|
From: Marco P. <mar...@gm...> - 2018-04-06 14:36:39
|
Hi all, we are using Apache 2.4.x with ModSec 2.9.2 proxying Outlook Web Access 2016. I ran for a while in DetectionOnly, so whitelisting every necessary rule. When I switched to "On" (block), I started getting issues. During the first request the backend system answers with 401, and providing 3 WWW-Authenticate headers: WWW-Authenticate: Basic realm="myhostname.mydomain" WWW-Authenticate: Negotiate WWW-Authenticate: NTLM During the following request Apache directly answers 403 without proxying the request to the backend... nor logging anything useful. I don't understand how the switching from "DetectionOnly" to "On" could interfere with the processing without logging anything. I ask you what are the undocumented settings that are changed under the hood together with that configuration switch... Thank you in advance Marco |
