RE: NTLM authentication from DMZ

["Peter Robinson" <peter () securegateway org>]

Tobias

You will also need mod_ip_forwarding(Available in the apache contribs) and
mod_securid from http://www.deny-all.com/mod_securid/

mod_ip_forwarding will allow the webserver to see the original address of
the requesting system not the proxy address
This is usefull for logging on the Webserver

I would suggest Apachetoolbox from http://www.apachetoolbox.com/ and then
patch the mod_securid your self.

Hope this helps

Peter Robinson

Intellectis technopithicus dorkeae
securegateway.org
Email:peter () securegateway org
Web: www.securegateway.org



-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of Reckhard,
Tobias
Sent: Monday, 23 September 2002 6:20 PM
To: firewall-wizards () honor icsalabs com
Subject: RE: [fw-wiz] NTLM authentication from DMZ


Mikael Olsson wrote:
> My first recommendation would probably be: stick something in front
> of the OWA box that does SSL and authentication. If someone gets to
> the OWA box, it's more or less game over; if nothing else because
> of all the sensitive stuff that is usually available in people's
> inboxes, public folders, etc etc.

Heh, that's exactly what I'm about to have to implement here. I'm planning
to use Apache+mod_proxy+mod_ssl and RSA SecurID in front of an OWA server.
Does anyone by chance have any pointers to hints on how to set up such a
baby?

TIA
Tobias
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards