Tim Jordan [mailto:tim@xxxxxxxxxxxxx] Sent: Wednesday, December 22, 2004 2:43 PM To: [ExchangeList] Subject: [exchangelist] RE: Exchange with SSL - OWA Access
http://www.MSExchange.org/
Ola, Here is another link for proxying OWA through Apache server. http://3cx.org/static/pages/1
TJ
-----Original Message----- From: Tim Jordan [mailto:tim@xxxxxxxxxxxxx] Sent: Wednesday, December 22, 2004 11:16 AM To: [ExchangeList] Subject: [exchangelist] RE: Exchange with SSL - OWA Access
http://www.MSExchange.org/
I disagree with Andrew on this. There is no need for ISA or dumping Apache to make this work.
Ola, are you an experinced Apache admin? If you are I would suggest researching Apache proxy. If you have a unix admin he/she should know this stuff.
TJ
-----Original Message----- From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] Sent: Tuesday, December 21, 2004 7:40 PM To: [ExchangeList] Subject: [exchangelist] RE: Exchange with SSL - OWA Access
http://www.MSExchange.org/
You need to invest in a real firewall like ISA server that way you do what you are asking without worrying about port 80 being signed to one machine.
I currently run a web server on a separate box and Exchange on another which my users can access their web sites and emails from, both are running on port 80, however my ISA server knows what is coming in for web and what is coming in for OWA and thus points the connections to the right server.
Using your everyday Linksys type router will not work for you. If you can't afford to invest in a proper firewall then I suggest you run your web sites from your Exchange Server and dump the Apache box.
Andrew
-----Original Message----- From: Ola One [mailto:ola_atb@xxxxxxxxxxx] Sent: Tuesday, December 21, 2004 9:48 PM To: [ExchangeList] Subject: [exchangelist] Exchange with SSL - OWA Access
http://www.MSExchange.org/
Hello all,
I have a peculiar problem. I have two win2k3 Enterprise on my network. Apache webserver is sitting on one, and Exchange 2003 Enterprise is sitting on the other.
The Apache Server came first and so the router has been used to map Port 80 to the Apache Server. Now with Exchange installed, the question are two folds:
1. Exchange was installed and Microsoft Certificate Authority was generated and used. So SSL is on. Based on this, if the users are willing, can they access OWA through HTTPS and not bother with HTTP since Port 80 is in use by the Apache Server. That way, the router can open Port 25, 110, and 443 to the Exchnage server? The main way of connecting to this server is mostly
through OWA.
2. I have forgotten whose address I put in Forwarders in my DNS entry (Would that be my WAN IP?), and whether I need to include MX record in my forward lookup zone.
Thank you all in advance.
Ola
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: andrew@xxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: tim@xxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: tim@xxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: tshinder@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: tim@xxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as: ola_atb@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx