Hi @all,
i need some help with the following situation: we use nginx as reverse
proxy
for microsoft exchange owa / active sync
All working so far but since yesterday we have a new firewall (Palo
Alto)
which supports “User-ID”, meaning that the remote IP is connect to the
domain\username. That means that all non-microsoft devices (Apple,
Linux)
can also use user-based policies in the firewall.
Now the problem is, that the username, which is accessing exchange, is
bound
to the proxy ip and not to the client ip.
There exits an Palo Alto API which supports manual mapping via the API.
Now
my idea was to use the parameters $remote_addr and $remote_user to get
this
running but i have no idea how to call the api.
An example looks like this:
https:///api/?type=user-id&key=&action=set&vsys=vsys1&cmd=1.0update
“pan\sam1” has to be replaced by $remote_user and ip by $remote_addr,
right?
But which is the right place in the config to start the api call? My
config
looks similiar like this: Nginx in front of Exchange 2010 / Activesync
Thanks a lot in advance,
Uwe
Posted at Nginx Forum: