Border manager as reverse proxy with Sharepoint 2007

hello
need to implement an extranet based solution of Windows Sharepoint 2007, clients may need to traverse a BM reverse proxy server in order to hit the sharepoint environment. have a few questions
1. does it work well? or at all?
2. is the SSL session from the client terminated at the BM level
3. will be using SSL, can i install certs at the BM level for the site?
any other tips??

Originally Posted by phxazcraig
In article <[email protected]>, Gwelsh123 wrote:
> 1. does it work well? or at all?
Should work.
> 2. is the SSL session from the client terminated at the BM level
Yes, if you use proxy, sessions are always between client and proxy,
and another session between proxy and origin server.
> 3. will be using SSL, can i install certs at the BM level for the
> site?
I'm not quite sure what you mean. If you want to encrypt the data, I
think you would be best off doing a generic tcp proxy for port 443, and
have the cert on the endpoint (sharepoint) server, but perhaps that
would give cert errors due to the addressing.
Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to Craig Johnson Consulting - BorderManager, NetWare, and More ***
Im sure when using ISA as the reverse proxy, you install the SSL certs on the ISA box, and then you can use an internally generated cert on the web servers.
I also read somewhere that BM dosent support webdav?
do novell provide any documentation on this sort of configuration
we have a BM server already, there is an external firewall which forwards traffic to various websites to a specific port on the BM server, which then proxies the requests internall. it dosent seem particularly smart, more like a glorified port forwarder?

Similar Messages

Reverse Proxy for SharePoint 2013

Hi,
I need to setup SharePoint 2013 environment which needs to be accessible from mobile devices e.g. iPAD/Android, for reverse proxy, I am looking at apache or IIS ARR since UAG is going to be deprecated. So far any one setup apache (on
RHEL 6.x)
or IIS ARR(on W2K8R2) successfully as reverse proxy for SharePoint 2013 access? Is there any issue? and which SharePoint authentication method should be configured?
Must is be Form based authentication? As I read some articles it seems ARR supports Windows authentication. Thanks in advance.

IIS ARR doesn't authenticate users, it is a pass-through (unlike UAG which can do auth or anon). Both IIS AAR and the new Web Proxy Role in Server 2012 R2 do not work with SharePoint 2013 Apps.
Trevor Seward
Follow or contact me at...
&nbsp&nbsp
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

IIS Reverse Proxy with URL rewrite.

Hi all, hoping to leverage the wealth of knowledge contained here.
Any assistance would be very welcome.
I'm having an issue getting a reverse proxy and URL rewrite working in IIS 7.0.
I need to redirect all requests with a specific virtual directory suffix only.
ie; https://domain.test.com/outbound/Content/query_etc
With /Outbound/ being the trigger.
This should be redirected to http://10.10.10.10/inbound/Content/query_etc
While at the same time, requests without the /outbound/ suffix should be handled locally.
I have configured the reverse proxy as described in a few articles, and have had no luck.
Here's a snippet from my (sanitized) web.config at the site level.
<rewrite>
<outboundRules>
<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
<match filterByTags="A" pattern="^http(s)?://10.10.10.10/inbound/(.*)" />
<action type="Rewrite" value="https://domain.test.com/outbound/{R:2}" />
</rule>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
</preConditions>
</outboundRules>
<rules>
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="^outbound/(.*)" />
<action type="Rewrite" url="http://10.10.10.10/inbound/{R:1}" appendQueryString="true" logRewrittenUrl="false" />
</rule>
</rules>
</rewrite>
To me, this looks correct, yet it doesn't work.
With this, I get the normal 404 - Error Code 0x80070002, with the text indicating the local directory doesn't exist, so.... not being picked up by the filter for redirection.

Hi Andrew,
Looking at your requirements it appears you need Reverse Proxy To Another Site/Server.
By using URL Rewrite Module together with
Application Request Routing module you can have IIS 7 act as a
reverse proxy.
It seems like URL Rewrite can't re-route the request somewhere else out of the server.
Even when you rewrite the url the actual connection remains with the server. Hence if your original server doesn't have /inbound/Content/query_etc it will fail with 404.
Hosting multiple domain names under a single account using URL Rewrite.
It’s a common desire to have a single IIS website that handles multiple sites with different domain names.
References:
How to create a url alias using IIS URL Rewrite:
http://blogs.technet.com/b/mspfe/archive/2013/11/27/how-to-create-a-url-alias-using-iis-url-rewrite.aspx
Reverse Proxy with URL Rewrite v2 and Application Request Routing:
http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing
Regards,
Satyajit
Please“Vote As Helpful”
if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

Set Open Documents in Client Applications by Default with SharePoint 2007

I have activated the excel service with sharepoint 2007, but some excel files can't be opened well for unsupported features.
Therefore, I have to set to open excel file by client application avoiding the above error.
I have done bellow settings but no effect:
1)Change the advanced settings in document library to
Open in the client application;
2)Set authentication providers to Enable client intergration;
3)I 'd like to activate the feature of
open documents in the client application but I can't find it in features.
Please kindly guide me how to make it.
Many appreciations for your support in advance!

Hi,
Please try the solutions that provided in below threads:
https://social.technet.microsoft.com/Forums/office/en-US/919e102c-923b-4eee-b89c-631c0d557709/how-to-mandate-excel-2007-document-xlsx-to-open-in-excel-2007-client-instead-of-excel-web-acess-in?forum=onlineservicessharepoint
https://social.technet.microsoft.com/Forums/sharepoint/en-US/89030108-7185-40e1-b898-e5994484b6d3/sharepoint-2007-how-to-open-an-excel-document-on-client-if-excel-services-are-installed?forum=sharepointgenerallegacy
Then, this issue is not controlled by Office client, we need to config it with SharePoint. Thus, if you have further question, I recommend you post it SharePoint forum:
https://social.technet.microsoft.com/Forums/en-US/home?forum=sharepointgenerallegacy
Hope it's helpful.
Regards,
George Zhao
TechNet Community Support
It's recommended to download and install
Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
programs.

Solution Manager 7.1 Integration with Sharepoint

Hello,
We are trying tio implement Solution docuemtnation in Solution manager 7.1 integrated with Sharepoint. Need any suggestion or guidence to integrate Solution MAnager with Share point.
We want to store docuemtn in share point and would like to provide a link of this docuemnt in Solution MAnager.
Regards,
BA

Is it possible that i can give a url of solution amanager project in portal or in some other frontend from where I can access the docuemtn availablle in the perticulat project in SM using th url. ( without SAP GUI)
A project specific iview maybe if you are using SAP Portal? I have not tried it myself, so I cannot elaborate on the topic.
But project specific documents (if they are being uploaded to MOSS and only web-linked in SolMan) should just be locked/read only and can be access controlled using MOSS security as well. So I wonder why the complication of providing it to everyone on a Portal link, when the webfront end for MOSS should provide you the link and the content can be controlled using MOSS security
Also apart from MOSS is it possibel to use TREX as an search engine.
This would be a possible disadvantage, but you are not missing out on much, because MOSS's context based search is actually better, and i ssay this from personal experience.
Hope that Helps!
Cheers!!

Apache Reverse Proxy with Abap Web query

Hi to all
We are trying to configure apache 2 to work as a reverse proxy with web abap Netweaver installation.
From inside the network the web query is fine.
Running the query with the reverse proxy we have only the html code in the browser. All the scripts and css are not present.
We checked some messages inside the forum and we have tried a lot of stuff without success.
We use always linux (Fedora, Ubuntu with xampp or apache only) plus the html module or the publisher from http://apache.webthing.com.
Our installation is like this the reverse proxy in the dmz and the netweaver to the inside off coarse, and we don't have the same domain name, i don't know if this is important.
Any help/idea is valuable.
Thank you
Yiannis

Hi Olivier
I have seen your solution in other messages but i didn't try it because i was trying to work with the html_proxy module.
I read the documents you gave me plus some apache tutorials on the rewrite rule.
In any case i have my installation working now.
I did some extra changes in my config so now the rules are like that
ProxyVia On
ProxyBadHeader IsError
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /sap http://192.168.1.59:8001/sap
ProxyPassReverse /sap http://192.168.1.59:8001/sap
RewriteEngine On
RewriteRule ^/(sap\(.*) http://192.168.1.59:8001/$1 [P,L]
Thanks again for your help
Yiannis

CSM-S to Servers... Reverse proxy with authentication?

Using a CSM-S with a number of web servers behind it, can the CSM-S be configured to act as a reverse proxy for the servers with no other equipment or licenses to buy?

Reverse proxy with authentication.

SJSWS7 Reverse Proxy and SharePoint

Hi,
Is it possible to reverse proxy a SharePoint/WSS application through SJSWS7 Reverse Proxy?
Are there any issues in doing so? How do we take care the NTLM authentication?
Any pointers greatly appreciated.
Thanks,
Esselle
Note: Apologies if this had been already answered in this forum. I tried to run a search but did not find any topics.

Yes, share point can be the origin server and I don't think there is any specific setting that needs to be done within reverse proxy for this. Just treat this as regular origin server and follow our reverse proxy docs or blogs and that is all I believe it should take.
However, we do not (yet) support NTLM authentication in reverse proxy mode . However, we do support Kerberos within web server 7 and that hopefully should allow u to authenticate in the web server 7 land. however,
I have filed a bug to track this issue (reverse proxy + NTLM authentication)
- Sriram

Access Mac Mini Server (profile management) through reverse proxy

Hi,
Newbie in Mac's world and yet trying to make it more complicated as it is.
As we recently (last month) decided to equip our sales force with iPads, they were configured through Apple Configurator tool running on a dedicated Mac Mini Mountain Lion.
Now, I'd be keen in moving this configuration to the Profile Manager, part of the OSx Server plugin. So far so good.
Problem is the following : another web server is already on the LAN using both 80 and 443 ports. So all incoming traffic on those ports was routed to this other server. As Mac Mini Server default http/s ports may not be altered, I installed a reverse proxy server (Oracle VM - Ubuntu 12.04LTS - pound), configured to deal differently traffic on those ports according to the domain name (host) of the web request (header). Each 'local' server has been allocated a domain name. Just to be clear, traffic is now routed by the WAN/LAN router, for those ports, towards the reverse proxy, configured to reroute the traffic to the correct destination.
So far so good, it works like a charm, except... as soon as we enter https protocol on Mac Mini Server Profile Manager.
Access from an iDevice to the Mac Mini Server Profile Manager login page is fine, but as soon as password is confirmed, safari is pending and finally a message 'An internal serer error occured. Please try later again' appears.
Looking to both reverse proxy system log and Mac Mini profilemanager.log files to trace the problem, the following lines are produced at this particular moment :
reverse proxy system.log
Jan 15 14:44:03 reverseproxy pound: 91.... GET /devicemanagement/console/apple_theme_v2/en/da56af0a69e733b259dac3991419fa928b4 94a56/resources/images/sprites/me_controls.png HTTP/1.1 - HTTP/1.1 200 OK
Jan 15 14:44:03 reverseproxy pound: 91.... GET /auth?redirect=http://osxsrv.fiks.net/devicemanagement/api/authentication/callback HTTP/1.1 - HTTP/1.1 302 Moved Temporarily
Jan 15 14:44:04 reverseproxy pound: 91.... GET /devicemanagement/api/authentication/callback?auth_token=336952DE-BDDE-4390-82F 7-8475B79FB2D3 HTTP/1.1 - HTTP/1.1 302 Moved Temporarily
Jan 15 14:44:04 reverseproxy pound: (b7680b40) e500 can't read header
Jan 15 14:44:04 reverseproxy pound: (b7680b40) e500 response error read from 192.168....:443/GET /profilemanager/ HTTP/1.1: Success (0.007 secs)
Jan 15 14:44:08 reverseproxy pound: 91.... POST /devicemanagement/api/magic/get_updated HTTP/1.1 - HTTP/1.1 200 OK
OSx Server profilemanager.log
Jan 15 14:44:05 osxsrv ProfileManager[1748] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:05) [POST]Jan 15 14:44:05 osxsrv ProfileManager[1749] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:05) [POST]
Jan 15 14:44:06 osxsrv ProfileManager[1748] <Info>: Completed in 492ms (View: 0, DB: 6) | 200 OK [http://osxsrv.../magic/do_magic]
Jan 15 14:44:06 osxsrv ProfileManager[1749] <Info>: Completed in 687ms (View: 0, DB: 5) | 200 OK [http://osxsrv..../magic/do_magic]
Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: auth_token doesn't exist
Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: Filter chain halted as [:verify_auth_token] rendered_or_redirected.
Jan 15 14:44:07 osxsrv ProfileManager[1751] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:07) [POST]
Jan 15 14:44:07 osxsrv ProfileManager[1751] <Info>: auth_token doesn't exist
Jan 15 14:44:07 osxsrv ProfileManager[1751] <Info>: Filter chain halted as [:verify_auth_token] rendered_or_redirected.
Jan 15 14:44:07 osxsrv ProfileManager[1751] <Info>: Completed in 4ms (View: 1, DB: 14) | 403 Forbidden [http://osxsrv..../magic/do_magic]
Jan 15 14:44:07 osxsrv ProfileManager[1748] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:07) [POST]
Jan 15 14:44:07 osxsrv ProfileManager[1748] <Info>: auth_token doesn't exist
Jan 15 14:44:07 osxsrv ProfileManager[1748] <Info>: Filter chain halted as [:verify_auth_token] rendered_or_redirected.
Jan 15 14:44:07 osxsrv ProfileManager[1748] <Info>: Completed in 45ms (View: 1, DB: 43) | 403 Forbidden [http://osxsrv..../magic/do_magic]
Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:07) [POST]
Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: auth_token doesn't exist
Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: Filter chain halted as [:verify_auth_token] rendered_or_redirected.
Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: Completed in 55ms (View: 0, DB: 1) | 403 Forbidden [http://osxsrv..../magic/do_magic]
Jan 15 14:44:08 osxsrv ProfileManager[1749] <Info>: Processing AuthenticationController#callback (for 91.... at 2013-01-15 14:44:08) [GET]
Jan 15 14:44:08 osxsrv ProfileManager[1749] <Info>: Redirected to https://osxsrv..../profilemanager/
Jan 15 14:44:08 osxsrv ProfileManager[1749] <Info>: Completed in 149ms (DB: 5) | 302 Found [http://osxsrv..../authentication/callback?auth_token=[FILTERED]]
I guess the '302 Found' is causing or explaining the problem.
I agree this might not be a Mac issue, so I still knock your doors hoping some of you could at least give a hint for what to search for !
If the pound configuration file is of interest, just ask, but this is pretty trivial, saying basically listen these protocols (http/https) on these ports (80/443) and according to Header content (check destination host) and reroute packet to LAN device (with given LAN IP address).
As the default port(s) of the Mac Mini Web Services may not be altered (so far I know), I guess I am stuck using 80 and 443 anyway.
Maybe should I invest time in changing my other apache server ports to some more exotic 8080 or 88 or whatever so Mac Mini Server Profile Manager default ports 80 and 443 are maintained and can be easily and directly rerouted to my Mac server without any reverse proxy along the way.
Thanks in advance for your help
Alx

HI All,
i'm also using reverse proxy technique to publish my server to the internet. The ip is used by twice domains. The problem is by using the profile manager
after login it redirects the url to the Local Area network addresse instead to the domain.
How to configure this on OS X Server and the Profile Manager Service?
Kind Regards
Oemer

Acrobat Reader integration with SharePoint 2007

Hi,
We have been having some major issues with people opening PDF files from document libraries in MOSS 2007.
Firstly in v9.x we find that only one user can access a PDF file at a time because it automatically opens the file as editable. This isn't a problem, however when another user tries to open it instead of being asked to open a read only\local copy, they just get an access violation error. We have found that sometimes even though a user has closed the file, the access violation errors continue and the only way round it is to copy the file locally, delete the original and then copy it back up to the document library.
I see that version X has been written to include much better integration with SharePoint. However our company policy is that we do not use check in\check out, so i'd like to disable this prompt. I've found this article which seems to have instructions on how to do it, however the registry change does not seem to have made any difference. I notice that on that article is says "DO NOT PUBLISH THE DOCUMENT EXTERNALLY UNTIL 10.1 SHIP". I'm unsure whether this is a typo and it's meant to be 10.01 which has recently been released or whether this article should not yet be available.
Has anyone managed to get the registry change working?
Cheers
James

Hi,
I was going to move this to a more appropriate forum but I'm not clear on where to try. Can you repost this under the Reader forum as well as on http://answers.acrobatusers.com/?
thanks,
Ben

Reverse proxy with apache2

Hi folks,
I have a huge problem here. I have a apache 2.0.50 on a Linux system that is to act as a reverse proxy for an enterprise portal. I have set up the apache to do reverse proxying and so far I have made first success. I can get to the login page of the portal and I even managed to make it show the images. The problem is, when I try to log on to the portal I am always send back to the logon page in the very instance. If I enter the wrong logon information I see the authorization failed text, but when I enter correct information I only see the logon page again.
I will put tyhe relevant part of my httpd.conf to this message and hope someone can point me to the right location or maybe even tell me what I'm doing wrong.
And ny the way, the portal itself works perfectky when connected directly.
Kind regards,
   Christian Guenther
Reverse proxy configuration ############################################
NameVirtualHost 172.30.210.96
<VirtualHost 172.30.210.96>
   ServerAdmin [email protected]
   ServerName host.external.de
SSL is turned off at the moment
   SSLEngine Off
   SSLCertificateFile /etc/apache2/ssl.crt/proxy.cert.cert
   SSLCertificateKeyFile /etc/apache2/ssl.key/proxy.cert.key
Set up as a proxy for internal SAP systems
   ProxyRequests Off
   ProxyPreserveHost Off
   <Proxy *>
      Order deny,allow
      Allow from all
   </Proxy>
IRJ
<Location /irj/>
    ProxyPass http://host.internal.lan:8001/irj/
    ProxyPassReverse http://host.internal.lan:8001/irj/
rewriting rules for proxy
    RewriteEngine On
    RewriteCond % \.jsp
    RewriteRule ^(.+) % [P]
    RewriteCond % \.servlet
    RewriteRule ^(.+) %
Portal
rewriting rules for proxy
[P]
</Location>
<Location />
    ProxyPass http://host.internal.lan:8001/
    ProxyPassReverse http://host.internal.lan:8001/
    RewriteEngine On
    RewriteCond % \.jsp
    RewriteRule ^(.+) % [P]
    RewriteCond % \.servlet
    RewriteRule ^(.+) % [P]
</Location>
</VirtualHost>

This is a valid configuration for an Apache Reverse Proxy:
ThreadsPerChild 250
MaxRequestsPerChild 0
ServerRoot /usr/local/apache2
Listen 443
#LoadModule dir_module modules/mod_dir.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule include_module modules/mod_include.so
#LoadModule autoindex_module modules/mod_autoindex.so
LoadModule access_module modules/mod_access.so
#LoadModule auth_module modules/mod_auth.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule mime_module modules/mod_mime.so
#LoadModule env_module modules/mod_env.so
#LoadModule headers_module modules/mod_headers.so
#LoadModule setenvif_module modules/mod_setenvif.so
LoadModule alias_module modules/mod_alias.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule ssl_module modules/mod_ssl.so
ServerAdmin [email protected]
ServerName your.servername.com
UseCanonicalName Off
make sure zou include these with valid entries...
Include conf/log.conf
Include conf/mime.conf
Include conf/default.conf
Include conf/ssl.conf
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
this is for the MS IE SSL bug
BrowserMatch ".MSIE." nokeepalive ssl-unclean-shutdown downgrade-1.0#
force-response-1.0
Header add P3P CP="NOI"
Proxy with caching
LoadModule cache_module modules/mod_cache.so
LoadModule disk_cache_module modules/mod_disk_cache.so
CacheRoot /usr/local/apache2/Cache
CacheEnable disk /
CacheDirLevels 5
CacheDirLength 3
<VirtualHost *:443>
    ServerName your.servername.com
    ServerAdmin [email protected]
Set the level of log entries - debug produces A LOT of messages
    LogLevel debug
    ErrorLog logs\error.log
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    CustomLog logs\access.log common
NEVER turn this On, it would create a forward proxy
    ProxyRequests Off
    ProxyPreserveHost On
it is important that the proxy uses active protocol used in the
internet section of the request
    RequestHeader set ClientProtocol https
    Header add P3P CP="NOI"
we need to answer HTTPS requests, so we need an ssl engine
    SSLEngine On
and a cipher suite plus certificate
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4RSA:HIGH:MEDIUM:LOW:SSLv2:EXP:+eNULL
    SSLProtocol all -SSLv2
of course these entries have to be adopted
    SSLCertificateFile conf/certs/server.crt
    SSLCertificateKeyFile conf/certs/server.key
    SSLOptions +StdEnvVars
this is for the bloody MS IE - I don't know why, but they seem to
have trouble learning in redmond
    BrowserMatch ".MSIE." \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
    CustomLog logs/ssl_request.log \
          "%t %h %x %x \"%r\" %b"
below are the proxied hosts - you always need ProxyPass
AND ProxyPassReverse otherwise it will not work correctly
ITS
    #ProxyPass /iac/               http://itsserver:8081/iac/
    #ProxyPassReverse /iac/          http://itsserver:8081/iac/
direct portal connection              this ought to be the IP
    ProxyPass /irj/               http://10.8.1.14:50000/irj/
    ProxyPassReverse /irj/          http://10.8.1.14:50000/irj/
    ProxyPass /logon/               http://10.8.1.14:50000/logon/
    ProxyPassReverse /logon/          http://10.8.1.14:50000/logon/
Rewrite Rule in case ICM puts session information in URL
NEVER REALLY HARMS
    RewriteEngine On
    RewriteRule ^/(sap\(.*) http://10.8.1.14:50000/$1 [P,L]
    #ProxyPass /chooselogin/          http://10.8.9.0:50000/chooselogin/
    #ProxyPassReverse /chooselogin/     http://10.8.9.0:50000/chooselogin/
</VirtualHost>

Reverse Proxy with Coldfusion 8

Has anyone set up Sun Java Web Server 7 to reverse proxy Coldfusion 8 (also running under SJWS7)? I can reverse proxy static HTML and SHTML content with SJWS7, but not Coldfusion content.
Thanks in advance for any help, tips, etc.
--Frank

Thanks for replying, MV -- I've been out for a while -- sorry for the delay. Below are obj.conf and <vs> obj.conf:
obj.conf
# Copyright 2006 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
# You can edit this file, but comments and formatting changes # might be lost when you use the administration GUI or CLI.
<Object name="default">
AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
NameTrans fn="ntrans-j2ee" name="j2ee"
NameTrans fn="pfx2dir" from="/mc-icons" dir="/opt/webserver7/lib/icons" name="es-internal"
PathCheck fn="uri-clean"
PathCheck fn="check-acl" acl="default"
PathCheck fn="find-pathinfo"
PathCheck fn="find-index-j2ee"
PathCheck fn="find-index" index-names="index.html,home.html,index.jsp"
ObjectType fn="type-j2ee"
ObjectType fn="type-by-extension"
ObjectType fn="force-type" type="text/plain"
Service method="(GET|HEAD)" type="magnus-internal/directory" fn="index-common"
Service method="(GET|HEAD|POST)" type="*~magnus-internal/*" fn="send-file"
Service method="TRACE" fn="service-trace"
Error fn="error-j2ee"
AddLog fn="flex-log"
</Object>
<Object name="j2ee">
Service fn="service-j2ee" method="*"
</Object>
<Object name="es-internal">
PathCheck fn="check-acl" acl="es-internal"
</Object>
<Object name="cgi">
ObjectType fn="force-type" type="magnus-internal/cgi"
Service fn="send-cgi"
</Object>
<Object name="send-precompressed">
PathCheck fn="find-compressed"
</Object>
<Object name="compress-on-demand">
Output fn="insert-filter" filter="http-compression"
</Object>
wwwproxy-obj.conf
# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
# You can edit this file, but comments and formatting changes # might be lost when you use the administration GUI or CLI.
<Object name="default">
AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
NameTrans fn="ntrans-j2ee" name="j2ee"
NameTrans fn="pfx2dir" from="/mc-icons" dir="/opt/webserver7/lib/icons" name="es-internal"
NameTrans fn="map" from="/" name="reverse-proxy-/" to="http:/"
PathCheck fn="uri-clean"
PathCheck fn="check-acl" acl="default"
PathCheck fn="find-pathinfo"
PathCheck fn="find-index-j2ee"
PathCheck fn="find-index" index-names="index.html,home.html,index.jsp"
ObjectType fn="type-j2ee"
ObjectType fn="type-by-extension"
ObjectType fn="force-type" type="text/plain"
Service method="(GET|HEAD)" type="magnus-internal/directory" fn="index-common"
Service method="(GET|HEAD|POST)" type="*~magnus-internal/*" fn="send-file"
Service method="TRACE" fn="service-trace"
Error fn="error-j2ee"
AddLog fn="flex-log"
</Object>
<Object name="j2ee">
Service fn="service-j2ee" method="*"
</Object>
<Object name="es-internal">
PathCheck fn="check-acl" acl="es-internal"
</Object>
<Object name="cgi">
ObjectType fn="force-type" type="magnus-internal/cgi"
Service fn="send-cgi"
</Object>
<Object name="send-precompressed">
PathCheck fn="find-compressed"
</Object>
<Object name="compress-on-demand">
Output fn="insert-filter" filter="http-compression"
</Object>
<Object name="reverse-proxy-/">
Route fn="set-origin-server" server="www.water.ca.gov"
</Object>
<Object ppath="http:*">
Service fn="proxy-retrieve" method="*"
</Object>

Sun One 6.1 reverse proxy with multiple certs

We are using Sun One Web Server 6.1sp6 as a reverse proxy without the passthrough plugin. We also have multiple certs and not a global cert and what we are seeing is the data getting "staged" on the web server before moving on to the destination (which obviously halves throughput). Some research tells us that this staging is happening because it needs to re-encrypt the packets for the next cert.
Is there any way besides having a global cert that we can get around this? Would using the passthrough plugin help?
Thanks,
Don

The thing is that it apparently doesn't do it on the fly, which is why I was wondering if the passthrough plug in would help. In other words, if I am sending a 10mb file through to the destination server (there's a weblogic server on the back end with a different cert that I want to do the real processing), the web server waits until it gets all 10mb then resends it. Seems it should do the encrypt/decrypt on a packet level to me.
As far as the config, I didn't set it up, I'm just trying to get it to work :)
Here are the configs, if it would help. If there's something set up wrong here, please feel free to point it out!
Thanks,
Don
magnus.conf
# The NetsiteRoot, ServerName, and ServerID directives are DEPRECATED.
# They will not be supported in future releases of the Web Server.
NetsiteRoot /iplanet/servers
ServerName rpserver.testdomain.com
ServerID https-rpserver.testdomain.com
RqThrottle 256
DNS off
Security on
PidLog /iplanet/servers/https-rpserver.testdomain.com/logs/pid
User iplanet1
StackSize 131072
TempDir /tmp/https-rpserver.testdomain.com-a9dd9515
PostThreadsEarly off
KernelThreads off
ChunkedRequestBufferSize 0
LogVerbose on
LogVsId off
AsyncDNS off
KeepAliveTimeout 10
UseNativePoll on
Init fn="load-modules" funcs="wl_proxy,wl_init" shlib=/iplanet/servers/plugins/nsapi/wls923/libproxy128_61.so
Init fn="wl_init"
Init fn="load-modules" shlib="/iplanet/servers/bin/https/lib/libj2eeplugin.so" shlib_flags="(global|now)"
Init fn="stats-init" profiling="on"
obj.conf
# The NetsiteRoot, ServerName, and ServerID directives are DEPRECATED.
# They will not be supported in future releases of the Web Server.
NetsiteRoot /iplanet/servers
ServerName rpserver.testdomain.com
ServerID https-rpserver.testdomain.com
RqThrottle 256
DNS off
Security on
PidLog /iplanet/servers/https-rpserver.testdomain.com/logs/pid
User iplanet1
StackSize 131072
TempDir /tmp/https-rpserver.testdomain.com-a9dd9515
PostThreadsEarly off
KernelThreads off
ChunkedRequestBufferSize 0
LogVerbose on
LogVsId off
AsyncDNS off
KeepAliveTimeout 10
UseNativePoll on
Init fn="load-modules" funcs="wl_proxy,wl_init" shlib=/iplanet/servers/plugins/nsapi/wls923/libproxy128_61.so
Init fn="wl_init"
Init fn="load-modules" shlib="/iplanet/servers/bin/https/lib/libj2eeplugin.so" shlib_flags="(global|now)"
Init fn="stats-init" profiling="on"
server.xml
<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE SERVER PUBLIC "-//Sun Microsystems Inc.//DTD Sun ONE Web Server 6.1//EN" "file:///iplanet/servers/bin/https/dtds/sun-web-server_6_1.dtd">
<SERVER qosactive="false">
<PROPERTY name="docroot" value="/iplanet/servers/docs"/>
<PROPERTY name="accesslog" value="/iplanet/servers/https-rpserver.testdomain.com/logs/access"/>
<PROPERTY name="user" value=""/>
<PROPERTY name="group" value=""/>
<PROPERTY name="chroot" value=""/>
<PROPERTY name="dir" value=""/>
<PROPERTY name="nice" value=""/>
<LS id="ls1" port="443" servername="rpserver.testdomain.com" defaultvs="https-rpserver.testdomain.com" security="on" ip="any" blocking="false" acceptorthreads="2">
<SSLPARAMS servercertnickname="Server-Cert" ssl2="off" ssl2ciphers="-rc4,-rc4export,-rc2,-rc2export,-desede3,-des" ssl3="on" tls="on" ssl3tlsciphers="-rsa_rc4_128_sha,+rsa_rc4_128_md5,-rsa_rc4_56_sha,-rsa_rc4_40_md5,+rsa_3des_sha,+rsa_des_sha,-rsa_des_56_sha,-rsa_rc2_40_md5,-rsa_null_md5,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,+fips_3des_sha,-fips_des_sha" tlsrollback="on" clientauth="off"/>
</LS>
<MIME id="mime1" file="mime.types"/>
<ACLFILE id="acl1" file="/iplanet/servers/httpacl/generated.https-rpserver.testdomain.com.acl"/>
<VSCLASS id="vsclass1" objectfile="obj.conf" rootobject="default" acceptlanguage="false">
<VS id="https-rpserver.testdomain.com" connections="ls1" mime="mime1" aclids="acl1" urlhosts="rpserver.testdomain.com" state="on">
<PROPERTY name="docroot" value="/iplanet/servers/docs"/>
<USERDB id="default"/>
<SEARCH>
<WEBAPP uri="/search" path="/iplanet/servers/bin/https/webapps/search" enabled="true"/>
</SEARCH>
</VS>
</VSCLASS>
<JAVA javahome="/iplanet/servers/bin/https/jdk" serverclasspath="/iplanet/servers/bin/https/jar/webserv-rt.jar:${java.home}/lib/tools.jar:/iplanet/servers/bin/https/jar/webserv-ext.jar:/iplanet/servers/bin/https/jar/webserv-jstl.jar:/iplanet/servers/bin/https/jar/ktsearch.jar" classpathsuffix="" envclasspathignored="true" nativelibrarypathprefix="" debug="false" debugoptions="-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n" dynamicreloadinterval="-1">
<JVMOPTIONS>-Djava.security.auth.login.config=/iplanet/servers/https-rpserver.testdomain.com/config/login.conf</JVMOPTIONS>
<JVMOPTIONS>-Djava.util.logging.manager=com.iplanet.ias.server.logging.ServerLogManager</JVMOPTIONS>
<JVMOPTIONS>-Xmx256m</JVMOPTIONS>
<SECURITY defaultrealm="native" anonymousrole="ANYONE" audit="false">
<AUTHREALM name="file" classname="com.iplanet.ias.security.auth.realm.file.FileRealm">
<PROPERTY name="file" value="/iplanet/servers/https-rpserver.testdomain.com/config/keyfile"/>
<PROPERTY name="jaas-context" value="fileRealm"/>
</AUTHREALM>
<AUTHREALM name="native" classname="com.iplanet.ias.security.auth.realm.webcore.NativeRealm">
<PROPERTY name="jaas-context" value="nativeRealm"/>
</AUTHREALM>
<AUTHREALM name="ldap" classname="com.iplanet.ias.security.auth.realm.ldap.LDAPRealm">
<PROPERTY name="directory" value="ldap://localhost:389"/>
<PROPERTY name="base-dn" value="o=isp"/>
<PROPERTY name="jaas-context" value="ldapRealm"/>
</AUTHREALM>
</SECURITY>
<RESOURCES/>
</JAVA>
<LOG file="/iplanet/servers/https-rpserver.testdomain.com/logs/errors" loglevel="info" logtoconsole="true" usesyslog="false" createconsole="false" logstderr="true" logstdout="true" logvsid="false"/>
</SERVER>

Reverse Proxy with Sun Web Server 7 update 4

Hi All,
I've just migrating to Sun Java System Web Server 7.0U4 B12/02/2008 from Sun Java System Web Server 7.0-Technology-Preview-3 B09/13/2006. I've have the two web servers running side by side on separate machines. Both have a VS configured as a reverse proxy pointing to the same apache tomcat web server.
The Tech Preview 3 server works fine and has been doing since it was installed. However the Update 4 server doesn't. I can access the tomcat app via the U4 server in a browser, but not with the app on my mobile (sync ML). Snooping the traffic show me that the U4 server is sending a different response that the Tech Preview server. I'm thinking it may have to do with Transfer Encoding: chunked. I've looked around the web to see if I can turn this off in the U4 server, as I seem to recall having to do so at some point in my life, though I can't remember when and with what.
Does anybody have any clues they can throw at me?? Or anybody know what has change in the reverse proxy part of the web server from Tech Preview 3 to U4??
Both VS reverse proxies are congfigured exactly the same.
Thanks,
Stuart.

well, technology preview is what the name says .. i am surprised that u decided to stick with a technology preview release all these days.. in any case, there should not have any feature change between technology preview build and U4. but , there has been lot of bug fixes - so, unless we know the exact problem - we can't easily narrow down the change between tp3 build with U4 and find out how it is affecting u.
here is a related article on how to use chunked encoding within web server 7
http://developers.sun.com/webtier/reference/techart/chunked_req.html
now, to help you more appropriately, you need to provide us with errors (probably with log level set to finest within server.xml) and let us know with the error reported by web server when it is unable to send those requests to back end tomcat
you can set log level to finest by running the following command
/sun/webserver7/bin/wadm set-config-prop -user=admin --config=<hostname> log-level=finest
/sun/webserver7/bin/wadm deploy-config --user=admin <hostname>
http://docs.sun.com/app/docs/doc/820-4842/set-config-prop-1?a=view
(once you have identified the problem, you might want to set log level to info as setting to finest will cause your logs to grow humongous and also hurt performance
thanks
sriram

Apache Reverse proxy with SSL

Hi,
I'm trying to install Apache Reverse proxy which will support both HTTP and HTTPS request.
<b>What do I need to activate to support the HTTPS requests?</b>
I installed Apache 2.0.53 Released and trying to activate the mod_ssl.
From Where can I get the mod_ssl.so?
I saw that there are 2 projects:
Apache Interface to OpenSSL (mod_ssl)
Apache-SSL
Do I need to use them in case I want to use HTTPs?
Regards,
Yael

Get the latest oppenssl compile it. before you compile apache, execute ./configure --help in the apache directory. It will give you the commands that you need to use to activate and deactivate various things in apache.
mine is as follows:
./configure --with-layout=GNU --enable-proxy --enable-ssl --with-ssl=/usr/lo
cal/src/apachessl/openssl-0.9.7f/ --enable-vhost-alias --enable-rewrite --enable
-so --enable-proxy-http --enable-proxy-connect --enable- headers
then make and make install.
hope it helps.
Jai

Border manager as reverse proxy with Sharepoint 2007

Similar Messages

Maybe you are looking for