1

I am setting up Apache 2.2 as a reverse proxy. My need is to have certificate authentication for every reverse-proxied url except one (https://mailserver.com/Microsoft-Server-ActiveSync) that is used for mail sync with smartphones.

Here is how I configured proxy section of Apache:

ProxyRequests Off
SSLProxyEngine On
ProxyPass    /     https://internalserver/
ProxyPassReverse    /     https://internalserver/

<Proxy https://internalserver/Microsoft-Server-ActiveSync>
SSLVerifyClient none
</Proxy>


SSLVerifyClient require
SSLVerifyDepth 10

But with this configuration Apache requests for certificate for Microsoft-Server-ActiveSync, too...Is there a way to exclude that URL from certificate request?

J.B.
  • 315
  • 8
  • 23

1 Answers1

2

I made it following this guide found on the Internet: http://doc.nuxeo.com/display/ADMINDOC58/Configuring+a+Reverse+Proxy+to+Work+with+Live+Edit+and+Client+Certificate+Authentication

I had to use ProxyMatch directive and a bit of struggle with regexp:

ProxyRequests Off
SSLProxyEngine On
ProxyPass / https://internalserver/
ProxyPassReverse / https://internalserver/
SSLCACertificateFile /etc/pki/tls/certs/localhost.crt
SSLOptions +stdEnvVars

#Certificate access for all URLs except ActiveSync
<ProxyMatch ^(https\:\/\/internalserver\/(?!(Microsoft-Server-ActiveSync)))>
  SSLRequireSSL
  SSLVerifyClient require
  SSLVerifyDepth 10
</ProxyMatch>
J.B.
  • 315
  • 8
  • 23