Apache Reverse Proxy server and SSL NTLM SharePoint
NTLM was not designed to work through Proxies (or in your case: reverse-proxies).
As with a single proxy, inserting a reverse proxy will cause NTLM authentication between the client browser and the Web server to cease functioning
(see http://support.microsoft.com/kb/198116/en-us)
However, there are workarounds:
- In your case (where SSL is used) the module mod_proxy_connect might provide a solution, since it doesn't seem to terminate the http session on the reverse proxy.
- I know that recent Versions of squid use a feature called "connection-pinning" to Proxy NTLM. I'm not sure if apache has a similar feature. You could just use squid instead of apache...
- You might also want to consider changing some of the default values in Firefox to make NTLM work (see about:config -> apply Filter "NTLM")
- Apart from that, changing the Authentication from NTLM to BASIC will probably solve all your problems. Since you are using SSL you won't even have to worry about someone sniffing your Passwords while using Basic_Auth.
Related videos on Youtube
15 : 54
14 : 48
08 : 35
11 : 13
03 : 13
jlanza
Updated on September 17, 2022Comments
-
jlanza over 1 year
I'm trying to set Apache as proxy server to an internal SharePoint server.
I have previously configured Apache to run as a proxy server to export internal webpages and web applications.
However, the Sharepoint is using SSL and NTLM authentication, and this is new to me :(
I have tried many options, the traffic seems to be forwared as I get the authentication popup window, but when I insert the user/pass, I get back to the same popup window.
Anybody has configured Apache to do so?
Here is a part of my httpd.conf:
<VirtualHost *:443> ServerName repository.out.com SSLProxyEngine On RequestHeader set Front-End-Https "On" ProxyRequests Off ProxyPreserveHost On ProxyPass / https://sharepoint.in.com ProxyPassReverse / https://sharepoint.in.com CacheDisable * SetEnv force-proxy-request-1.0 1 SetEnv proxy-nokeepalive 1 ErrorLog logs/jlanza_log CustomLog logs/jlanza_log common </VirtualHost>-
Philip over 13 yearsYou'll need the ntlm_auth module; I'm not familiar with it enough to provide instructions. -
jlanza over 13 yearsI thought ntlm_auth was to enable NTLM authentication to apache. What I want is to forward the authentication from the internal server to the client through the proxy.
-