Thread: [mod-security-users] OT: anyone doing reverse proxies for NTLM servers?
Brought to you by:
victorhora,
zimmerletw
From: Jason H. <Jas...@tr...> - 2007-12-19 07:56:30
|
Hi there We've got a case to put a SharePoint server behind an Apache/modsecurity reverse proxy, and the IIS server is set exclusively to NTLM. Normally this isn't doable - NTLM is a transaction that has to occur directly between the browser and server - but RFC-4559 states a way around it using session cookies (SPNEGO). Squid supports it, but I can't see any evidence Apache/mod_proxy does? Does anyone know if this is doable, if not, I'll get I'll submit an Apache bugzilla... Thanks! -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 |
From: Brian R. <Bri...@br...> - 2007-12-19 15:35:54
|
Jason Haar wrote: > Hi there > > We've got a case to put a SharePoint server behind an Apache/modsecurity > reverse proxy, and the IIS server is set exclusively to NTLM. > > Normally this isn't doable - NTLM is a transaction that has to occur > directly between the browser and server - but RFC-4559 states a way > around it using session cookies (SPNEGO). Squid supports it, but I can't > see any evidence Apache/mod_proxy does? > > Does anyone know if this is doable, if not, I'll get I'll submit an > Apache bugzilla... I do not know a solution off hand. If you do find a solution, pleas let the list know, though (a few people want this). thanks, -B -- Brian Rectanus Breach Security |