Managing ECSC Linux Firewalls
<<< Previous 

Configuring IIS Protection and SSL acceleration

Backend Services

Microsoft Outlook Web Access

The Microsoft Outlook Web Access system (OWA) can run directly from an Exchange server or through an IIS virtual host. Either way, there are a number of problems you may run into.

SSL Acceleration

SSL Accelerating an OWA service requires a little tweak with Apache. You'll need the specially patched mod_proxy and the following line in your apache configuration:

ProxyRequestHeader set Front-End-Https On

This sets a special HTTP header in the backend request to the Outlook Web host. Now the Outlook Web service knows there is an SSL accelerator in front of it and rewrites URLs with https:// rather than http://.

The SEARCH http method and Squid

When accessing an OWA service, Internet Explorer makes use of a non-standard HTTP method named "SEARCH". You will need to set your squid caches to accept and allow this method else the the inbox will just show Loading... and never return (or complain, bleh).

You can do this with the following line in your squid config (Squid 2.4):

extension_methods request SEARCH

The Apache Limit* configuration

Apaches Limit* directives can cause problems with OWA as it tends to make large and sometimes unusual-looking requests. The ECSC Webfwadmin's default Apache settings are currently:

LimitRequestBody 2048
LimitRequestFieldsize 4096
LimitRequestLine 2048
LimitRequestFields 30

Requests generated by OWA can be as big as any e-mail sent by a user, so 2k is clearly not enough for all-singing all-dancing animated html ActiveX e-mails. You can experiement with these settings but it is currently recommended to comment them out.

<<< PreviousHome 
Configuring the Apache Web Server