Reverse proxy + double auth

Hi there,

I asked you a question about accents a few days ago and it really helped me.
Thanx again. Now, I have another problem. I want the user to have a double
auth before reading his emails as I don' t want everyone to get webmail from
the internet.
- First auth is apache basic or digest (preferably)
- Second auth is the OWA auth.

The problem is I have apache auth (OK), then OWA auth (OK) and then apache
auth again and it doesn't validate my login/passwd ("Error: Access is
Denied"). Where did I go wrong?

ProxyRequests Off
ProxyPreserveHost On
<VirtualHost 10.1.1.1:443>
SSLEngine on
SSLProxyEngine on
SSLProtocol +all
SSLCipherSuite HIGH:MEDIUM
SSLCertificateFile conf/ssl/my-server.cert
SSLCertificateKeyFile conf/ssl/my-server.key
ServerName webmail:443
<Location "/exchange">
ProxyPass https://webmail/exchange
ProxyPassReverse https://webmail/exchange
AuthType basic
AuthName "private"
Authuserfile c:\pwd
Require valid-user
</Location>
<Location "/exchweb">
ProxyPass https://webmail/exchweb
ProxyPassReverse https://webmail/exchweb
</Location>
</VirtualHost>

--
Choowie

choowie wrote:
> Hi there,
>
> I asked you a question about accents a few days ago and it really
> helped me. Thanx again. Now, I have another problem. I want the user
> to have a double auth before reading his emails as I don' t want
> everyone to get webmail from the internet.
> - First auth is apache basic or digest (preferably)
> - Second auth is the OWA auth.
>
> The problem is I have apache auth (OK), then OWA auth (OK) and then
> apache auth again and it doesn't validate my login/passwd ("Error:
> Access is Denied"). Where did I go wrong?

Ok, found it. The idea is to use X509 certificates. It is more convenient
and can be more secure. Indeed, when installing the X509 on the browser,
just do not tick "make this key as exportable". This way you can be sure
that the certificate won't be exported on a PC that you do not trust.

Suits me fine.

--
Choowie