HTTP tunneling and reverse proxy server
We're currently using Windows Media Services (WMS) to stream
video on our website. There is an option WMS to use the HTTP
protocol and to specify the port you'd like to use. This has
allowed us to stream video through our external firewall, through
our reverse proxy server, and through our internal firewall to our
media server. I've been trying for two days now to get Flash Media
Server (FMS) to do the same thing. For some reason the HTTP
tunneling (RTMPT) protocol doesn't appear to be acting like the
HTTP protocol that WMS is using. Anyone have some tips on this
configuration. I've scoured web resources and documentation as best
I could. Any help would be greatly appreciated.
Thanks.
To give a better picture, here's a more complete description of set up and goals
Static IP hits external interface of ASA. ASA has a static nat rule to forward it to my DMZ server.
DMZ server is running IIS 8. Here are what some of the sites look like.
jira.xxxxx.com -> 10.1.10.21 (ubuntu server) | port 80
email.xxxxx.com - > 10.1.10.16 (domain joined server 2012) port 80, 443
media.xxxxx.com -> 10.1.10.14 (domain joined server 2012) port 80, 443
other stuff like this -> 10.1.10.x port 80 or others
All of the A records for those domain names point to the static which routes to the ASA and then is NAT'd to the DMZ server.
What do I need to do in IIS to have those sites get directed to the proper internal locations?
Thanks!!
Similar Messages
-
HTTP Filtering and Reverse Proxy + DMZ
Hello all, I'm consolidating a number of my services and securing up my network.
To give some context I have 1 static IP, several websites in the form of subdomain.domain.com where domain.com is the same but there are numerous subdomains which reside on different servers. Until recently we were just using port forwarding, etc. to access
these remotely (subdomain.domain.com:9090, subdomain2.domain.com:9091) etc. but I would like to clean this up.
We have a 5505 ASA which our static IP is natted to. That has a static route to an IIS server in the 'DMZ' portion of our network. I would like to find a way to have this server see 'subdomain1.domain.com' and send it to the server hosting that service, and
so on for the other services.
I think I want to use Reverse-Proxy but I have never delved in to IIS 8 before and the extent of my reverse proxy experience was using nginx to host several web services for a friend.
If I could get any advice on 1) how to filter the url requests and direct them to the right server (some are non-windows servers) and 2) how to do this securely from the DMZ to the internal lan?
Thanks SO much for any help!To give a better picture, here's a more complete description of set up and goals
Static IP hits external interface of ASA. ASA has a static nat rule to forward it to my DMZ server.
DMZ server is running IIS 8. Here are what some of the sites look like.
jira.xxxxx.com -> 10.1.10.21 (ubuntu server) | port 80
email.xxxxx.com - > 10.1.10.16 (domain joined server 2012) port 80, 443
media.xxxxx.com -> 10.1.10.14 (domain joined server 2012) port 80, 443
other stuff like this -> 10.1.10.x port 80 or others
All of the A records for those domain names point to the static which routes to the ASA and then is NAT'd to the DMZ server.
What do I need to do in IIS to have those sites get directed to the proper internal locations?
Thanks!! -
Does the plugin-in still not work with HTTPS and a proxy server?
From plug-in docs -
"Java Plug-in supports http, ftp, gopher and SOCKS v4 protocols through the proxy server. Currently, Java Plug-in does not support https (SSL). "Hello
I am making HTTPS calls from within my applet code and this works fine using the basic Java Plug-in support for HTTPS.
This means my code basically does:
URL url = new URL("https://myhost.com/servlet/Test");
URLConnection conn = url.openConnection();
etc..
We are using Java 1.4.2. I've read in the "How HTTPS Works in Java Plug-in" for 1.3, that the plugin uses the browsers API for making HTTPS connections. Is this still the case for 1.4?
My basic problem is that it all works fine if the browser is NOT configured to use a proxy server. If a proxy server is configured we get the following Exception in the client:
java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 400 Bad Request ( The data is invalid. )"
I have read that "Sun's Java Secure Socket Extension (JSSE) library allows you to access a secure Web server from behind a firewall via proxy tunnelling. However, JSSE expects the proxy's reply to the tunnelling request to begin with "HTTP 1.0"; otherwise, it throws an IOException" (http://www.javaworld.com/javatips/jw-javatip111_p.html)
The article talks about using the JSSE library but it seems to be assuming the client is an application not an applet.
How do I use JSSE from within an applet if all the proxy information I seem to need to set in the JSSE code is held by the browser?
Will JSSE support proxies returning responses beginning HTTP 1.1 in the future?
Any help on this would be greatly appreciated.
Many thanks
mark -
HTTP Tunneling and Load Balancing with Weblogic Server 6.1
We use T3 for Java client to application server communication (Weblogic Server
6.1) and keep the session open for the life of the client. We many customers
using this with load balancers and all works fine. We have just started to use
BEA's HTTP tunneling and I have a question concerning how this will work with
load balancers. Since the single T3 connection has been replaced with a series
of stateless HTTP connections, does the BEA tunneling code put session information
in the HTTP header? If so, what information does it place in the header. If
it does we should be able to use that to make sure that the load balancer always
sends HTTP requests with that session to the same application server.
Thanks!
RickRick,
You may want to look at the Alteon and F5 configuration we have on edocs.
Take a look at the following URLs for a possible solution
http://edocs.bea.com/wls/docs61/cluster/alteon.html#591902
http://edocs.bea.com/wls/docs61/cluster/bigip.html#591902
Chuck Nelson
DRE
BEA Technical Support -
I set up a reverse proxy server but the DOJO and auto complete dont work
I set up a reverse proxy server but the DOJO and auto completer don't work . Am I missing a configuration on the proxy server ?
Well it would help if you can provide some more details on your configuration/setup.
-
Could you please let me know how SharePoint HNSC can be configured with a reverse proxy server so that HNSC Share Point URLs are not exposed to end users.
In normal path based site collections/web applications, reverse proxy configuration can be done using alternate access mappings with Public URL = "proxy URL", internal = "HNSC Share Point URL" so that share point sends response back
to Public URL = "proxy URL".
In Host Named Site Collections, alternate access mappings are not supported. Each HNSC is designed to have only one URL in each zone. Zone is one of the five zones(Default,Intranet,Internet,Custom,Extranet) with each of which only one alternate
URL is associated. This is what we are able to get using power shell command "Set-SPSiteUrl", but this will not help us to get the response back to proxy URL after a request sent to share point because we could not find any mechanism in share
point HNSC to respond to a different URL(proxy URL). Consequently, Share Point URLs are exposed to external users.
Below share point article in MSDN blog is symmetrical to what we are observing with Share Point 2013 and Proxy Server. It mentions that internal HNSC URLs can’t be hidden using any proxy server. If hiding the internal Share Point URLS is a requirement,
it suggests to use a web application instead of host named site collections.
Though I’m also observing the same behavior with Share Point 2013 HNSC, Could you please confirm my understanding is correct.
http://blogs.msdn.com/b/kaevans/archive/2012/03/27/what-every-sharepoint-admin-needs-to-know-about-host-named-site-collections.aspx
Excerpt from above article-
"Host Named Site Collections Only Use One Host Name
Continuing on the discussion on AAMs and host named site collections, you cannot use multiple host names to address a site collection in SharePoint 2010. Because host-named site collections have a single URL, they do not support alternate access mappings and
are always considered to be in the Default zone. This is important if you are using a reverse proxy to provide access to external users. Products like Unified Access Gateway 2010 allow external users to authenticate to your gateway and access a site
as http://uag.sharepoint.com and forward the call to http://portal.sharepoint.com. Remember that URL rewriting is not permitted. Further, a site collection can only respond to one host name. This means if you are using a reverse proxy, it must forward the
calls to the same URL. If your networking team has a policy against exposing internal URLs externally, you must instead use web applications and extend the web application using an alternate access mapping."<u5:p></u5:p>Hi Satish,
You are right that only one URL is allowed for each zone of the host-name site collections in both SharePoint 2010 and SharePoint 2013.
It is by design that each host-name site collection only support one URL for each zone.
The article below is about RTM version of SharePoint, and it is the same for SharePoint 2013 with the latest CU.
https://support.microsoft.com/en-us/kb/2826457
So to make the URL of HNSC not exposed to external users is not supported, you need to use path-based sites instead.
Best regards.
Thanks
TechNet Community Support
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
[email protected] -
Configuring Oracle Portal to Work with a Reverse Proxy Server
Hi,
I have an Oracle Portal 11g instance that works fine but I need to put behind a reverse proxy server.
I follow the instructions of chapter 6.6 of this link http://download.oracle.com/docs/cd/E15523_01/portal.1111/e10239/cg_advnc.htm#i1051122 with any problem, but when I tried to access to the portal/pls/portal page I get the following error:~
(WWC-00000)
;i=pls%2Forasso%2Forasso.wwsso_app_admin.fapp_process_login%3Fp_app_id%3D; Accept=text/html Accept-Charset=ISO-8859-1,utf-8;q=0.7,*;q=0.7 User-Agent=Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 Oracle HTTPClient Version 10h X-Oracle-Device.Class=pcbrowser X-Oracle-Device.Name=HTML40 X-Oracle-Device.Orientation=landscape X-Oracle-Device.MaxDocSize=0 X-Oracle-Device.Secure=false PROVIDER=90163575;i=2;n=PORTAL%20CONTENT%20AREA;o=0;R=0; PROVIDER=641081930;i=2;n=DESIGN_TIME_PG;o=0;R=0; PORTLET=6,2237;v=641081930;b=2214;t=700;T=;D=Portal%20Builder%20banner;]=2;A=521_2214_641081930;p=6_2237_6_1_1;i=0;Y=0;e=0;d=0;h=0;a=0;^=0;R=0;c=0;C=0;Z=0;I=5;q=http://hostname:7777/portal/page/portal?_mode=10&_cpage_id=1&_csite_id=6&_cstyle_id=1&_cstyle_site_id=6&_ccalledfrom=1&_cmode=3&_ctabstring=Welcome&_cdisplay_name=Portal%20Builder;V=0; PORTLET=606;v=90163575;b=20;t=15;T=;D=Welcome;]=3;A=606_tabset_90163575;p=606_tabset_90163575;i=0;Y=0;e=1;d=1;h=1;a=1;^=1;R=0;c=0;C=0;Z=0;V=11;n=_ts.rid;t=constant;v=606; n=_ts.tid;t=constant;v=13; n=_ts.pid;t=constant;v=1; n=_ts.sid;t=constant;v=6; n=_ts.tp;t=constant;v=; n=_ts.ts;t=constant;v=Welcome; n=_ts.stid;t=constant;v=1; n=_ts.ssid;t=constant;v=6; n=_ts.m;t=constant;v=3; n=_ts.pr;t=constant;v=; n=_ts.sc;t=constant;v=; TEMPLATE=1;c=text/html;
#portal-rewrite?a=2;i=6,2237/portal-rewrite#
#portal-rewrite?a=2;i=606/portal-rewrite#
Could anyone help me solving this problem.
This is a very critical situation.
Thanks,
Regards,
rjcThe solution for this problema was put the proxy server name and IP in the database hosts.
In Oracle portal it's essencial that database could resolve the name of all componentes, like portal mid-tier, web cache, sso, proxy server, etc.
Regards,
rjc -
Using WLS 8.1 as a Reverse Proxy Server as well as using SSL
Hi,
We have WebLogic server 8.1 installed and set-up as a Reverse Proxy Server. We would like it to serve pages over a secure internet connection (one way).
I have imported the SSL certificate which I received from Thawte. I have also configured the identity and Trust keystores for the server.
However, I am still unable to access the server over a secure connection.
I have logged into WebLogic Console and unticked Listen Port Enabled Port: 80; and ticked SSL Port Enabled and changed it to listen on Port:80? However, all this will mean is all our url's will need to preceded by 'https' I would prefer us to be able to still use 'http' which when requested redirects to 'https'
Not having been on any WebLogic courses, I am new to this and would appreciate any help or step by step guides people have.
Many Thanks,
KarlHi Raphael Chasse,
The LoadBalancer plugin can be used as a reverse proxy.
you could configure the loadbalancer.xml as below, where requests for app1 get redirected to server1 and app2 to server2.
<loadbalancer>
<cluster name="cluster1">
<instance disable-timeout-in-minutes="30" enabled="true" listeners="http://server1 name="i1"/>
<web-module context-root="/app1" disable-timeout-in-minutes="30" enabled="true"/>
<health-checker interval-in-seconds="1" timeout-in-seconds="60" url="/"/>
</cluster>
<cluster name="cluster2">
<instance disable-timeout-in-minutes="30" enabled="true" listeners="http://server2 name="i2"/>
<web-module context-root="/app2" disable-timeout-in-minutes="30" enabled="true"/>
<health-checker interval-in-seconds="1" timeout-in-seconds="60" url="/"/>
</cluster>
</loadbalancer>
This link talks more about the loadbalancer.xml file format http://docs.sun.com/source/817-5445/aglbdtd.html.
cheers
Vishwas -
How to setup CSS as reverse proxy server without cache server
Hi, question regarding CSS capabilities.
Is there a way to setup CSS (11000 series or 11500) to act as a reverse proxy server without caching server in place? Or is it possible for CSS to cache contents on its own?
And what is disk space on CSS used for?
Thank you.Thank you for clarification on disk usage on CSS. I have gone through sample config for reverse proxy caching
http://www.cisco.com/warp/customer/117/CSS_CEreverseproxy.html
Does this mean only way to have CSS to do reverse proxying is to have cache engine in conjunction with CSS?
Thank you again in advance. -
SAP reverse Proxy Server Configuration
Hi All,
We wanted to configure reverse proxy in our landscape, I will explain how we have through of implementing it.
The request over the internet will be recieved by Our EP Server AAA which will act as a reverse proxy server and the request will be mapped to the Production EP server BBB which will serve the request.
I have found few links on the internet explaining the concept of DMZ but still I dont have much clear Idea about this.
If anyone can share any relevant link on, how this can be implemented will be really great.
Thanks,
Sharib TasneemHi Sharib
Check the link below , may be useful
http://help.sap.com/saphelp_nwce10/helpdata/en/d8/00413549394a85b28bae68b715e6cb/content.htm
833960 - supported Application Gateway Configurations
1577357 - How To Change the URL Used to Access the Portal on NetWeaver 7.30
Regards
Pyari -
Give me description about JAVA Proxy Runtime and JAVA Proxy Server
Give me description about JAVA Proxy Runtime and JAVA Proxy Server with some examples.
Hi,
Java proxy runtime :
Using the Java proxy runtime you can receive messages or send messages to the Integration Server.
This will help you
http://help.sap.com/saphelp_nw04/helpdata/en/64/7e5e3c754e476ee10000000a11405a/frameset.htm
Java proxy server :
The connection to the Integration Server by using the Java proxy runtime.
This will help you
http://help.sap.com/saphelp_nw04/helpdata/en/87/5305adc23540b8ac7bce08dbe96bd5/frameset.htm
Regards
Agasthuri Doss -
Reverse proxy server on top of load balancer
Hi ,
I have seen some customers with setup including Reverse Proxy Server on top of Load balancer with SSL accelerator configured with oracle apps 11i , my query is what is the use of configuring Reverse proxy server on top of Load balancer as load balancer can act as reverse proxy.
Thanks,
PuneethHi;
Pelase see Steven Chan blog entery
In-Depth: Load-Balancing E-Business Suite Environments
http://blogs.oracle.com/stevenChan/2006/06/indepth_loadbalancing_ebusines.html
Also see:
11i Forms LoadBalancing question
Load Balancing for EBS R12
Check notes, i belive those are should gives u some answer
Regard
Helios -
Reverse proxy server CMS certificate verification
Hi,
Is there a way to instruct the reverse proxy server (3.6 SP7) not to verify the CMS server certificate?
What we are trying to do is, setup a test CMS server with self signed certs installed on it, but don't want to install the CA cert for the same (above self signed cert) on the reverse proxy server.
thnx,
AlokSorry, but it's not very clear.
The CA cert for the self signed cert ??? -
DNS Resolution - Reverse Proxy Server
Hi,
I am deploying Reverse Proxy Server using ARR for publishing Lync 2013. I have added following servers in server farms:-
1. dialin.domain.com
2. meet.domain.com
3. lyncdiscover.domain.com
4. lyncweb.domain.com
5. wacsrv.domain.com (office web apps server)
I am confused over the following:-
1. My internal domain is .local, i.e. my front end server is fes.domain.local. In this case, how my reverse proxy server will resolve my internal server names? do I need to add static mapping using host file?
2. Will dialin, meet, lyncdiscover, lyncweb point to Front End Server?Yes, you will use a host file or DNS zone on the internal DNS server (split DNS) to resolve the IP of the Front End from your IIS ARR box.
You will point dialin, meet, lyncdiscover to the front end server.
On the Front End server in topology builder override the External FQDN on the Lync Web Services to use the external name. (most likely lyncweb.domain.com or whatever you choose)
If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer"
Georg Thomas | Lync MVP
Blog www.lynced.com.au | Twitter
@georgathomas
Lync Edge Port Check (Beta) -
Trasnparent proxy and reverse proxy at the same time
Can I have in a Content Engine v 4.2 transparent proxy and reverse proxy at the same time ?
Yes, as long as you are not redirecting the two services on the same interface. One service takes precedence over the other and I believe transparent web-cache redirect takes precedence over reverse-proxy.
Maybe you are looking for
-
I purchased this Ipod two years ago. I was using it in a docking station and got along quite well. Now I cnnot use it withou running a cord from the ipod to the station. Anyone help me?
-
Dear All, Could you please explain me the Digital Signature Configuration steps for Document Systems for Solar02 ? Could you please share me the documents regarding this? Regards, Krishnan Kumar.K SolMan Consultant +91-9036197602
-
How can i execute that sub menu through Acrobat javascript
Hi, I want to open multiple .pdf files in Acrobat Professional 9 enable the menu item which is in Advanced -> Extend Features in Adobe reader. "Extend Features in Adobe reader." is a sub menu in "Advance" menu item. How can i execute that sub menu t
-
may i know what is SAP BATCH PROCESS in BW, thank you.
-
I just downloasded the new Firefox and then went to pay some bills online. Although I see that the URL in the address still has an https at the beginning, I miss the the locked padlock in the corner that helped assure me I was more secure.