Recently I was faced with a challenge. We needed to get our OWA/OMA sites out of the DMZ so we could stop Internet traffic from directly connecting to our Exchange server. The world seemed to give us two options: ISA firewall (which is upwards of $1000 plus hardware) or a reverse proxy.

I wasn’t a big fan of buying the Microsoft Firewall, the Windows Server license and the hardware, and there were plenty of reverse proxy appliances available, but this is only a temporary solution until we upgrade to 2010, so I didn’t want to drop change on those solutions either. I decided I would create a virtual instance of Ubuntu Server and install Apache with mod_proxy for the price of free.

I’m not going to go through all the steps, but this snippet here is probably the most important part. Drop that into your /etc/apache2/sites-enabled/000default file with your tweaks and it’ll be a great start.

Luckily for us, our internal domain name and our external domain name were different, so there were no DNS issues. If your names are the same, you’ll probably have to do some host file tweaking.

My actual configuration file is far more complex than this starter file, as I had multiple interfaces to monitor. Please excuse any references in the config file to multiple interfaces.

I don’t claim to be a Linux expert, so there may be a more secure/efficient way to do this, but for me, this has worked great. The proxy uses almost zero resources and has yet to cause any problems after 3-4 months in production. 

Let me know how this works for you and if I can help in the comments.

Disclaimer: No promises that this solution will work for you. I take no responsibility for any changes you make to your configuration.

Click here to download:

000default.rtf (3 KB)

(download)

Click here to download:

000default.rtf (3 KB)