Protecting Microsoft Small Business Server with a Apache Reverse Proxy

I have used a reverse…

Login

Blog History

I have used a reverse proxy setup to protect my SBS 2003 server for the last 7 or so years.

This last weekend I migrated from SBS 2003 to SBS 2011 and suddenly access to the SBS2011 Outlook Web App via my Apache reverse proxy setup broke.

I traced the problem to the javascript files not being donwloaded to the client. Initially I thought that the SBS box had some special security configuation that was preventing the .js files from downloading to the client. But eventually I traced the problem to the configuration of the Apache Reverse Proxy. The offending line was the ?/scripts/? line which was denying access to  the SBS 2011 javascript files such as https://host.example.com/owa/14.1.438.0/scripts/basic/cmn.js. commenting out the RewriteRule that forbid access to the */scripts/* path and we were in business.

RewriteRule ^(http|ftp)://.* - [F]
RewriteRule ^(.*)?/samples/? - [F]
# RewriteRule ^(.*)?/scripts/? - [F]
RewriteRule ^(.*).ida$ - [F]
RewriteRule ^(.*).htw$ - [F]
RewriteRule ^(.*)./_vti/_. - [F]
RewriteRule ^(.*).idq$ - [F]
RewriteRule ^(.*).exe$ - [F]
RewriteRule ^(.*)?/winnt/? - [F]

Refs: http://cyber-defense.sans.org/resources/papers/gsec/reverse-proxy-filter-http-https-103736

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.