Citrix Secure Gateway over https reverse proxy - mouse delay

Similar Messages

• Help needed for CORBA over Http through proxy server[Very Urgent]

  Hi Friendz,
  I am new to J2EE. Right now I am learning RMI, Corba now.
  In RMI, to pass through Http to bypass firewall or through proxy sever, we can use either Http to port or Http to CGI/Servlet i.e., Http tunneling.
  In the same, I am running a simple corba application, i want my corba application to pass through my proxy server using http which is configured to address 127.0.0.1 and port 8118.
  How to pass my corba application through proxy server. please help me and it is very urgent.
  Is it possible or not, please let me know some comments about this topic
  Thanks in advance Friends for your help

  This is so extremely urgent that it needs to be asked multiple times.
  http://forum.java.sun.com/thread.jspa?threadID=762950

• Reverse Proxy behind a gateway

  hi ,
  I want to put a reverse Proxy behind the gateway. All the access Manager and the portal are behind the reverse proxy.Kindly, send me some steps on how to configure gateway to achieve this deployment.
  thanks in advance
  dhawanmayur

  Hi ,
  Below steps might help you.
  Edit Platform.conf file of the gateway and set the following properties as follows
  * gateway.enable.accelerator = true
  * gateway.enable.customURl = true
  * Append the reverse-proxy server hostname to the gateway.virtualhost property
  * gateway.httpsurl = https://<reverse-porxy-host>:<reverse-proxy-host-no>/
  Note: Don't miss the Fwd slash "/" at the end of the portNo: in https://hostname.india.sun.com:500/ <--
  After that you might have to do URL mapping on the reverse proxy that you are using.

• RDS 2012 - Using a reverse proxy with the Gateway server on the internal LAN

  Hi there,
  I'm looking to introduce an RDS 2012 farm and would like to put the RDS Gateway server on the internal LAN (due to it's AD requirements etc).
  What are the best practise options for using a reverse proxy to forward traffic to the gateway server and is it better to do this than just forward 443 traffic from the DMZ through to the Gateway directly?
  Thanks,
  Paul.

  Hi Paul,
  It is generally considered more secure to have a reverse proxy in front of RDG.  I don't know of a proxy that will handle the RDG UDP traffic, so you will need to consider using direct server return for that or not having the benefit of UDP.  Whether
  or not it is acceptable to simply forward TCP 443/UDP 3391 directly to your internal RDG is up to your security policies.  Many companies are fine with it while many other companies think it is unacceptable and require a reverse proxy or other method
  to provide an extra layer of protection.
  -TP

• Exchange 2013 // Error 500 when login OWA through ARR2.5 or other reverse proxy solution

  We install a new Exchange 2013 server with CU2 in our Exchange organization with a single Exchange 2007 server. We use a reverse proxy solution for publishing Outlook WebApp and sync. Internal Outlook WebApp works fine, but when we login from internet,
  we get the error:
  ":-( Something went wrong"
  In the address bar, we see the following URL:
  https://webmail.company.com/owa/auth/errorfe.aspx?httpCode=500
  When we try to login on https://webmail.company.com/ecp, it works fine. But OWA fails.
  Login on legacy mailboxes works fine. When we login on the new Outlook WebApp URL, we automatically forwarded to the legacy URL.
  We try the following reverse proxy solutions:
  Citrix Secure Gateway 3.3 on a Windows 2008 server
  ISS ARR on a Windows 2012 server (http://blogs.technet.com/b/exchange/archive/2013/07/19/reverse-proxy-for-exchange-server-2013-using-iis-arr-part-1.aspx)
  Is there anyone that knows how I can troubleshoot this problem?

  Hi
  Mostly looks like this is host (A) issue.You can check the below things
  Just check of the mail host (A) record is created on internal DNS server and ensure its pointed to new Exchange 2013 server.
  If the mail host (A) record is pointing to old exchange 2007 server just modify it and make it to point to new Exchange 2013 server
  Check the DWS directory in edit binding if loopback 127.0.0.1 is added if not add them
   Please mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you.
  Regards,
  Sathish

• Reverse Proxy - Apache vs SAP Web Dispatcher

  Hi,
  my config consists in a portal (EP7.0 - DB/CI + AS) and an ECC system (ECC 6.0 - DB/CI + AS).
  Web developments are based on Abap Web Dynpro and are also located on ECC.
  To ensure load balancing there are 2 web dispatchers : one on EP DB/CI, one on ECC DB/CI.
  Those 2 systems are located in intranet. Intranet access are realized via http.
  Moreover I need to open this solution to internet. I need a component to filter access in DMZ and ensure reverse proxy + https functions.
  Technical target chain links are depicted below.
  internet access : browser (https) -
  >  (https) reverse proxy in DMZ (http) -
  > IS (Portal/ECC)
  intranet access : browser (http) -
  > IS (portal/ECC)
  At the moment two application gateway solutions have been identified :
  Apache (MOD_PROXY + MOD_HTTPS) - My configuration is based on Linux
  SAP Web Dispatcher ("cascading" implementation as described in OSS note 740234)
  I'm looking for PROs and CONs of those 2 solutions and I'm also seeking for the impact of ensuring https encryption/decryption at the application gateway level ("a priori" this usage is not transparent in term of server sizing - CPU/memory, do I require to implement an SSL accelerator ?).
  Regards.
  Frederic.

  Hi,
  PRO Webdispatcher:
  - Supports SAP Java + ABAP
  - Loadbalancing of SAP applications (stateful)
  - Supports load balancing (saplb_* cookie)
  - Free of costs
  - easy to set up (up & running in 2 minutes)
  - Supports HA solutions out-of-the-box (process HA)
  - Filter + Rules to modify the requests
  CONS Webdispatcher
  - not a full reverse proxy
  - Limited functionality
  - one more server/solution (normaly, a company already does have a reverse proxy solution in place)
  - limited user base (only SAP customers)
  PRO Apache
  - free
  - widly in use
  - full reverse proxy
  - allows more complex filtering / rewriting
  - can be used for more web solutions, reuse of existing apache reverse proxy
  CONS Apache
  - does not support SAP load balancing (connection to the message server port for load distribution)
  - can be more complex to set up
  - SAP specific technology / problems are more harder to fix (ABAP, Stateful connections, sap_lb*)
  Short: both will server well as a reverse proxy.
  Rule of thumb: If you go for Apache or Web Dispatcher should mainly depend on you current IT landscape. If you already do have an apache in use, use Apache. You already have the people / knowledge, try to foster it .
  If you start from scratch and have SAP Logon Groups or many WebDynpro ABAP applications, go for the Web Dispatcher.
  br,
  Tobias

• Apache Reverse Proxy: Domain problem

  Hi,
  I have a problem with Apache Reverse Proxy (Apache 2.2) and SAP Enterprise Portal 6.0.
  I configured Apache as a Reverse Proxy Server (with SSL)so that the portal is accessible through the internet. Everything is working fine but the OWA integration doesn't work over the Reverse Proxy.
  If I log on to <u>http://portalsrv.mydomain.xx:12345/irj</u> the OWA integration works fine with SSO and there is no problem with session management.
  If I log on to <u>https://revproxy.mydomain.zz:1234/irj</u> and want to open Outlook I get the message that Session management doesn't work. However the other components like ESS work fine. Deactivating the DSM Logger is not a solution to this problem.
  The Log tells me:
  1.
  Application domain 'mydomain.xx' differs from Portal domain 'mydomain.zz'.
  Session Management will not work for Application 'abc.mydomain.xx'
  2.
  Application schema 'http' differs from Portal schema 'https'.
  Session Management will not work for Application 'abc.mydomain.xx'
  Is there a possibility to write a Rewrite-Rule in the Apache-Conf?
  For instance:
  https://abc.mydomain.xx --> http://abc.mydomain.zz
  Does anybody made such a rule?
  I hope anybody can help me with the problem.
  Thank you

  Hi Daniel,
  ok I`ll try to find a solution in parallel and keep you up to date.
  In the following my settings in case I missed something:
  <VirtualHost test.firma.de:443>
  SSLEngine on
  SSLProxyEngine on
  SSLCertificateFile /apache/keys/pac_ssl_qep_dmz_server.crt
  SSLCertificateKeyFile /apache/keys/pac_ssl_qep_dmz_server.key
  ServerName test.firma.de:443
  ServerAdmin [email protected]
  LogLevel debug
  ErrorLog logs/ssl_443_error
  CustomLog logs/ssl_443_access_log common
  ProxyVia Off
  ProxyPreserveHost On
  ReWriteEngine on
  ReWriteLogLevel 0
  ReWriteLog logs//ssl_443_rewrite_http.log
  ProxyPass / https://backend.firma.de:50001/
  ProxyPassReverse / https://backend.firma.de:50001/
  </VirtualHost>
  Regards, Jens

• How To configure Apache As Reverse Proxy for SharePoint Application

  Hi,
  I recently integrated Apache as ReverseProxy for SharePoint 2010. When accessing the SharePoint application via the reverse proxy url  e.g. http://<reverse-proxy-url>/SitePages/Home.aspx the images/css and JavaScript files does not comeup
  fine.
  I had defined the following mapping in the httpd.conf file.
  ProxyPass /SitePages  http://<actual-url>/SitePages
  <Location /SitePages>
  ProxyPassReverse http://<actual-url>/SitePages
  SetEnv force-nokeepalive 1
  </Location>
  Regards,
  Bunty Ray

  Hi Trevor,
  I did not understand your point. Currently i tried the following in the httpd.conf as well, but still did not help
  ######Mapping SharePoint Server#######
   ProxyPass /SitePages http://<actual-url>/SitePages
   ProxyPass /WebResource.axd http://<actual-url>/WebResource.axd
   ProxyPass /ScriptResource.axd http://<actual-url>/ScriptResource.axd
   <Location /SitePages>
    SetOutputFilter INFLATE;proxy-html;DEFLATE
    ProxyHTMLMeta On
    ProxyHTMLEnable On
    ProxyHTMLExtended On
    ProxyHTMLLogVerbose On
    ProxyPassReverse http://<actual-url>/SitePages
    ProxyHTMLURLMap /SitePages http://<actual-url>/SitePages ec
    ProxyHTMLURLMap http://<actual-url>/SitePages /SitePages ec
   SetEnv force-nokeepalive 1
   SetEnv force-proxy-request-1.01
   SetEnv proxy-initial-not-pooled 1
   </Location>
   <Location /ScriptResource.axd>
    SetOutputFilter INFLATE;proxy-html;DEFLATE
    ProxyHTMLMeta On
    ProxyHTMLEnable On
    ProxyHTMLExtended On
    ProxyHTMLLogVerbose On
    ProxyPassReverse  http://<actual-url>/ScriptResource.axd
    ProxyHTMLURLMap /ScriptResource.axd http://<actual-url>/ScriptResource.axd ec
    ProxyHTMLURLMap http://<actual-url>/ScriptResource.axd /ScriptResource.axd ec
    SetEnv force-proxy-request-1.01
    SetEnv force-nokeepalive 1
    SetEnv proxy-initial-not-pooled 1
    </Location>
   <Location /WebResource.axd>
    SetOutputFilter INFLATE;proxy-html;DEFLATE
    ProxyHTMLMeta On
    ProxyHTMLEnable On
    ProxyHTMLExtended On
    ProxyHTMLLogVerbose On
    ProxyPassReverse  http://<actual-url>/WebResource.axd
    ProxyHTMLURLMap /WebResource.axd http://<actual-url>/WebResource.axd ec
    ProxyHTMLURLMap http://<actual-url>/WebResource.axd /WebResource.axd ec
    SetEnv force-proxy-request-1.01
    SetEnv force-nokeepalive 1
    SetEnv proxy-initial-not-pooled 1
    </Location>
   <Location /_layouts>
    SetOutputFilter INFLATE;proxy-html;DEFLATE
    ProxyHTMLMeta On
    ProxyHTMLEnable On
    ProxyHTMLExtended On
    ProxyHTMLLogVerbose On
    ProxyPassReverse  http://<actual-url>/_layouts
    ProxyHTMLURLMap /_layouts/1033/styles/Themable http://<actual-url>/_layouts/1033/styles/Themable ec
    ProxyHTMLURLMap http://<actual-url>/_layouts/1033/styles/Themable /_layouts/1033/styles/Themable ec
    SetEnv force-proxy-request-1.01
    SetEnv force-nokeepalive 1
    SetEnv proxy-initial-not-pooled 1
    </Location>
  Regards,
  Bunty Ray

• Reverse Proxy in web dispatcher

  Any statistic on which product is better / qualifies better to be used as a reverse proxy.. (& wherein generic (forward) proxy services can be disabled)
  Web Dispatcher
  Apache
  Microsoft IIS
  Any other product ?
  Thanks,

  Thanks !!!
  > URL filtering: the Web Dispatcher 7.2 supports more than one SAP backend, but you should take a look into the confguration page at SAP Help to find out if it matches your future scenario.
  I am looking for WD based on 7.3 for both the roles (Reverse proxy and load balancing). But I'll check if there is anything for me to be concerned about...
  > looking at your scenario, you'll have at least 1 reverse proxy in your DMZ and the Web Dispatcher will be an additional reverse proxy (for internal and/or external access).
  >
  > The Web Dispatcher will be connected to the message server of the portal, so when a server/node goes down, the web dispatcher will be notified. That's a vantage over another reverse proxy.
  Yes, we have one server reserved for reverse proxy software and another for load balancing (WD).. These two roles need to be on separate servers as per logistics requirement... So, is this what you are talking about..
  User <> WD as reverse proxy on server1 <> WD for load balancing server2 <--> EP Message Server.

• Reverse Proxy and SAP NetWeaver 2004S

  Dear Gurus,
  I'd like to post a simple question.
  I know that we can put a Reverse Proxy in front of SAP WebAS.
  It can be Apache, SAP Web Dispatcher, etc.
  I know we can proxypass like this:
  http://reverse-proxy.abc.com/irj  -->  http://portal.abc.com/irj
  However, is there a way so that we can proxypass like this (both AS-ABAP and AS-JAVA):
  http://reverse-proxy.abc.com/xyz/irj  -->  http://portal.abc.com/irj
  So far I've not succeeded in doing so, because the response I've got from SAP is always in the form of /irj/..... and not /xyz/irj/....
  Is there any configuration in SAP to insert /xyz in front of /irj?
  Many thanks in advance.

  Hi Martin,
  we do not have the answer yet, either.
  I've read somewhere else, that it may be possible to do the proxy mapping, but we still can't change the root URI.
  I believe this is what SAP calls reverse-proxy filter.
  Example:
  http://www.abc.com/irj/entry  -->  http://portal.abc.com:50000/irj/portal
  So it's not really what we need.
  I hope a guru from SAP will read this post and give an answer to us.
  At the moment, we decide to dedicate another hostname for our portal.
  regards,
  Denny

• Reverse proxy settings needed for exposing webservice to external world?

  Hi guys,
  Internal PI system have exposed a WebService endpoint URL. There is firewall point lets say it <EXT_POINT:EXT_PORT>, which is accessible from outside the company premises, with http://<EXT_POINT:EXT_PORT>/<SomeService>, then request is forwarded to the PI. However, I believe on PI system, the reverse proxy should be configured. What I shall do is to setup the HTTP mapping:
  <EXT_POINT:EXT_PORT> TO <PI_SYSTEM:PI_HTTP_PORT>
  and
  <SomeService> TO XISOAPAdapter/MessageServlet?channel=<PARTY>:<SENDER_COMP>:<CHANNEL>
  Or am I missing something in the whole picture ..?
  Thanks,
  Lalo

  Hi,
  You don't need to setup rules for each partner or each interface. which requires lot of rule set up at reverse proxy server table. To avoid this, I would suggest to have a common rule for SOAP adapter and HTTP adapter which should be maintained in proxy server.
  Let say, your webservice URL in SAP PI is something like this,
  http://< PI host>:< PI port>/XISOAPAdapter/MessageServlet?channel=:<Service>:<channel name>
  and reverser proxy server URL ( exposed to external world....URL should have Business servie, communication details as well)
  http://< Reverse proxy server host>:< Reverse proxy server port>/XISOAPAdapter/MessageServlet?channel=:<Service>:<channel name>
  then the rule  should be set like,
  whatever request coming from any application with  http://< Reverse proxy server host>:< Reverse proxy server port>/XISOAPAdapter/ ** then route the request to http://< PI host>:< PI port>/XISOAPAdapter/**.
  So the webservice request will be routed to respective interface.
  The same way can be applied for HTTP.
  Hope this helps.
  Thanks
  Rajesh
  Edited by: Rajesh on Jun 23, 2010 9:52 PM

• Redirecting all HTTP traffic to HTTPS that will reverse proxy specific URI

  -- Requirement --
  I have a Sun web server 6.1 SP4 that sits in a DMZ that must securely reverse proxy traffic to an internal application server listening on 443.
  The web server instance has two listen sockets, 80 and 443.
  The web server instance must accept traffic on port 80 but re-direct it to 443 so all subsequent traffic with the client happens over HTTPS.
  HTTPS traffic for "www.mydomain.com/myapp/" must be reverse proxied to the internal app server, "https://myapp.mydomain.com/myapp/".
  -- Current set-up --
  The server reverse proxies both HTTP and HTTPS traffic with the indicated URI.
  How can I constrain the reverse proxying to HTTPS traffic?
  Thanks for your help,
  Jez

  Thanks Chris that worked perfectly.
  Aside
  Before your solution I had (unsuccessfully) tried the following obj.conf directive
  <Client security="false">
  NameTrans fn="redirect" from="/" url-prefix="https://www.mydomain.com/"
  </Client>However, it didn't work - is it not possible to use the <Client security="false"> in this manner?

• Sun Web Server Reverse Proxy and Weblogic HTTP to HTTPS redirection

  Hi,
  I am currently testing reverse-proxy from SJSW 7.0 update 5 to Weblogic server but I have encountered an issue.
  I have configured a context root to be forwarded to weblogic:
  Web Server: www.server.com
  URI: /path
  Reverse Proxy URL: wlserver:9000
  When I access https://www.server.com/path, I am getting the correct page. The issue is, the weblogic server is configured to redirect HTTP access to HTTPS, i.e., when I access http://www.server.com/path, it should be redirected to https://www.server.com/path. However, that is not the case. What happens is that I am being redirected instead to https://www.server.com/.
  If I don't use reverse proxy, that is, if I use the libproxy.so from weblogic, I get the correct redirection.
  Would appreciate it very much if someone can help me troubleshoot this issue.
  Thanks in advance!
  Edited by: agent_orange on Jul 29, 2010 2:30 AM
  Edited by: agent_orange on Jul 29, 2010 2:31 AM

  I am not sure, how you have configured your reverse proxy since you didn't attach / refer your current configuration file. this is how I would do it..
  - create a new configuration (using web server 7 admin gui , within configuration wizard, disable java option if you plan to use web server 7 only for reverse proxy)
  - select this new configuration and go to reverse proxy and try to reverse proxy / to the origin server.
  that is all it should need.
  your obj.conf or <hostname>-obj.conf depending on your configuration should look like following snippet
  <Object name="default">
  AuthTrans..
  NameTrans fn=map from="/" to="/path" name="reverse-proxy-/"
  </object>
  <Object name="reverse-proxy-/">
  Route fn=....
  Service ..
  </Object>
  this is all you should need..
  However, if you wanted to add complexity to your configuration, you could do some thing like
  <Object name="default">
  Auth..
  <If defined $security>
  NameTrans fn=map from="/" to="/path" name="reverse-proxy-/"
  </If>
  </Object>
  <Object name="reverse-proxy-/">
  Route...
  </Object>

• BizTalk published WCF service throwing HTTP 404 error using ISA reverse proxy settings

  I have published my schemas as a WCF service from BizTalk 2010 "Publish WCF Service" wizard. I used Wcf-basicHTTP adapter in receive port. I am able to run the service successfully on localhost IIS and I tested my biztalk solution by sending request using SOAP UI and got response successfully.... Now: Actually, I need to give this service endpoint to my vendor who will send request from outside my company's network i.e. internet. In my infrastrucrue BizTalk is behind the firewall so, we setup a REVERSE proxy server at DMZ layer and it is configured properly. I have tested a simple WCF service by replacing the localhost with Proxy server configured address <DNSName> and it worked absolutely fine. But when I change localhost in my BizTalk schema based published WCF service it is not working and I am getting following error. Really strugling to get it resolved. I wasted a whole 3 days....very upset. Please help me out by giving the detailed step solution. Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly. Requested URL: /BizTalkServiceInstance/MyService.svc I am surprized why other c# code based WCF services are working fine with reverse proxy settings. Server Error in '/' Application. The resource cannot be found.Is there any special things to consider Biztalk exposed wcf servcie over ssl in IIS cluster with ISA

  Hi Singam :)
  First I would start by browsing any other files (files other than the one from WCF) just to ensure that the reverse-proxy’s redirection rules are set correctly. If you get the same 404 error when you try to access other service/files “through reverse-proxy”,
  then it’s an issue in the redirection rule(s) in reverse-proxy.
  If others are fine i.e. no issue in reverse-proxy setup as such, then try the following for WCF service's web.config file. I have seen this issue in WCF service (not just BizTalk’s artifacts exposed as service in reverse-proxy). Add serviceHostingEnvironment
  config as show with in serviceModel section.
  <system.serviceModel>
  <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
  Regards,
  M.R.Ashwin Prabhu
  If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply.

• Acknowledgement sent over http on 'secure' channel

  Hi,
  I have configured a 'secure' eMS 2.0 channel with a https url of my partner: https://partner/eindpunt
  When I use this channel for outbound messages it works ok, the message is sent over https.
  When I use this channel for inbound messages it sends an ack over http, so http://partner/eindpunt
  I suspect this is because we use a proxy that does SSL handling, it receives messages over https and sends these over http to B2B.
  Well, we tested without the proxy, so inbound messages arrive over https directly to B2B, same result: ack is sent over http...
  Is there a switch to turn on https for the ack?
  I use SOA Suite 11.1.1.4.0
  Groeten,
  HJH
  Edited by: HJHorst on Apr 15, 2011 4:02 AM

  When you create an inbound ebMS agreement, you have to create a ebMS channel under Remote Trading Partner configuration and select that channel while creating the agreement (in Remote TP channel drop-down list). This channel will be used to post the acknowledgement back to trading partner. You may specify HTTP/HTTPS URL, whatever you want, in that channels configuration.
  Regards,
  Anuj