Protecting Microsoft Small Business Server with a Apache Reverse Proxy

Written by James McDonald

February 26, 2013

I have used a reverse proxy setup to protect my SBS 2003 server for the last 7 or so years.

This last weekend I migrated from SBS 2003 to SBS 2011 and suddenly access to the SBS2011 Outlook Web App via my Apache reverse proxy setup broke.

I traced the problem to the javascript files not being donwloaded to the client. Initially I thought that the SBS box had some special security configuation that was preventing the .js files from downloading to the client. But eventually I traced the problem to the configuration of the Apache Reverse Proxy. The offending line was the ?/scripts/? line which was denying access to  the SBS 2011 javascript files such as https://host.example.com/owa/14.1.438.0/scripts/basic/cmn.js. commenting out the RewriteRule that forbid access to the */scripts/* path and we were in business.

RewriteRule ^(http|ftp)://.* - [F]
RewriteRule ^(.*)?/samples/? - [F]
# RewriteRule ^(.*)?/scripts/? - [F]
RewriteRule ^(.*).ida$ - [F]
RewriteRule ^(.*).htw$ - [F]
RewriteRule ^(.*)./_vti/_. - [F]
RewriteRule ^(.*).idq$ - [F]
RewriteRule ^(.*).exe$ - [F]
RewriteRule ^(.*)?/winnt/? - [F]

Refs: http://cyber-defense.sans.org/resources/papers/gsec/reverse-proxy-filter-http-https-103736

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.

You May Also Like…

Squarespace Image Export

To gain continued access to your Squarespace website images after cancelling your subscription you have several...

MySQL 8.x GRANT ALL STATEMENT

-- CREATE CREATE USER 'tgnrestoreuser'@'localhost' IDENTIFIED BY 'AppleSauceLoveBird2024'; GRANT ALL PRIVILEGES ON...

Exetel Opt-Out of CGNAT

If your port forwards and inbound and/or outbound site-to-site VPN's have failed when switching to Exetel due to their...