RE: [fw-wiz] NTLM authentication from DMZ

From: Peter Robinson (peter@securegateway.org)
Date: 09/23/02


From: "Peter Robinson" <peter@securegateway.org>
To: "Reckhard, Tobias" <tobias.reckhard@secunet.com>, <firewall-wizards@honor.icsalabs.com>
Date: Mon Sep 23 09:14:03 2002

Tobias

You will also need mod_ip_forwarding(Available in the apache contribs) and
mod_securid from http://www.deny-all.com/mod_securid/

mod_ip_forwarding will allow the webserver to see the original address of
the requesting system not the proxy address
This is usefull for logging on the Webserver

I would suggest Apachetoolbox from http://www.apachetoolbox.com/ and then
patch the mod_securid your self.

Hope this helps

Peter Robinson

Intellectis technopithicus dorkeae
securegateway.org
Email:peter@securegateway.org
Web: www.securegateway.org

-----Original Message-----
From: firewall-wizards-admin@honor.icsalabs.com
[mailto:firewall-wizards-admin@honor.icsalabs.com]On Behalf Of Reckhard,
Tobias
Sent: Monday, 23 September 2002 6:20 PM
To: firewall-wizards@honor.icsalabs.com
Subject: RE: [fw-wiz] NTLM authentication from DMZ

Mikael Olsson wrote:
> My first recommendation would probably be: stick something in front
> of the OWA box that does SSL and authentication. If someone gets to
> the OWA box, it's more or less game over; if nothing else because
> of all the sensitive stuff that is usually available in people's
> inboxes, public folders, etc etc.

Heh, that's exactly what I'm about to have to implement here. I'm planning
to use Apache+mod_proxy+mod_ssl and RSA SecurID in front of an OWA server.
Does anyone by chance have any pointers to hints on how to set up such a
baby?

TIA
Tobias
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Owa mmp files in Webtemp
    ... I am running exchange 5.5. ... I have OWA running ... on my webserver and it seems to be working fine until too ... many *.mmp file accumulate in the webtemp directory. ...
    (microsoft.public.exchange.applications)
  • Re: Outlook via the internet OR Outlook Web Access
    ... I now understand that OWA is the way to go ... >the firewall at port 443 is forwarded to the webserver. ... Andrew Hodgson in Bromyard, Herefordshire, UK. ...
    (microsoft.public.windows.server.sbs)
  • OWA on different server than Exchange 2003
    ... OWA is working ... ... install the OWA on my Webserver in the Domain and tell the connector to use ... the internal Exchange server. ... https and a certificate or that internetfreaks will toast my exchange server ...
    (microsoft.public.exchange.setup)