Cookie/Session Expired - OWA SSL Reverse Proxy

spacecwoboy nginx-forum at
Fri Aug 16 13:43:18 UTC 2013

Jonathan Matthews Wrote:
> On 14 August 2013 18:20, spacecwoboy <nginx-forum at> wrote:
> > Hi.
> >
> > Trying to configure a reverse proxy to allow external access to an
> outlook
> > web access server. I am able to route traffic through the NGINX to
> the OWA
> > server, present the web page, and place the username & pw into the
> form.
> > OWA rejects valid username/pwd's with a: "Your session has timed
> out...."
> > error.
> >
> > Looking through my custom log files, somehow the session ID and the
> expired
> > values are munged in the GET & POST process through the proxy. 
> There may be
> > a simple fix that I'm not able to find.  Any suggestions will be
> > appreciated!
> I have a vague recollection that OWA uses a nasty form of
> authentication which *requires* that each client's end-to-end
> connection to the backend be long-lived, and only used by that one
> client (as the auth is done in the first few packets and not
> repeated). I don't know how you'd configure that in nginx.
> I may be wrong about it, however. I've never tried Nginx in front of
> OWA myself. This question comes up on the HAProxy list sometimes, and
> it seems solvable by HAP users.
> Jonathan

Much Appreciated Jonathan - it prompted me to take some different testing

I pointed ngnix to a 'test' OWA back-end, which is a mirror of the prod
environment, less the rigid SSL certs.  Authentication passed right on
through, everything was jive.

I'll likely take a different route of trunking SSL to nginx, remove the OWA
cert, then ipsec'ing the nginx server to the OWA server host-to-host.

Seems that's the fairly common approach?

( This thread helped btw:,234641,234654#msg-234654 )

Posted at Nginx Forum:,241856,241939#msg-241939

More information about the nginx mailing list