cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
392
Views
0
Helpful
5
Replies

HTTP to HTTPS header Rewrites

kkelly
Level 1
Level 1

We are moving to Microsoft Exchange Using the OWA Servers to front end it. I am trying to first Encrypt the traffic with the SSL module and then load balance the request across several OWA servers. I can configure that it?s pretty straightforward.

What appears to be outside my level of Kung Fu is getting the OWA servers to either reply with HTTPS in embedded links (like references e-mail, etc) or getting either the SSL module or the CSM to do header re-writes (http? https) as that packets pass back on through to the originating client.

We have a solution from Msoft (a DLL Filter) that can force ISS to return all refs in https, but that breaks another 3rd party app running on the OWA server that MUST be there.

So ? can I do adhoc header rewrites on either the CSM or the SSL module? The fine print in the docs says no (on redirects only not embedded lingsk) but I have consultants (Microsoft Con-sultants) that say it can be done with Cisco gear

What is the opinion of this group can I do it? And how ???

Thanks

-Kevin-

5 Replies 5

Gilles Dufour
Cisco Employee
Cisco Employee

Kevin,

the SCA used to be able to do this.

However this feature was killing the performance very badly as every packets had to be inspected.

It is therefore not a good solution to have the network do this function.

Have you tried the solution outlined at

http://support.microsoft.com/default.aspx?scid=kb;en-us;327800

Or did you try to configure the SSLM to insert the following line in the header :

"Front-End-Https: on"

You can do this with a "ssl-proxy policy http-header"

Gilles.

That Tech note from Msoft is exactly what we did and it works ... However ... a Single Sign On App that links Sharepoint to OWA (Pass Sharepoint Login info to OWA) also has a shim DLL loaded and the two conflict, and it then forces the OWA to talk to the Sharepoint FE web servers with https instead of http as origionally initiated.

Does IIS / OWA (forgive me; I'm not the IIS guy) servers understand that header insertion natively and return HTTPS refs or is a flag for a programmer to check and return the correctly formatted refs?

At the very least I will give it a try as I have nothing to loose at this point.

-Kevin-

Kevin,

it should normally automatically tell the server to return https link instead of http.

Explanation at:

http://www.microsoft.com/technet/prodtechnol/exchange/guides/E2k3FrontBack/578a8973-dc2f-4fff-83c6-39b1d771514c.mspx?mfr=true

Let me know if it works.

Gilles.

Yes it does work !!! the HTTP returns fine ... But now There are two frames that execute "WEBDAV" that just site there going Loading ... Loading ...

How do I pass Webdav through the SSL Module?

I was going to say the SSLM does not parse the content of data going through, but obviously we have to in order to insert the http header.

I did check the SSLM source code and the only HTTP methods supported are GET,POST,DELETE,OPTIONS,HEAD,PUT,TRACE.

So, there is no support of other methods required for WEBDAV.

Unfortunately I think we are in a dead end.

I have submitted your problem to the SSLM developpers to see if they are planning [or add to the planning] to extend the list mentioned above.

FYI, the CSS SSL module does support webdav and has the same option to insert the http header.

If you have a CSM, you could also let the CSM insert the http header using a policy with a header map.

Gilles.

Thanks,

Gilles.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: