Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: AW: [suse-security] Outlook Web Access and Opening port 443
  • From: Harald Wallus <wallus@xxxxxxxxxxxxxxx>
  • Date: Mon, 9 Sep 2002 11:45:13 +0200
  • Message-id: <200209091145.13904.wallus@xxxxxxxxxxxxxxx>
Am Montag, 9. September 2002 11:12 schrieben Sie:
> Hi,
>
> What you describe I got to work with exchange 5.5 owa.
Exchange Server 5.5 is OK, thats work.

> Also I tried it with exchange 2k. ssl secured squid 2.5pre-3 and behind it
> a win2k server running owa on a iis 5. What happened? As soon as I stopped
> reverse proxying on tcp:80 but continued on tcp:443 the connection failed.
> I never found out why.
> Re-opening tcp:80 owa worked normally but only for a short time over https.
> Most of the traffic went through port 80.
Not all scripts have this hardcoded line above, so sometimes it looks like it
is running. Think on your client side cache.
The line: "m_szURL = window.location.protocol + "//" + window.location.host +
window.location.pathname;"
window.location.protocol is http: or https:
window.location.host is your IP or hostname
Such a line are often into the cgi-scripts of Exchange Server 2000
Change them all, use cygwin and sed (are to much for do by hand).

Perhaps someone tricky can plan a setup, where your external name of the
server is the same that squid in reverse mode redirect to.
Or has anybody get Exc2000 gets run behind a application firewall or
NAT-firewall?

With Exc 5.5 I do: IIS with OWA on port 80, squid in reverse mode, listening
on localhost port 80, on which stunnel provides the external 443 port.
So I can filter the URLs and reject silly GET commands.

Greeting
Harald Wallus

> philipp
>
> > you know that Bill Gates workers don't understand nothing
> > about networking!
> > The things which are working are stolen or buyed!!
> > The ExchangeServer 2000 is a sample of scripts in different
> > script languages
> > and also some compiled programs.
> > In all of these part, the port, the IP and the protocoll are
> > HARDCODED. So
> > your Exchange Server has a internal IP-Address like
> > 192.168.0.20, your access
> > from public network will be redirected to that private
> > network. And thus,
> > clearly, will not be work.
> > So you have to put your Exchange Server into the internet
> > without firewall (or
> > you have the possibility to subnet a public network, so you can port
> > firewalling. But I will use Microsofts IIS only with an
> > application layer
> > firewall like the accelrator mode of squid). And die!
> > I have tried to correct the scripts, and realy somethings
> > will be work.
> > But you need Billys help for recompile the programms.
> > I use horde/imp as frontend and Exchangeserve as imap-Server.
> > OK, you got no
> > calendar and so on, only the email.
> > Else do a VPN into your office.
> >
> > Greetings
> > Harald
> >
> > Am Freitag, 6. September 2002 19:33 schrieb Jacob Fierberg:
> > > I am trying to open port 443 on the firewall to gain access
> >
> > to Outlook Web
> >
> > > access on our exchange server.
> > > I have already modified the
> >
> > /etc/rc.config.d/firewallX.rc.config and put in
> >
> > > the following
> > > FW_SERVICES_EXT_TCP="443"
> > > FW_SERVICES_EXT_UDP="443"
> > >
> > >
> > > FW_SERVICES_INT_TCP="443"
> > > FW_SERVICES_INT_UDP="443"
> > >
> > > I restarted the firewall but I am still not able to see my
> >
> > server behind
> >
> > > the firewall. Any suggestions?
> > >
> > >
> > > Jacob Fierberg
> > > Help Desk
> > > Teacher's Pal, Inc
> > > jacobf@xxxxxxxxxxxxxxx
> > > www.teacherspal.com <www.teacherspal.com>
> > > 10851 N. Black Canyon Highway, Suite 500
> > > Phoenix, AZ 85029
> > > 800-515-2535 toll-free
> > > 602-861-3440 telephone
> > > 602-789-6077 fax
> >
> > --
> > Dr. Harald Wallus
> > netlike-gmbh
> > Am Listholze 78, D-30177 Hannover
> > Tel: +49(0)511 90 95 1-23 Fax: +49(0)511 90 95 = 1-90
> > Email: wallus@xxxxxxxxxxxxxxx
> > Internet: http://netlike-gmbh.de
> >
> > --
> > Check the headers for your unsubscription address
> > For additional commands, e-mail: suse-security-help@xxxxxxxx
> > Security-related bug reports go to security@xxxxxxx, not here

--
Dr. Harald Wallus
netlike-gmbh
Am Listholze 78, D-30177 Hannover
Tel: +49(0)511 90 95 1-23 Fax: +49(0)511 90 95 = 1-90
Email: wallus@xxxxxxxxxxxxxxx
Internet: http://netlike-gmbh.de

< Previous Next >
Follow Ups