RE: [fw-wiz] NTLM authentication from DMZ

From: Peter Robinson (peter@securegateway.org)
Date: 09/23/02


From: "Peter Robinson" <peter@securegateway.org>
To: "Reckhard, Tobias" <tobias.reckhard@secunet.com>, <firewall-wizards@honor.icsalabs.com>
Date: Mon Sep 23 09:14:03 2002

Tobias

You will also need mod_ip_forwarding(Available in the apache contribs) and
mod_securid from http://www.deny-all.com/mod_securid/

mod_ip_forwarding will allow the webserver to see the original address of
the requesting system not the proxy address
This is usefull for logging on the Webserver

I would suggest Apachetoolbox from http://www.apachetoolbox.com/ and then
patch the mod_securid your self.

Hope this helps

Peter Robinson

Intellectis technopithicus dorkeae
securegateway.org
Email:peter@securegateway.org
Web: www.securegateway.org

-----Original Message-----
From: firewall-wizards-admin@honor.icsalabs.com
[mailto:firewall-wizards-admin@honor.icsalabs.com]On Behalf Of Reckhard,
Tobias
Sent: Monday, 23 September 2002 6:20 PM
To: firewall-wizards@honor.icsalabs.com
Subject: RE: [fw-wiz] NTLM authentication from DMZ

Mikael Olsson wrote:
> My first recommendation would probably be: stick something in front
> of the OWA box that does SSL and authentication. If someone gets to
> the OWA box, it's more or less game over; if nothing else because
> of all the sensitive stuff that is usually available in people's
> inboxes, public folders, etc etc.

Heh, that's exactly what I'm about to have to implement here. I'm planning
to use Apache+mod_proxy+mod_ssl and RSA SecurID in front of an OWA server.
Does anyone by chance have any pointers to hints on how to set up such a
baby?

TIA
Tobias
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards