Issue:
Session Authentication plus + Overhead session authentication override rule for HCL Traveler access is not working correctly. The session authentication is getting overridden back to Basic Auth.
If using HCL Traveler on a separate Domino server, this can be mitigated by disabling TOTP on that default/traveler.mindwatering.net domain. However, it still may not pass a security audit.
Workaround:
If both Verse and Traveler are on a single Domino server, using HA Proxy or Apache as a reverse proxy can preserve the original (main default web site - e.g. domsvr.mindwatering.net) while still providing host change for traveler.
Example Apache config:
1. Update the configuration for the reverse proxy:
$ sudo vi /etc/apache2/sites-enabled/domsvr-mw-net.conf
...
# proxy - preserve original host
ProxyPreserveHost On
ProxyPass / http://domsvr.mindwatering.net/ timeout=600
ProxyPassReverse / http://domsvr.mindwatering.net/
# proxy force domain redirect for /traveler to traveler.mydomain.com
<LocationMatch "^(/servlet/traveler|/traveler.*|/Microsoft-Server-ActiveSync.*)$">
Require all granted
RequestHeader set Host traveler.mindwatering.net
</LocationMatch>
...
<esc>:wq (to save)
2. Test for a syntax error:
$ sudo apache2ctl configtest
3. Reload/restart the Apache service:
$ sudo systemctl restart apache2
<wait a moment>
4. Verify:
$ sudo systemctl status apache2
<view output that service enabled and running>
previous page
|