Reverse Proxy question

Similar Messages

• Lync 2013 edge-no reverse proxy question

  I deployed lync 2013 edge server and no reverse proxy yet.I am trying to connect from my windows 7 machine with no luck and I can see a top reset on the firewall,my question is is reverse proxy required for the normal client to connect and do basic IM?
  Plz confirm.thx

  *****Update**********
  now when i am trying to test connevity using microsoft connecvitry analyer i am getting error realted to the external certifictare stating that " certificate couldn't be validated because SSL negotiation
  wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation." with UC troubleshotter i am getting the same.any idea?
  PS certificate is from Digi
  cert and i have checked the installation with thier tool and all was green
  regards
  The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
  The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
  The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
  The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
  The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
  The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
  The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
  The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with
  the certificate installation.

• ACE Reverse Proxy question

  Hello, I have a client that needs to reverse proxy sessions to two backend servers. Can the ACE preform reverse proxies?

  Gregg,
  you need to create an action-list and assign it to your policy-map
  switch/Admin(config)# action-list type optimization http avs_default
  switch/Admin(config-actlist-optm)# ?
  Configure optimization actions:
  appscope Appscope measurement against optimization
  cache Cache optimization
  delta Delta optimization
  do EXEC command
  dynamic Enable just-in-time object accelaration
  end Exit from configure mode
  exit Exit from this submode
  flashforward Flashforward optimization
  flashforward-object Flashforward object optimization
  no Negate a command or set its defaults
  You will probably want to use cache forward or cache dynamic.
  More info at
  http://www.cisco.com/en/US/docs/net_mgmt/application_networking_manager/2.0/user/guide/UG_optimization.html
  Gilles.

• Reverse proxy + SSL question

  Hi everyone.
  I try to setup a proxy for my organization (I downloaded the latest 4.0.x version of Sun Web Proxy Server). The idea is that, through it we need to offer acces to a part of our intranet.
  There is a public (internet) address available (with SSL activated, it's an Apache server).
  The idea is :
  - normal extranet : https://foo.bar.com
  - reverse proxy : https://foo.bar.com:4443/path/inside/intranet (which would be, for the proxy https://intranet.foo.bar.com/path/inside/intranet).
  Do you have any advice on how I should do that ? I tried to import the apache certificate inside the proxy, but it won't work. Is there something I'm missing ?
  Thanks in advance for your answers.
  Edited by: TiamatB5 on Dec 8, 2008 7:42 AM

  Alright, I found the solution :
  - apache is used as a front reverse proxy, accepting SSL requests
  - a specific url is used like : https://extranet.foo.bar/intranet that does the reverse proxy to http://extranet.foo.bar:8888 (on the same server as apache)
  - Sun Proxy Web server is used to do the real reverse proxying of http://extranet.foo.bar:8888 to http://intranet.foo.bar
  - the content rewriting is used to rewrite internal url to https ones like : http://intranet.foo.bar/foo/bar is rewritten to https://extranet.foo.bar/intranet/foo/bar
  After testing it works like a charm. No need to request a specific certificate for the Sun Proxy, and it's exactly what's been asked to me, that is : the client mustn't see the internal redirection. With this, they don't see that there is a proxy and they don't see the http://extranet.foo.bar:8888 part. It seems a bit complicated, but at least it works ;)
  Edited by: TiamatB5 on Dec 9, 2008 12:50 AM

• Question on Apache as reverse proxy

  Hi, all.
  We are currently using Apache 2.2.10 as the reverse proxy for the EP 7.3.1. All of the apps are webdynpro for Abap based in ECC.
  In 2 of the WDA apps, we get intermittent blue circle of death. The user action can be totally random in the apps when they hit the problem. So far, we are not able to reproduce it. When the spinning circle happens, SM04 and SM50 in ECC show no activity from that user. There is nothing from SM21, ST05(abap and sql trace) or the dev_* trace files. I don't think SAP is running anything for that user when that happens. Ultimately, the user will get a "bad request" or HTTP 400 from the Apache server.
  Here is what I see from the apache access log and error log:
  [31/Jul/2014:23:50:26 -0400] TLSv1 AES128-SHA "POST /sap/bc/webdynpro/sap/ZR_SSEPP_OPERATIONAL_SCHEDULE;sap-ext-sid=VcFRQjFOvu8TJYp9gDoeAA--4x1GQAg0MPPjCUEQif5iWQ--?sap-contextid=SID%3aANON%3asapprd_PR3_03%3aezUnW-FXtaYVyXREaAD7rxW0k8o5pk_n9RfjPfcB-NEW HTTP/1.1" 400 3004 "https://xxxxx/sap/bc/webdynpro/sap/ZR_SSEPP_OPERATIONAL_SCHEDULE;sap-ext-sid=VcFRQjFOvu8TJYp9gDoeAA--4x1GQAg0MPPjCUEQif5iWQ--" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)" 706345611
  [Fri Aug 01 14:19:07 2014] [error] [client 10.4.53.198] (70014)End of file found: proxy: error reading status line from remote server xxxxxx, referer: https://xxxxx/sap/bc/webdynpro/sap/ZR_SSEPP_OPERATIONAL_SCHEDULE;sap-ext-sid=RaH2yjQlV6o7wVaj6wv6zA--LXTMFzjjKvcuwT*DXWoBmA--
  Have you seen this error before? If you are using apache as the reverse proxy, would you mind to share the parameters you have?
  Thanks,
  Jonathan.

  Hi, Lawrence.
  The reason I am posting is because we couldn't isolate the source of the problem. I know that the Apache server is 7 years old. But the apache team is only thinking of updating it to 2.2.27 until later this year, nevermind the version 2.4. Chances are there will be delays as the apache is shared by a lot of other non-sap apps.
  Would you be able to share your troubleshooting experience? How do you pinpoint that this is an Apache issue? Right now the Apache team is saying that this is an SAP issue. But since we cannot reproduce the problem and we are not allowed to take Apache out temporarily or selectively(as per Corporate policy), everything is possible.
  Thanks,
  Jonathan.

• IIS Reverse Proxy with URL rewrite.

  Hi all, hoping to leverage the wealth of knowledge contained here.
  Any assistance would be very welcome.
  I'm having an issue getting a reverse proxy and URL rewrite working in IIS 7.0.
  I need to redirect all requests with a specific virtual directory suffix only.
  ie; https://domain.test.com/outbound/Content/query_etc
  With /Outbound/ being the trigger.
  This should be redirected to http://10.10.10.10/inbound/Content/query_etc
  While at the same time, requests without the /outbound/ suffix should be handled locally.
  I have configured the reverse proxy as described in a few articles, and have had no luck.
  Here's a snippet from my (sanitized) web.config at the site level.
  <rewrite>
  <outboundRules>
  <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
  <match filterByTags="A" pattern="^http(s)?://10.10.10.10/inbound/(.*)" />
  <action type="Rewrite" value="https://domain.test.com/outbound/{R:2}" />
  </rule>
  <preConditions>
  <preCondition name="ResponseIsHtml1">
  <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
  </preCondition>
  </preConditions>
  </outboundRules>
  <rules>
  <rule name="ReverseProxyInboundRule1" stopProcessing="true">
  <match url="^outbound/(.*)" />
  <action type="Rewrite" url="http://10.10.10.10/inbound/{R:1}" appendQueryString="true" logRewrittenUrl="false" />
  </rule>
  </rules>
  </rewrite>
  To me, this looks correct, yet it doesn't work.
  With this, I get the normal 404 - Error Code 0x80070002, with the text indicating the local directory doesn't exist, so.... not being picked up by the filter for redirection.

  Hi Andrew,
  Looking at your requirements it appears you need Reverse Proxy To Another Site/Server.
  By using URL Rewrite Module together with
  Application Request Routing module you can have IIS 7 act as a
  reverse proxy.
  It seems like URL Rewrite can't re-route the request somewhere else out of the server.
  Even when you rewrite the url the actual connection remains with the server. Hence if your original server doesn't have /inbound/Content/query_etc  it will fail with 404.
  Hosting multiple domain names under a single account using URL Rewrite.
  It’s a common desire to have a single IIS website that handles multiple sites with different domain names.
  References:
  How to create a url alias using IIS URL Rewrite:
  http://blogs.technet.com/b/mspfe/archive/2013/11/27/how-to-create-a-url-alias-using-iis-url-rewrite.aspx
  Reverse Proxy with URL Rewrite v2 and Application Request Routing:
  http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing
  Regards,
  Satyajit
  Please“Vote As Helpful”
  if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

• How to change Script path for Reserved.ReportViewerWebControl.axd when working behind reverse proxy?

  Hi,
  My application works behind a reverse proxy which has polices for secure and unsecure areas of the application. Architecture and Infra team is not willing to allow any root level policies in any case
  When report viewer control is rendered on the page, it is adding a reference to the http handler Reserved.ReportViewerWebControl.axd in the script tag and the URL is at the root level. Unfortunately like other AjaxControlToolkit web resources I cannot modify
  the URL to refer to the local script using ScriptManager.
  Do we have any other property / means by which I can get this altered.
  It is so unfortunate that the Microsoft.ReportViewer.WebForms assembly resources like scripts etc are not exposed as webresource at the assembly level and there is no way to modify this.
  Does anyone has any solution to this?
  Appreciate your help
  Thanks in advance
  Badal

  Hi Badal,
  Thank you for your question.
  I am trying to involve someone more familiar with this topic for a further look at this issue. Sometime delay might be expected from the job transferring. Your patience is greatly appreciated.
  Thank you for your understanding and support.
  Thanks,
  Alisa Tang
  If you have any feedback on our support, please click
  here.
  Alisa Tang
  TechNet Community Support

• BizTalk published WCF service throwing HTTP 404 error using ISA reverse proxy settings

  I have published my schemas as a WCF service from BizTalk 2010 "Publish WCF Service" wizard. I used Wcf-basicHTTP adapter in receive port. I am able to run the service successfully on localhost IIS and I tested my biztalk solution by sending request using SOAP UI and got response successfully.... Now: Actually, I need to give this service endpoint to my vendor who will send request from outside my company's network i.e. internet. In my infrastrucrue BizTalk is behind the firewall so, we setup a REVERSE proxy server at DMZ layer and it is configured properly. I have tested a simple WCF service by replacing the localhost with Proxy server configured address <DNSName> and it worked absolutely fine. But when I change localhost in my BizTalk schema based published WCF service it is not working and I am getting following error. Really strugling to get it resolved. I wasted a whole 3 days....very upset. Please help me out by giving the detailed step solution. Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly. Requested URL: /BizTalkServiceInstance/MyService.svc I am surprized why other c# code based WCF services are working fine with reverse proxy settings. Server Error in '/' Application. The resource cannot be found.Is there any special things to consider Biztalk exposed wcf servcie over ssl in IIS cluster with ISA

  Hi Singam :)
  First I would start by browsing any other files (files other than the one from WCF) just to ensure that the reverse-proxy’s redirection rules are set correctly. If you get the same 404 error when you try to access other service/files “through reverse-proxy”,
  then it’s an issue in the redirection rule(s) in reverse-proxy.
  If others are fine i.e. no issue in reverse-proxy setup as such, then try the following for WCF service's web.config file. I have seen this issue in WCF service (not just BizTalk’s artifacts exposed as service in reverse-proxy). Add serviceHostingEnvironment
  config as show with in serviceModel section.
  <system.serviceModel>
  <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
  Regards,
  M.R.Ashwin Prabhu
  If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply.

• What is the alternative to TMG/ISA For SSL-Bridging-Capable Reverse Proxy For System Center 2012 R2 IBCM?

  When I look up alternatives to TMG many other answers say something like "Don't worry about it. TMG 2010 is under support until 2020."
  Well, we don't have TMG and can't buy it since it is off the market.  Can it still be legitimately purchased through any resellers?
  We need a reverse proxy that specifically supports SSL-Bridging so that device certificate authentication is not broken when the connection passes through the proxy.
  Which reverse proxies that are currently on the market are known to work successfully with System Center Config Manager Internet-Based Client Management and also with other Microsoft products such as Lync 2010 and RD Gateway 2012 R2?
  Do any Cisco ASA or ACE models support the required functionality for machine certificate authentication?
  We have ISA 2006 licenses available, but I would hate to roll that out and then have to replace it in only 2 years rather than using something that can stay in place long term.  Maybe we could use ISA 2006 temporarily as a stopgap if the next version
  released of Windows Server Web Application Proxy would meet the requirements and can be deployed in production before ISA 2006 is completely EOL.
  I hate that Microsoft keeps discontinuing all the related products to this before they have their replacements ready.

  Hi,
  You are correct, all TMG product sales officially ended in December 2012.
  In addition, an ISA Server and a TS Gateway server can be used together to enhance security for remote connections to internal network resources. However, it
  seems that ISA 2006 cannot support that on Windows Server 2012 R2. For more detailed information:
  Configuring the TS Gateway ISA Server Scenario
  Personally, Web application proxy would be an alternate. In addition, for the question related to Cisco product, you can contact Cisco for assistance.
  Best regards,
  Susie

• Remote_user not passed in reverse proxy

  Hi Team,
  Our webserver is ARR enables.Trying to setup the reverse proxy but  using urlrewrite.Request reaches the backend server but the Request header Remote_user is empty.Any workaround to pass the value to the Backend server.
  Do i need to build a HTTP Module to set the remote_user variable?
  Thanks in advance.

  ASP.NET and IIS questions should be posted in the ASP.NET forums (http://forums.asp.net ).

• Ask the Experts: Single Sign-On with Cisco WebEx Meetings Server, Internet Reverse Proxy, and Enterprise License Manager Solutions

  With Arun Kumar
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about Single Sign-On (SSO) with Cisco WebEx Meetings Server (Cisco WMS), Internet Reverse Proxy (IRP), and Enterprise License Manager (ELM) solutions.
  SSO standards such as Security Assertion Markup Language (SAML) 2.0 provide secure mechanisms for passing credentials and related information between different websites that have their own authorization and authentication systems. SSO enables simplified user authentication and management.
  IRP provides public access, enabling users to host or attend meetings from the Internet and mobile devices. Although IRP is optional, Cisco encourages its use because it provides a better user experience for your mobile workforce.
  Example question topics include:
  SSO profiles and SAML 2.0 Identity providers (IdPs) supported in Cisco WMS
  Basic configuration of IdPs
  Interaction between IdPs and Cisco WMS
  Difference between the cloud client implementation and Cisco WMS
  Meeting access behavior in a split-horizon network topology with SSO
  How to enable public access to Cisco WMS
  Cisco WMS ELM operations
  Cisco WMS ELM compared to other unified communications ELM or standalone ELM and compatibility/inoperability between them
  Arun Kumar is a team lead in the San Jose Conferencing Technical Assistance Center. He has over eight years of experience in conferencing technology and specializes in Cisco Unified Meeting Place Express and Cisco WebEx Meeting Server. He joined Cisco in 2010 as an escalation engineer for the Cisco Telepresence group. Before joining Cisco he worked for the UK's third-largest internet service provider Supanet on VoIP technology and the *Nix domain. Kumar holds a master of science degree in computer science from Sikkim Manipal University in India, and he holds CCIE (Voice) and VMware Certified Professional certifications.
  Remember to use the rating system to let Arun know if you have received an adequate response.
  Arun might not be able to answer each question because of the volume expected during this event. Remember that you can continue the conversation on the Collaboration, Voice, and Video community Other Subjects subcommunity shortly after the event. This event lasts through Monday May 17, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hello Mobile Service,
  CWMS and Jabber integrations:
  http://www.cisco.com/en/US/docs/voice_ip_comm/jabber/Windows/9_1/JABW_BK_E4CC9599_00_environment-configuration-guide_chapter_01.html#JABW_TK_SF2ED5E1_00
  In above link start from section: Set Up Cisco WebEx Meetings Server on Cisco Unified Presence
  then move to section: Add Cisco WebEx Meetings Server to a Profile
  Once done, move to section: Specify Conferencing Credentials in the Client side. You will see above server already listed there, just go ahead and enter your username and password (pleae make sure this user already exists on your CWMS) and accept any certificate/s if presented. Jabber Integration is done and you can start testing the same.
  Attached CWMS - AFDS integration doc.
  Please let me know if any furhter question.
  Thanks, Arun

• Forward parameters in reverse proxy configuration

  Hi,
  Looking at the detailed configuration in a reverse proxy rule in SJSWS, I have derived the following conclusions:
  1) Where the SJSWS listener has SSL-enabled, reverse proxy works on a HTTPS in, HTTP out basis.
  2) Details in the incoming request's SSL header, such as User DN, will be stripped out and remapped into the outgoing request as a custom header, e.g. "Proxy-user-dn".
  Can anybody tell me if I have gotten anything wrong above?
  We are currently switching over from an Apache/mod_proxy/mod_ssl --> Apache/mod_jk --> Apache Tomcat server setup to a hybrid model where SJSWS is the web server reverse proxying to Tomcat (old apps) and SJSAS (new apps).
  My question:
  All our apps use the User DN string as the user ID. Previously, we developed a custom module in Apache to read the DN at the Apache level and then rewrite it into the Basic Auth user name header in the outgoing request. The Tomcat webapp will then authenticate the user based on the Basic Auth user name property. Is it possible for me to remap it into something similar here in the SJSWS reverse proxy configuration?
  Thanks!
  Wong

  I am not a reverse proxy expert, but this Object-type SAF should forward userdn
  http://docs.sun.com/app/docs/doc/820-1062/6ncoqnq3b?l=en&a=view&q=forward-user-dn
  You can look for more such SAFs in this document.

• Why do we use reverse proxy for Oracle RAC Cluster setup

  Hello All,
               I got this question lately.. "why do we use reverse proxy for Oracle RAC Cluster setup". I know we use the reverse proxy at Middleware level for multiple security reasons.
  Thanks..

  "why do we use reverse proxy for Oracle RAC Cluster setup".
  I wouldn't. I wouldn't use a proxy of any sort for the Cluster Interconnect for sure.
  Cheers,
  Brian

• Apache as Reverse Proxy for UWC and Webmail

  Hi,
  for several reasons i want to use apache 2 as reverse proxy and ssl accelerator for UWC.
  internet <-> apache/ssl <-> backend port 80
  I configured my apache with mod_proxy and mod_proxy_html.
  Here are the concerning config lines:
  LoadModule headers_module modules/mod_headers.so
  LoadModule proxy_module modules/mod_proxy.so
  LoadModule proxy_connect_module modules/mod_proxy_connect.so
  LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
  LoadModule proxy_http_module modules/mod_proxy_http.so
  LoadFile    /usr/lib/libxml2.so
  LoadModule  proxy_html_module    modules/mod_proxy_html.so
  ProxyPass / http://backend.domain.com/
  ProxyPassReverse / http://backend.domain.com/
  <Location />
          ProxyPassReverse /
          SetOutputFilter proxy-html
          ProxyHTMLURLMap / /
          ProxyHTMLURLMap http://backend.domain.com:80/ http://webplex.domain.com/
          ProxyHTMLExtended On
          RequestHeader unset Accept-Encoding
  </Location>For Webmail this configuration works most of the time. There are some minor problems in ie with the folder view. But the real problem is: I can't get UWC to work. The problem seems to be that mod_proxy_html can't replace all of the occurences of backend.domain.com in the html pages.
  Especially:
  onsubmit="handleSubmit()" action="http://webplex.domain.com/amserver/UI/Login?goto=http://backend.domain.com:80/uwc/&gotoOnFail=http://backend.domain.com:80/uwc/?err=1&module=LDAP" method="POST">in the uwc login page.
  So my question is:
  Is anybody out there who got apache working as reverse proxy for uwc?
  Thanks a lot.
  PS1:Solaris 10 on V20z, JES2005Q4
  PS2: I already configured UWC with the reverse plugin for sun webserver on backend host so that uwc is working through port 80 only. So there should be no problems arise from that.

  Hopefully, you'll hear from somebody. I have zero knowledge or experience with Apache.

• Apache as reverse proxy - 400 Bad request

  Hi all,
  I'm configured apache as reverse proxy according to this blog:
  The Reverse Proxy Series -- Part 3: Apache as a reverse-proxy
  When I try to navigate http://testcomp/irj I get "400 - Bad request"
  See exception;
  <i>Message : User Guest, IP address
  Cannot parse the http request. Http error response [400 Bad Request] will be returned. Request is [Host: sapportal:50000
  Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, /
  Accept-Language: en,he;q=0.5
  Accept-Encoding: gzip, deflate
  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; FDM; .NET CLR 2.0.50727)
  Max-Forwards: 10
  Via: 1.1 localhost
  X-Forwarded-For: 10.0.0.4
  X-Forwarded-Host: 10.0.0.6
  X-Forwarded-Server: localhost
  Connection: Keep-Alive
  GET /irj HTTP/1.1
  Host: sapportal:50000
  Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, /
  Accept-Language: en,he;q=0.5
  Accept-Encoding: gzip, deflate
  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; FDM; .NET CLR 2.0.50727)
  Max-Forwards: 10
  Via: 1.1 localhost
  X-Forwarded-For: 10.0.0.4
  X-Forwarded-Host: 10.0.0.6
  X-Forwarded-Server: localhost
  Connection: Keep-Alive
  com.sap.engine.services.httpserver.exceptions.HttpIllegalArgumentException: Incompatible field content in the MIME header.
       at com.sap.engine.services.httpserver.lib.headers.MimeHeaderField.parse(MimeHeaderField.java:364)
       at com.sap.engine.services.httpserver.lib.headers.MimeHeaders.init(MimeHeaders.java:504)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.initialize(RequestAnalizer.java:196)
       at com.sap.engine.services.httpserver.server.Client.initialize(Client.java:84)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:143)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
  Severity : Error
  Category :
  Location : com.sap.engine.services.httpserver
  Application :
  Thread : SAPEngine_Application_Thread[impl:3]_32
  Datasource : 9332850:C:usrsapPD9JC00j2eeclusterserver0logdefaultTrace.trc
  Message ID : 000C29EFE9A300570000002D00000B9000043A81D3311894
  Source Name : com.sap.engine.services.httpserver
  Argument Objs :
  Arguments :
  Dsr Component :
  Dsr Transaction : 5359e85066e411dcbf6b000c29efe9a3
  Dsr User :
  Indent : 0
  Level : 0
  Message Code :
  Message Type : 0
  Relatives :
  Resource Bundlename :
  Session : 2
  Source : com.sap.engine.services.httpserver
  ThreadObject : SAPEngine_Application_Thread[impl:3]_32
  Transaction :
  User : Guest</i>
  The lines I added to http.conf
  <i>#Enable reverse-proxying
  ProxyVia on
  ProxyTimeout 600
  #disable forward-proxying
  ProxyRequests Off
  #proxy /irj both ways
  ProxyPass /irj http://sapportal:50000/irj
  ProxyPassReverse /irj http://testcomp/irj
  #proxy /logon both ways
  ProxyPass /logon http://sapportal:50000/logon
  ProxyPassReverse /logon http://testcomp/logon</i>
  I tried with apache version 2.2.3 & 2.0.59 with no success.
  My J2EE/Portal version is 6.17.
  Since this is a testing environment the two computers are under the same workgroup (no domain).
  If I naviagte directly to the portal (without the reverse proxy) everything is working.
  How can I solve it?
  Regards,
  Omri

  Hi Jakub,
  Thanks for the answer.
  It's not working for me...
  I'm attaching my httpd.conf file.
  Also, what apache version do you use?
  Can you send me your post your httpd.conf file?
  Thanks,
  Omri
  httpd.conf
  This is the main Apache HTTP server configuration file.  It contains the
  configuration directives that give the server its instructions.
  See <URL:http://httpd.apache.org/docs/2.2/> for detailed information.
  In particular, see
  <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
  for a discussion of each configuration directive.
  Do NOT simply read the instructions in here without understanding
  what they do.  They're here only as hints or reminders.  If you are unsure
  consult the online docs. You have been warned. 
  Configuration and logfile names: If the filenames you specify for many
  of the server's control files begin with "/" (or "drive:/" for Win32), the
  server will use that explicit path.  If the filenames do not begin
  with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
  with ServerRoot set to "c:/apache" will be interpreted by the
  server as "c:/apache/logs/foo.log".
  NOTE: Where filenames are specified, you must use forward slashes
  instead of backslashes (e.g., "c:/apache" instead of "c:\apache").
  If a drive letter is omitted, the drive on which Apache.exe is located
  will be used by default.  It is recommended that you always supply
  an explicit drive letter in absolute paths, however, to avoid
  confusion.
  ThreadsPerChild: constant number of worker threads in the server process
  MaxRequestsPerChild: maximum  number of requests a server process serves
  ThreadsPerChild 250
  MaxRequestsPerChild  0
  ServerRoot: The top of the directory tree under which the server's
  configuration, error, and log files are kept.
  Do not add a slash at the end of the directory path.  If you point
  ServerRoot at a non-local disk, be sure to point the LockFile directive
  at a local disk.  If you wish to share the same ServerRoot for multiple
  httpd daemons, you will need to change at least LockFile and PidFile.
  ServerRoot "c:/apache"
  Listen: Allows you to bind Apache to specific IP addresses and/or
  ports, instead of the default. See also the <VirtualHost>
  directive.
  Change this to Listen on specific IP addresses as shown below to
  prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
  #Listen 12.34.56.78:80
  Listen 80
  Dynamic Shared Object (DSO) Support
  To be able to use the functionality of a module which was built as a DSO you
  have to place corresponding `LoadModule' lines at this location so the
  directives contained in it are actually available before they are used.
  Statically compiled modules (those listed by `httpd -l') do not need
  to be loaded here.
  Example:
  LoadModule foo_module modules/mod_foo.so
  LoadModule actions_module modules/mod_actions.so
  LoadModule alias_module modules/mod_alias.so
  LoadModule asis_module modules/mod_asis.so
  LoadModule auth_basic_module modules/mod_auth_basic.so
  #LoadModule auth_digest_module modules/mod_auth_digest.so
  #LoadModule authn_anon_module modules/mod_authn_anon.so
  #LoadModule authn_dbm_module modules/mod_authn_dbm.so
  LoadModule authn_default_module modules/mod_authn_default.so
  LoadModule authn_file_module modules/mod_authn_file.so
  #LoadModule authz_dbm_module modules/mod_authz_dbm.so
  LoadModule authz_default_module modules/mod_authz_default.so
  LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
  LoadModule authz_host_module modules/mod_authz_host.so
  LoadModule authz_user_module modules/mod_authz_user.so
  LoadModule autoindex_module modules/mod_autoindex.so
  #LoadModule cern_meta_module modules/mod_cern_meta.so
  LoadModule cgi_module modules/mod_cgi.so
  #LoadModule dav_module modules/mod_dav.so
  #LoadModule dav_fs_module modules/mod_dav_fs.so
  #LoadModule deflate_module modules/mod_deflate.so
  LoadModule dir_module modules/mod_dir.so
  LoadModule env_module modules/mod_env.so
  #LoadModule expires_module modules/mod_expires.so
  #LoadModule file_cache_module modules/mod_file_cache.so
  #LoadModule headers_module modules/mod_headers.so
  LoadModule imagemap_module modules/mod_imagemap.so
  LoadModule include_module modules/mod_include.so
  #LoadModule info_module modules/mod_info.so
  LoadModule isapi_module modules/mod_isapi.so
  LoadModule log_config_module modules/mod_log_config.so
  LoadModule mime_module modules/mod_mime.so
  #LoadModule mime_magic_module modules/mod_mime_magic.so
  <b>LoadModule proxy_module modules/mod_proxy.so</b>
  #LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
  #LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
  #LoadModule proxy_connect_module modules/mod_proxy_connect.so
  <b>LoadModule proxy_http_module modules/mod_proxy_http.so</b>
  #LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
  LoadModule negotiation_module modules/mod_negotiation.so
  #LoadModule rewrite_module modules/mod_rewrite.so
  LoadModule setenvif_module modules/mod_setenvif.so
  #LoadModule speling_module modules/mod_speling.so
  #LoadModule status_module modules/mod_status.so
  #LoadModule unique_id_module modules/mod_unique_id.so
  LoadModule userdir_module modules/mod_userdir.so
  #LoadModule usertrack_module modules/mod_usertrack.so
  #LoadModule vhost_alias_module modules/mod_vhost_alias.so
  #LoadModule ssl_module modules/mod_ssl.so
  'Main' server configuration
  The directives in this section set up the values used by the 'main'
  server, which responds to any requests that aren't handled by a
  <VirtualHost> definition.  These values also provide defaults for
  any <VirtualHost> containers you may define later in the file.
  All of these directives may appear inside <VirtualHost> containers,
  in which case these default settings will be overridden for the
  virtual host being defined.
  ServerAdmin: Your address, where problems with the server should be
  e-mailed.  This address appears on some server-generated pages, such
  as error documents.  e.g. [email protected]
  ServerAdmin @@ServerAdmin@@
  ServerName gives the name and port that the server uses to identify itself.
  This can often be determined automatically, but we recommend you specify
  it explicitly to prevent problems during startup.
  If your host doesn't have a registered DNS name, enter its IP address here.
  ServerName localhost:80
  DocumentRoot: The directory out of which you will serve your
  documents. By default, all requests are taken from this directory, but
  symbolic links and aliases may be used to point to other locations.
  DocumentRoot "c:/apache/htdocs"
  Each directory to which Apache has access can be configured with respect
  to which services and features are allowed and/or disabled in that
  directory (and its subdirectories).
  First, we configure the "default" to be a very restrictive set of
  features. 
  <Directory />
      Options FollowSymLinks
      AllowOverride None
      Order deny,allow
      Deny from all
      Satisfy all
  </Directory>
  Note that from this point forward you must specifically allow
  particular features to be enabled - so if something's not working as
  you might expect, make sure that you have specifically enabled it
  below.
  This should be changed to whatever you set DocumentRoot to.
  <Directory "c:/apache/htdocs">
  Possible values for the Options directive are "None", "All",
  or any combination of:
    Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
  Note that "MultiViews" must be named explicitly --- "Options All"
  doesn't give it to you.
  The Options directive is both complicated and important.  Please see
  http://httpd.apache.org/docs/2.2/mod/core.html#options
  for more information.
      Options Indexes FollowSymLinks
  AllowOverride controls what directives may be placed in .htaccess files.
  It can be "All", "None", or any combination of the keywords:
    Options FileInfo AuthConfig Limit
      AllowOverride None
  Controls who can get stuff from this server.
      Order allow,deny
      Allow from all
  </Directory>
  DirectoryIndex: sets the file that Apache will serve if a directory
  is requested.
  <IfModule dir_module>
      DirectoryIndex index.html
  </IfModule>
  The following lines prevent .htaccess and .htpasswd files from being
  viewed by Web clients.
  <FilesMatch "^\.ht">
      Order allow,deny
      Deny from all
  </FilesMatch>
  ErrorLog: The location of the error log file.
  If you do not specify an ErrorLog directive within a <VirtualHost>
  container, error messages relating to that virtual host will be
  logged here.  If you do define an error logfile for a <VirtualHost>
  container, that host's errors will be logged there and not here.
  ErrorLog logs/error.log
  LogLevel: Control the number of messages logged to the error_log.
  Possible values include: debug, info, notice, warn, error, crit,
  alert, emerg.
  LogLevel warn
  <IfModule log_config_module>
  The following directives define some format nicknames for use with
  a CustomLog directive (see below).
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%You need to enable mod_logio.c to use %I and %Oi\" \"%{User-Agent}i\"" combined
      LogFormat "%h %l %u %t \"%r\" %>s %b" common
      <IfModule logio_module>
        LogFormat "%h %l %u %t \"%r\" %>s %b \"%i\" \"%{User-Agent}i\" %I %O" combinedio
      </IfModule>
  The location and format of the access logfile (Common Logfile Format).
  If you do not define any access logfiles within a <VirtualHost>
  container, they will be logged here.  Contrariwise, if you do
  define per-<VirtualHost> access logfiles, transactions will be
  logged therein and not in this file.
      CustomLog logs/access.log common
  If you prefer a logfile with access, agent, and referer information
  (Combined Logfile Format) you can use the following directive.
      #CustomLog logs/access.log combined
  </IfModule>
  <IfModule alias_module>
  Redirect: Allows you to tell clients about documents that used to
  exist in your server's namespace, but do not anymore. The client
  will make a new request for the document at its new location.
  Example:
  Redirect permanent /foo http://www.example.com/bar
  Alias: Maps web paths into filesystem paths and is used to
  access content that does not live under the DocumentRoot.
  Example:
  Alias /webpath /full/filesystem/path
  If you include a trailing / on /webpath then the server will
  require it to be present in the URL.  You will also likely
  need to provide a <Directory> section to allow access to
  the filesystem path.
  ScriptAlias: This controls which directories contain server scripts.
  ScriptAliases are essentially the same as Aliases, except that
  documents in the target directory are treated as applications and
  run by the server when requested rather than as documents sent to the
  client.  The same rules about trailing "/" apply to ScriptAlias
  directives as to Alias.
      ScriptAlias /cgi-bin/ "c:/apache/cgi-bin/"
  </IfModule>
  "c:/apache/cgi-bin" should be changed to whatever your ScriptAliased
  CGI directory exists, if you have that configured.
  <Directory "c:/apache/cgi-bin">
      AllowOverride None
      Options None
      Order allow,deny
      Allow from all
  </Directory>
  Apache parses all CGI scripts for the shebang line by default.
  This comment line, the first line of the script, consists of the symbols
  pound (#) and exclamation followed by the path of the program that
  can execute this specific script.  For a perl script, with perl.exe in
  the C:\Program Files\Perl directory, the shebang line should be:
     #!c:/program files/perl/perl
  Note you mustnot_ indent the actual shebang line, and it must be the
  first line of the file.  Of course, CGI processing must be enabled by
  the appropriate ScriptAlias or Options ExecCGI directives for the files
  or directory in question.
  However, Apache on Windows allows either the Unix behavior above, or can
  use the Registry to match files by extention.  The command to execute
  a file of this type is retrieved from the registry by the same method as
  the Windows Explorer would use to handle double-clicking on a file.
  These script actions can be configured from the Windows Explorer View menu,
  'Folder Options', and reviewing the 'File Types' tab.  Clicking the Edit
  button allows you to modify the Actions, of which Apache 1.3 attempts to
  perform the 'Open' Action, and failing that it will try the shebang line.
  This behavior is subject to change in Apache release 2.0.
  Each mechanism has it's own specific security weaknesses, from the means
  to run a program you didn't intend the website owner to invoke, and the
  best method is a matter of great debate.
  To enable the this Windows specific behavior (and therefore -disable- the
  equivilant Unix behavior), uncomment the following directive:
  #ScriptInterpreterSource registry
  The directive above can be placed in individual <Directory> blocks or the
  .htaccess file, with either the 'registry' (Windows behavior) or 'script'
  (Unix behavior) option, and will override this server default option.
  DefaultType: the default MIME type the server will use for a document
  if it cannot otherwise determine one, such as from filename extensions.
  If your server contains mostly text or HTML documents, "text/plain" is
  a good value.  If most of your content is binary, such as applications
  or images, you may want to use "application/octet-stream" instead to
  keep browsers from trying to display binary files as though they are
  text.
  DefaultType text/plain
  <IfModule mime_module>
  TypesConfig points to the file containing the list of mappings from
  filename extension to MIME-type.
      TypesConfig conf/mime.types
  AddType allows you to add to or override the MIME configuration
  file specified in TypesConfig for specific file types.
      #AddType application/x-gzip .tgz
  AddEncoding allows you to have certain browsers uncompress
  information on the fly. Note: Not all browsers support this.
      #AddEncoding x-compress .Z
      #AddEncoding x-gzip .gz .tgz
  If the AddEncoding directives above are commented-out, then you
  probably should define those extensions to indicate media types:
      AddType application/x-compress .Z
      AddType application/x-gzip .gz .tgz
  AddHandler allows you to map certain file extensions to "handlers":
  actions unrelated to filetype. These can be either built into the server
  or added with the Action directive (see below)
  To use CGI scripts outside of ScriptAliased directories:
  (You will also need to add "ExecCGI" to the "Options" directive.)
      #AddHandler cgi-script .cgi
  For type maps (negotiated resources):
      #AddHandler type-map var
  Filters allow you to process content before it is sent to the client.
  To parse .shtml files for server-side includes (SSI):
  (You will also need to add "Includes" to the "Options" directive.)
      #AddType text/html .shtml
      #AddOutputFilter INCLUDES .shtml
  </IfModule>
  The mod_mime_magic module allows the server to use various hints from the
  contents of the file itself to determine its type.  The MIMEMagicFile
  directive tells the module where the hint definitions are located.
  #MIMEMagicFile conf/magic
  Customizable error responses come in three flavors:
  1) plain text 2) local redirects 3) external redirects
  Some examples:
  #ErrorDocument 500 "The server made a boo boo."
  #ErrorDocument 404 /missing.html
  #ErrorDocument 404 "/cgi-bin/missing_handler.pl"
  #ErrorDocument 402 http://www.example.com/subscription_info.html
  EnableMMAP and EnableSendfile: On systems that support it,
  memory-mapping or the sendfile syscall is used to deliver
  files.  This usually improves server performance, but must
  be turned off when serving from networked-mounted
  filesystems or if support for these functions is otherwise
  broken on your system.
  #EnableMMAP off
  #EnableSendfile off
  Supplemental configuration
  The configuration files in the conf/extra/ directory can be
  included to add extra features or to modify the default configuration of
  the server, or you may simply copy their contents here and change as
  necessary.
  Server-pool management (MPM specific)
  #Include conf/extra/httpd-mpm.conf
  Multi-language error messages
  #Include conf/extra/httpd-multilang-errordoc.conf
  Fancy directory listings
  #Include conf/extra/httpd-autoindex.conf
  Language settings
  #Include conf/extra/httpd-languages.conf
  User home directories
  #Include conf/extra/httpd-userdir.conf
  Real-time info on requests and configuration
  #Include conf/extra/httpd-info.conf
  Virtual hosts
  #Include conf/extra/httpd-vhosts.conf
  Local access to the Apache HTTP Server Manual
  #Include conf/extra/httpd-manual.conf
  Distributed authoring and versioning (WebDAV)
  #Include conf/extra/httpd-dav.conf
  Various default settings
  #Include conf/extra/httpd-default.conf
  Secure (SSL/TLS) connections
  #Include conf/extra/httpd-ssl.conf
  Note: The following must must be present to support
        starting without SSL on platforms with no /dev/random equivalent
        but a statically compiled-in mod_ssl.
  <IfModule ssl_module>
  SSLRandomSeed startup builtin
  SSLRandomSeed connect builtin
  </IfModule>
  <b>ProxyPreserveHost On
  ProxyVia on
  ProxyTimeout 600
  #disable forward-proxying
  ProxyRequests Off
  #proxy /irj both ways
  ProxyPass /irj http://sapportal:50000/irj
  ProxyPassReverse /irj http://sapportal:50000/irj
  #ProxyPassReverse /irj http://testcomp/irj
  #proxy /logon both ways
  ProxyPass /logon http://sapportal:50000/logon
  ProxyPassReverse /logon http://sapportal:50000/logon
  #ProxyPassReverse /logon http://testcomp/logon</b>