Apache Reverse Proxy for Sharepoint Remembers Credentials

apache-2.2authenticationPROXYreverse-proxysharepoint

I'm facing a weird problem with my Apache reverse proxy setup for a Sharepoint server.
When I log into the Sharepoint via proxy and then someone else opens the Sharepoint via proxy, he is already logged in with my account. Do you have an idea what might be wrong?

This is the Apache config:

<VirtualHost *:443>
    SSLEngine On
    SSLProxyEngine On
    SSLCertificateFile /etc/apache2/ssl/sharepoint.pem

    ProxyPreserveHost Off
    ProxyRequests Off

    ProxyHTMLExtended On
    ProxyHTMLLogVerbose On
    LogLevel Debug
    ProxyHTMLURLMap https://sharepoint.portal.de/ /
    SetOutputFilter INFLATE;proxy-html;DEFLATE

    Header edit Location ^https(\:\/\/sharepoint.portal.de)(.*)$ https://192.168.120.19$2

    ProxyPass / https://sharepoint.portal.de:443/
    ProxyPassReverse / https://sharepoint.portal.de:443/
</VirtualHost>

Best Answer

Here is what I try for the 4 last hours:

The only reasonable explanation I can think of is that the sharepoint server has keepalive enabled and serveral apache clients are proxied through the same "keepalived" connexion between apache and sharepoint.

If this is the case the following 2 lines ( to be inserted in your vhost configuration ) showld solve the issue:

SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1

Alternatively you could also disable keepalives on the sharepoint server. Disabling / Enabling keepalive on apache should make no difference.

Edit: This will not work with NTLM Authentication because NTLM is connexion oriented and requires the keep-alive. Actually the question is already answered here: Setting up mod_proxy to pass http authentication to server

This SF post gives a working configuration, with keep-alive enabled.

Best Answer

Related Solutions

Tomcat cookies not working via the ProxyPass VirtualHost

SSL certificate proxy redirect to port mongrel rails app help

Related Topic