IIS Reverse Proxy with URL rewrite.

Hi all, hoping to leverage the wealth of knowledge contained here.
Any assistance would be very welcome.
I'm having an issue getting a reverse proxy and URL rewrite working in IIS 7.0.
I need to redirect all requests with a specific virtual directory suffix only.
ie; https://domain.test.com/outbound/Content/query_etc
With /Outbound/ being the trigger.
This should be redirected to http://10.10.10.10/inbound/Content/query_etc
While at the same time, requests without the /outbound/ suffix should be handled locally.
I have configured the reverse proxy as described in a few articles, and have had no luck.
Here's a snippet from my (sanitized) web.config at the site level.
<rewrite>
<outboundRules>
<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
<match filterByTags="A" pattern="^http(s)?://10.10.10.10/inbound/(.*)" />
<action type="Rewrite" value="https://domain.test.com/outbound/{R:2}" />
</rule>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
</preConditions>
</outboundRules>
<rules>
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="^outbound/(.*)" />
<action type="Rewrite" url="http://10.10.10.10/inbound/{R:1}" appendQueryString="true" logRewrittenUrl="false" />
</rule>
</rules>
</rewrite>
To me, this looks correct, yet it doesn't work.
With this, I get the normal 404 - Error Code 0x80070002, with the text indicating the local directory doesn't exist, so.... not being picked up by the filter for redirection.

Hi Andrew,
Looking at your requirements it appears you need Reverse Proxy To Another Site/Server.
By using URL Rewrite Module together with
Application Request Routing module you can have IIS 7 act as a
reverse proxy.
It seems like URL Rewrite can't re-route the request somewhere else out of the server.
Even when you rewrite the url the actual connection remains with the server. Hence if your original server doesn't have /inbound/Content/query_etc  it will fail with 404.
Hosting multiple domain names under a single account using URL Rewrite.
It’s a common desire to have a single IIS website that handles multiple sites with different domain names.
References:
How to create a url alias using IIS URL Rewrite:
http://blogs.technet.com/b/mspfe/archive/2013/11/27/how-to-create-a-url-alias-using-iis-url-rewrite.aspx
Reverse Proxy with URL Rewrite v2 and Application Request Routing:
http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing
Regards,
Satyajit
Please“Vote As Helpful”
if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

Similar Messages

  • Is it possible IIS reverse Proxy for WAS ( BSP) ?????

    Hi
    I am able to setup IIS reverse proxy for Portal and other some internal website and it works well from outside the firewall. But for WAS (for BSP application), it repeatly prompt login screen even after gave correct user ID and password when call through proxy. But it work inside firewall.
    So really wonder is it possible to use IIS reverse proxy for WAS?
    Thanks
    Raibin

    Hi Raja
    Thanks for your message. But I already read this same and many other BLOGs. Everything talk about manything. And nothing helped me to find the solution. But friday I found the solution myself and happy to share with you and all others.
    The problem was related to the extra string getting added with in url to replace /bsp/   to   /bsp(xxxxxxxxxxxxx)/ and finally when I put the entry as below in my IISProxy.xml file, everything became OK.
    And I saw so many question related to EP 7.0 for outside access. There is one extra entry we have to put for webdynpro to make EP 7.0 working outside specially for admin screens.
    In the below example 'sapep' is Portal and 'sapecc' is ECC 5.0 server.
    <ISAPI-config version="1.6">
         <filter name="IisProxy filter" />
         <extension name="IisProxy extension" />
         <mapping name="PORTAL">
              <source>
                   <protocol>http</protocol>
                   <prefix>/irj</prefix>
                   <new-prefix>/irj/</new-prefix>
              </source>
              <source>
                   <protocol>http</protocol>
                   <prefix>/logon/</prefix>
              </source>
              <source>
                   <protocol>http</protocol>
                   <prefix>/webdynpro/</prefix>
              </source>
              <target>
                   <protocol>http</protocol>
                   <host>sapep.domain.com</host>
                   <port>50000</port>
              </target>
         </mapping>
         <mapping name="BSP">
              <source>
                   <protocol>http</protocol>
                   <prefix>/sap/</prefix>
              </source>
              <source>
                   <protocol>http</protocol>
            <prefix>/sap(bD1lbiZjPTA5NiZkPW1pbg==)/</prefix>
              </source>
              <target>
                   <protocol>http</protocol>
                   <host>sapecc.domain.com</host>
                   <port>1080</port>
              </target>
         <compress-types>text/html, text/plain</compress-types>
         </mapping>
    </ISAPI-config>
    I hope this will many to solve their problems.
    Thanks
    Raibin

  • Apache Reverse Proxy with Abap Web query

    Hi to all
      We are trying to configure apache 2 to work as a reverse proxy with web abap Netweaver installation.
    From inside the network the web query is fine.
    Running the query with the reverse proxy we have only the html code in the browser. All the scripts and css are not present.
    We checked some messages inside the forum and we have tried a lot of stuff without success.
    We use always linux (Fedora, Ubuntu with xampp or apache only) plus the html module or the publisher from http://apache.webthing.com.
    Our installation is like this the reverse proxy in the dmz and the netweaver to the inside off coarse, and we don't have the same domain name, i don't know if this is important.
    Any help/idea  is valuable.
    Thank you
    Yiannis

    Hi Olivier
    I have seen your solution in other messages but i didn't try it because i was trying to work with the html_proxy module.
    I read the documents you gave me plus some apache tutorials on the rewrite rule.
    In any case i have my installation working now.
    I did some extra changes in my config so now the rules are like that
    ProxyVia On
    ProxyBadHeader IsError
    ProxyRequests Off
    ProxyPreserveHost On
    ProxyPass /sap http://192.168.1.59:8001/sap
    ProxyPassReverse /sap http://192.168.1.59:8001/sap
    RewriteEngine On
    RewriteRule ^/(sap\(.*) http://192.168.1.59:8001/$1 [P,L]
    Thanks again for your help
    Yiannis

  • If user disable cookie how to set and use session with URL Rewritting

    if user disable cookie how to set and use session with URL Rewritting by append session ID in url

    If cookies are disabled, then app server will automatically try to use URL rewriting for session control. Programmer's responsibility is to encode any links or redirects using
    response.encodeURL("/yourPage.jsp")
    and
    response.encodeRedirectURL("/yourPage.jsp")
    See API for details
    http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/http/HttpServletResponse.html#encodeURL(java.lang.String))

  • IIS Reverse Proxy and Basic Authentication

    Hi,
    we've currently put a WebAS 6.40 serving a BSP Application in our Appl-DMZ. For the access via Web the IIS Reverse Proxy is used, which works fine as long as you use a service for which a user is provided (in SICF). But if you don't provide a user in the service (in order to debug the BSP Application) you have to authenticate yourself using Basic Authentication (Browser Popup) which does not work (the popup returns and returns ...)
    I' ve browsed the forums and it seems that the IIS Reverse Proxy does not support (the forwarding) of Basic Authentication "requests".
    So my question, does someone exactly know if the IIS Reverse proxy supports Basic Authentication or not ?
    Thanks,
    Markus

    Hello Markus,
    1. have you checked out Alon Weinstein's Weblog <a href="/people/sap.user72/blog/2005/02/23/the-reverse-proxy-series--part-2-iis-as-a-reverse-proxy">The Reverse Proxy Series -- Part 2: IIS as a reverse-proxy</a>?
    2. Is the IIS a must? Can you give Apache or SAP Web Dispatcher a try. Prakash Singh wrote a Weblog <a href="/people/prakash.singh4/blog/2005/08/16/how-to-setup-webdispatcher-to-load-balance-portal-in-a-clustered-environment">How to setup webdispatcher to load balance portal in a clustered environment</a>.
    Regards
    Gregor

  • CSM-S to Servers... Reverse proxy with authentication?

    Using a CSM-S with a number of web servers behind it, can the CSM-S be configured to act as a reverse proxy for the servers with no other equipment or licenses to buy?

    Reverse proxy with authentication.

  • Reverse proxy with apache2

    Hi folks,
    I have a huge problem here. I have a apache 2.0.50 on a Linux system that is to act as a reverse proxy for an enterprise portal. I have set up the apache to do reverse proxying and so far I have made first success. I can get to the login page of the portal and I even managed to make it show the images. The problem is, when I try to log on to the  portal I am always send back to the logon page in the very instance. If I enter the wrong logon information I see the authorization failed text, but when I enter correct information I only see the logon page again.
    I will put tyhe relevant part of my httpd.conf to this message and hope someone can point me to the right location or maybe even tell me what I'm doing wrong.
    And ny the way, the portal itself works perfectky when connected directly.
    Kind regards,
       Christian Guenther
    Reverse proxy configuration ############################################
    NameVirtualHost 172.30.210.96
    <VirtualHost 172.30.210.96>
       ServerAdmin [email protected]
       ServerName host.external.de
    SSL is turned off at the moment
       SSLEngine Off
       SSLCertificateFile /etc/apache2/ssl.crt/proxy.cert.cert
       SSLCertificateKeyFile /etc/apache2/ssl.key/proxy.cert.key
    Set up as a proxy for internal SAP systems
       ProxyRequests Off
       ProxyPreserveHost Off
       <Proxy *>
          Order deny,allow
          Allow from all
       </Proxy>
    IRJ
      <Location /irj/>
        ProxyPass http://host.internal.lan:8001/irj/
        ProxyPassReverse http://host.internal.lan:8001/irj/
    rewriting rules for proxy
        RewriteEngine On
        RewriteCond %  \.jsp
        RewriteRule ^(.+) % [P]
        RewriteCond % \.servlet
        RewriteRule ^(.+) %
    Portal
    rewriting rules for proxy
    [P]
      </Location>
      <Location />
        ProxyPass http://host.internal.lan:8001/
        ProxyPassReverse http://host.internal.lan:8001/
        RewriteEngine On
        RewriteCond %  \.jsp
        RewriteRule ^(.+) % [P]
        RewriteCond % \.servlet
        RewriteRule ^(.+) % [P]
      </Location>
    </VirtualHost>

    This is a valid configuration for an Apache Reverse Proxy:
    ThreadsPerChild 250
    MaxRequestsPerChild  0
    ServerRoot /usr/local/apache2
    Listen 443
    #LoadModule dir_module modules/mod_dir.so
    LoadModule rewrite_module modules/mod_rewrite.so
    LoadModule include_module modules/mod_include.so
    #LoadModule autoindex_module modules/mod_autoindex.so
    LoadModule access_module modules/mod_access.so
    #LoadModule auth_module modules/mod_auth.so
    LoadModule log_config_module modules/mod_log_config.so
    #LoadModule mime_module modules/mod_mime.so
    #LoadModule env_module modules/mod_env.so
    #LoadModule headers_module modules/mod_headers.so
    #LoadModule setenvif_module modules/mod_setenvif.so
    LoadModule alias_module modules/mod_alias.so
    LoadModule proxy_module modules/mod_proxy.so
    LoadModule proxy_http_module modules/mod_proxy_http.so
    LoadModule negotiation_module modules/mod_negotiation.so
    LoadModule ssl_module modules/mod_ssl.so
    ServerAdmin [email protected]
    ServerName your.servername.com
    UseCanonicalName Off
    make sure zou include these with valid entries...
    Include conf/log.conf
    Include conf/mime.conf
    Include conf/default.conf
    Include conf/ssl.conf
    BrowserMatch "Mozilla/2" nokeepalive
    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
    BrowserMatch "RealPlayer 4\.0" force-response-1.0
    BrowserMatch "Java/1\.0" force-response-1.0
    BrowserMatch "JDK/1\.0" force-response-1.0
    BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
    BrowserMatch "MS FrontPage" redirect-carefully
    BrowserMatch "^WebDrive" redirect-carefully
    BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
    BrowserMatch "^gnome-vfs" redirect-carefully
    BrowserMatch "^XML Spy" redirect-carefully
    BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
    this is for the MS IE SSL bug
    BrowserMatch ".MSIE." nokeepalive ssl-unclean-shutdown downgrade-1.0#
    force-response-1.0
    Header add P3P CP="NOI"
    Proxy with caching
    LoadModule cache_module modules/mod_cache.so
    LoadModule disk_cache_module modules/mod_disk_cache.so
    CacheRoot /usr/local/apache2/Cache
    CacheEnable disk /
    CacheDirLevels 5
    CacheDirLength 3
    <VirtualHost *:443>
        ServerName your.servername.com
        ServerAdmin [email protected]
    Set the level of log entries - debug produces A LOT of messages
        LogLevel debug
        ErrorLog logs\error.log
        LogFormat "%h %l %u %t \"%r\" %>s %b" common
        CustomLog logs\access.log common
    NEVER turn this On, it would create a forward proxy   
        ProxyRequests Off
        ProxyPreserveHost On
    it is important that the proxy uses active protocol used in the
    internet section of the request
        RequestHeader set ClientProtocol https
        Header add P3P CP="NOI"
    we need to answer HTTPS requests, so we need an ssl engine   
        SSLEngine On
    and a cipher suite plus certificate
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4RSA:HIGH:MEDIUM:LOW:SSLv2:EXP:+eNULL
        SSLProtocol all -SSLv2
    of course these entries have to be adopted
        SSLCertificateFile conf/certs/server.crt
        SSLCertificateKeyFile conf/certs/server.key
        SSLOptions +StdEnvVars
    this is for the bloody MS IE - I don't know why, but they seem to
    have trouble learning in redmond
        BrowserMatch ".MSIE." \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0
        CustomLog logs/ssl_request.log \
              "%t %h %x %x \"%r\" %b"
    below are the proxied hosts - you always need ProxyPass
    AND ProxyPassReverse otherwise it will not work correctly
    ITS
        #ProxyPass /iac/               http://itsserver:8081/iac/
        #ProxyPassReverse /iac/          http://itsserver:8081/iac/
    direct portal connection              this ought to be the IP
        ProxyPass /irj/               http://10.8.1.14:50000/irj/
        ProxyPassReverse /irj/          http://10.8.1.14:50000/irj/
        ProxyPass /logon/               http://10.8.1.14:50000/logon/
        ProxyPassReverse /logon/          http://10.8.1.14:50000/logon/
    Rewrite Rule in case ICM puts session information in URL
    NEVER REALLY HARMS
        RewriteEngine On
        RewriteRule  ^/(sap\(.*) http://10.8.1.14:50000/$1 [P,L]
        #ProxyPass /chooselogin/          http://10.8.9.0:50000/chooselogin/
        #ProxyPassReverse /chooselogin/     http://10.8.9.0:50000/chooselogin/
    </VirtualHost>

  • Apache Reverse proxy with SSL

    Hi,
    I'm trying to install Apache Reverse proxy which will support both HTTP and HTTPS request.
    <b>What do I need to activate to support the HTTPS requests?</b>
    I installed Apache 2.0.53 Released and trying to activate the mod_ssl.
    From Where can I get the mod_ssl.so?
    I saw that there are 2 projects:
    Apache Interface to OpenSSL (mod_ssl)
    Apache-SSL
    Do I need to use them in case I want to use HTTPs?
    Regards,
    Yael

    Get the latest oppenssl compile it. before you compile apache, execute ./configure --help in the apache directory. It will give you the commands that you need to use to activate and deactivate various things in apache.
    mine is as follows:
    ./configure --with-layout=GNU --enable-proxy --enable-ssl --with-ssl=/usr/lo
    cal/src/apachessl/openssl-0.9.7f/ --enable-vhost-alias --enable-rewrite --enable
    -so --enable-proxy-http --enable-proxy-connect --enable- headers
    then make and make install.
    hope it helps.
    Jai

  • Reverse Proxy with Sun Web Server 7 update 4

    Hi All,
    I've just migrating to Sun Java System Web Server 7.0U4 B12/02/2008 from Sun Java System Web Server 7.0-Technology-Preview-3 B09/13/2006. I've have the two web servers running side by side on separate machines. Both have a VS configured as a reverse proxy pointing to the same apache tomcat web server.
    The Tech Preview 3 server works fine and has been doing since it was installed. However the Update 4 server doesn't. I can access the tomcat app via the U4 server in a browser, but not with the app on my mobile (sync ML). Snooping the traffic show me that the U4 server is sending a different response that the Tech Preview server. I'm thinking it may have to do with Transfer Encoding: chunked. I've looked around the web to see if I can turn this off in the U4 server, as I seem to recall having to do so at some point in my life, though I can't remember when and with what.
    Does anybody have any clues they can throw at me?? Or anybody know what has change in the reverse proxy part of the web server from Tech Preview 3 to U4??
    Both VS reverse proxies are congfigured exactly the same.
    Thanks,
    Stuart.

    well, technology preview is what the name says .. i am surprised that u decided to stick with a technology preview release all these days.. in any case, there should not have any feature change between technology preview build and U4. but , there has been lot of bug fixes - so, unless we know the exact problem - we can't easily narrow down the change between tp3 build with U4 and find out how it is affecting u.
    here is a related article on how to use chunked encoding within web server 7
    http://developers.sun.com/webtier/reference/techart/chunked_req.html
    now, to help you more appropriately, you need to provide us with errors (probably with log level set to finest within server.xml) and let us know with the error reported by web server when it is unable to send those requests to back end tomcat
    you can set log level to finest by running the following command
    /sun/webserver7/bin/wadm set-config-prop -user=admin --config=<hostname> log-level=finest
    /sun/webserver7/bin/wadm deploy-config --user=admin <hostname>
    http://docs.sun.com/app/docs/doc/820-4842/set-config-prop-1?a=view
    (once you have identified the problem, you might want to set log level to info as setting to finest will cause your logs to grow humongous and also hurt performance
    thanks
    sriram

  • Apache reverse proxy and URL Iview

    Hi everybody,
    I'm trying to configure apache as reverse proxy to access my portal from extranet.
    The first problem I have is that I have to access a URL Iview that connect another internal application.
    ProxyPass /irj http://internaPortall/irj
    ProxyPassReverse /irj https://externalPortal/irj
    ProxyPass /irj http://internalApp/myApp
    ProxyPassReverse /irj https://externalApp/myApp
    In my portal the urlIview maps externalApp/myApp
    No problem to access my portal from extranet but I cannot get myApp.....
    Another point:
    I have configured SSL but if I try to connect
    https://externalPortal:8443/irj/
    apache redirects me to
    http://externalPortal/irj/
    Thanks a lot
    Massimiliano

    Hi,
    We are in a similiar situation. Can you please share the solution.
    Thanks...
    Vinay

  • Reverse Proxy with Firewall on Portal R2

    We are trying to configure Oracle Portal R2 in the reverse proxy mode. We have a Sun Enterprise 250 used in a single machine configuration. (Infr. and Mid tier on same machine)
    The webcache server is listening on server.company.com:7781
    The portal server is listening on server.company.com:7782
    The login server is listening on server.company.com:7780
    The proxy server is listening on www.company.com:81
    According to the Oracle Portal Config Guide we have followed the steps to configure Apache (inclusion of the virtual hosts, etc) and run the ptlasst script to reconfigure portal. While portal responds correctly on www.company.com:81 when i try to log on using the login link I get redirected to server.company.com:7780/...
    Obviously everything seems to be ok from within the LAN since i can see server.company.com, but via internet it doesnt work.
    Here is how we run the script:
    ./ptlasst.csh -mode MIDTIER -host www.company.com -port 81 -chost server.company.com -cport_i 4007 -i custom -c server.company.com:1521:iasdb -pwd xxxxxx
    How can we correct this problem? Do we need to run any other script?

    Hi Suraj,
    The following is the problem.
    We have Sun Enterprise 450 on which Oracle 9iAS Release 2 installed and we are trying to use reverse proxy plugin with iplanet, being installed on windows machine. In the hosts file i have mentioned the following required parameters ie.,
    oproxy.serverlist=ias1
    oproxy.ias1.hostname=http://192.168.1.12 - where Oracle 9iAS is installed
    oproxy.ias1.port=7779
    oproxy.ias1.urlrule=/*
    oproxy.ias1.alias=http://myoracleportal.peesh.com
    oproxy.ias1.stripcontext=false
    and whenever i restart iplanet server after this, here is the following log information.
    06/26/2002 11:57:52 AM: [op_nsapi_plugin.c (296)]: op_init: log_file=e:/iPlanet/https-pncl-hcl028-053.pinnacle.com/logs/oproxy.log server_file=e:/iPlanet/https-pncl-hcl028-053.pinnacle.com/config/servers/oracleProxyPluginInfo.conf
    06/26/2002 11:57:52 AM: [op_uri_map.c (128)]: Into op_uri_map_t::uri_map_alloc
    06/26/2002 11:57:52 AM: [op_uri_map.c (162)]: Into op_uri_map_t::uri_map_open
    06/26/2002 11:57:52 AM: [op_worker_list.c (37)]: op_worker_list_init: propfile=e:/iPlanet/https-pncl-hcl028-053.pinnacle.com/config/servers/oracleProxyPluginInfo.conf p=0x00DC8828 l=0x00DBDA70
    06/26/2002 11:57:52 AM: [op_worker_list.c (45)]: op_worker_list_init: numservers=1
    06/26/2002 11:57:52 AM: [op_worker_list.c (57)]: op_worker_list_init: inside loop, serverlist[0]=ias1
    06/26/2002 11:57:52 AM: [op_worker_list.c (73)]: op_worker_list_init: hostname=http://192.168.1.12
    06/26/2002 11:57:52 AM: [op_worker_list.c (82)]: op_worker_list_init: port=7779
    06/26/2002 11:57:53 AM: [op_uri_map.c (192)]: op_uri_map_t::uri_map_open, rule map size is 0
    06/26/2002 11:57:53 AM: [op_uri_map.c (325)]: op_uri_map_t::uri_map_open, done
    06/26/2002 11:57:53 AM: [op_nsapi_plugin.c (304)]: op_init: exiting
    I have a feeling that "oracle_proxy_nes.dll" maintains all the .conf file information in a stack, whose size is 0.
    pls see interpret this log the way you see.
    thanks in advance,
    gupta

  • System-wide Transparent Proxy With URL Patterns

    Internet censorship -where I live- has almost turned web unusable so  I decided to setup a transparent proxy using Tor for my home network.
    Since Tor is so slow -here- proxying all traffic through Tor would slow my connection to a crawl.  Therefore I need a mechanism to selectively proxy the traffic.
    I know a bit of 'iptables' and it looks to me like the solution to my problem.  However there's a trick.  As most of the websites I need to access through Tor (like Google+, Facebook and such) use several IP addresses for their entry points, it's almost impossible for me to add 'iptables' rules for all of those IP addresses.  I need a mechanism to proxy the traffic based on URL patterns.  For example I need to be able to proxy access to '*.facebook.com' through Tor.
    So the question boils down to:  how can I setup a system-wide transparent proxy using URL patterns?
    Any idea/hint is much appreciated.  TIA,
    Bahman
    Last edited by bahman (2012-01-04 07:48:44)

    Use privoxy with socks5 forwarding:
    http://www.privoxy.org/user-manual/config.html#SOCKS
    http://www.privoxy.org/user-manual/acti … F-PATTERNS

  • Sophos Firewall\Reverse Proxy With Lync 2013

    We currently have Lync 2013 deployed internally and working like a champ for about 5 months now. We are in the process of trying to get this rolled out externally and running into issues.
    It seems we have the ports opened up properly but the MS remote connectivity analyzer comes back with certificate error "The certificate couldn't be validated because SSL negotiation wasn't successful.
    I'm pretty certain our certificates are correct for the external edge server and the external firewall\Reverse proxy. From the Lync planning tool we have been following it and so far successful until the certificates. The certificates tool shows we should
    have the following certs assigned: (keep in mind we have 2 separate certificates assigned)
    Edge Server External
    Subject name: lyncaccess.domain.com
    SAN:webcon.domain.com and sip.domain.com
    Reverse Proxy:
    rp0100.domain.com (reverse proxy FQDN does resolve)
    SAN: dialin.domain.com, meet.domain.com, and temwac.domain.com (office web apps server)
    We requested the certificates from Go daddy and have them installed and the SANs are in there correct. The connectivity analyzer is able to get to our server using autodiscover over port 443, we see the traffic come in through the firewall and nothing is
    blocked just the certificate could not be validated.
    Has anyone deployed Lync using the Sophos UTM as a reverse Proxy any other ideas as to what we are missing with these certificates?
    The certificate couldn't be validated because SSL negotiation wasn't successful.
    The certificate couldn't be validated because SSL negotiation wasn't successful.

    lyncdiscover.domain.com does not resolve. Discovery is working fine through the connectivity analyzer. We actually figured that part out about the SSL. It seems we had the firewall and Reverse proxy rules in place on the Sophos appliance but the firewall
    rules leaving the edge server were being blocked. It took us about 1.5 days to figure that part out.
    The connectivity analyzer now is able to authenticate the certificates successfully. Of course it wouldn't be a Lync roll out without the next issue coming up.
    The next issue we have is the connectivity analyzer reaching the AV service. Which we are going to assume is a routing issue as well and are currently troubleshooting it:
    Couldn't sign in. Error: Error Message: The endpoint was unable to register. See the ErrorCode for specific reason..
    Error Type: RegisterException.
    Deregister Reason: None.
    Response Code: 504.
    Response Text: Server time-out.
    http://social.technet.microsoft.com/Forums/lync/en-US/f95c47cc-f8eb-4646-bdac-6c7244b26ff1/couldnt-sign-in-error-error-message-the-endpoint-was-unable-to-register-new-deployment?forum=ocsplanningdeployment
    Wish me luck.

  • Reverse Proxy with Coldfusion 8

    Has anyone set up Sun Java Web Server 7 to reverse proxy Coldfusion 8 (also running under SJWS7)? I can reverse proxy static HTML and SHTML content with SJWS7, but not Coldfusion content.
    Thanks in advance for any help, tips, etc.
    --Frank                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

    Thanks for replying, MV -- I've been out for a while -- sorry for the delay. Below are obj.conf and <vs> obj.conf:
    obj.conf
    # Copyright 2006 Sun Microsystems, Inc. All rights reserved.
    # Use is subject to license terms.
    # You can edit this file, but comments and formatting changes # might be lost when you use the administration GUI or CLI.
    <Object name="default">
    AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
    NameTrans fn="ntrans-j2ee" name="j2ee"
    NameTrans fn="pfx2dir" from="/mc-icons" dir="/opt/webserver7/lib/icons" name="es-internal"
    PathCheck fn="uri-clean"
    PathCheck fn="check-acl" acl="default"
    PathCheck fn="find-pathinfo"
    PathCheck fn="find-index-j2ee"
    PathCheck fn="find-index" index-names="index.html,home.html,index.jsp"
    ObjectType fn="type-j2ee"
    ObjectType fn="type-by-extension"
    ObjectType fn="force-type" type="text/plain"
    Service method="(GET|HEAD)" type="magnus-internal/directory" fn="index-common"
    Service method="(GET|HEAD|POST)" type="*~magnus-internal/*" fn="send-file"
    Service method="TRACE" fn="service-trace"
    Error fn="error-j2ee"
    AddLog fn="flex-log"
    </Object>
    <Object name="j2ee">
    Service fn="service-j2ee" method="*"
    </Object>
    <Object name="es-internal">
    PathCheck fn="check-acl" acl="es-internal"
    </Object>
    <Object name="cgi">
    ObjectType fn="force-type" type="magnus-internal/cgi"
    Service fn="send-cgi"
    </Object>
    <Object name="send-precompressed">
    PathCheck fn="find-compressed"
    </Object>
    <Object name="compress-on-demand">
    Output fn="insert-filter" filter="http-compression"
    </Object>
    wwwproxy-obj.conf
    # Copyright 2007 Sun Microsystems, Inc. All rights reserved.
    # Use is subject to license terms.
    # You can edit this file, but comments and formatting changes # might be lost when you use the administration GUI or CLI.
    <Object name="default">
    AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
    NameTrans fn="ntrans-j2ee" name="j2ee"
    NameTrans fn="pfx2dir" from="/mc-icons" dir="/opt/webserver7/lib/icons" name="es-internal"
    NameTrans fn="map" from="/" name="reverse-proxy-/" to="http:/"
    PathCheck fn="uri-clean"
    PathCheck fn="check-acl" acl="default"
    PathCheck fn="find-pathinfo"
    PathCheck fn="find-index-j2ee"
    PathCheck fn="find-index" index-names="index.html,home.html,index.jsp"
    ObjectType fn="type-j2ee"
    ObjectType fn="type-by-extension"
    ObjectType fn="force-type" type="text/plain"
    Service method="(GET|HEAD)" type="magnus-internal/directory" fn="index-common"
    Service method="(GET|HEAD|POST)" type="*~magnus-internal/*" fn="send-file"
    Service method="TRACE" fn="service-trace"
    Error fn="error-j2ee"
    AddLog fn="flex-log"
    </Object>
    <Object name="j2ee">
    Service fn="service-j2ee" method="*"
    </Object>
    <Object name="es-internal">
    PathCheck fn="check-acl" acl="es-internal"
    </Object>
    <Object name="cgi">
    ObjectType fn="force-type" type="magnus-internal/cgi"
    Service fn="send-cgi"
    </Object>
    <Object name="send-precompressed">
    PathCheck fn="find-compressed"
    </Object>
    <Object name="compress-on-demand">
    Output fn="insert-filter" filter="http-compression"
    </Object>
    <Object name="reverse-proxy-/">
    Route fn="set-origin-server" server="www.water.ca.gov"
    </Object>
    <Object ppath="http:*">
    Service fn="proxy-retrieve" method="*"
    </Object>

  • RDS 2012 - Using a reverse proxy with the Gateway server on the internal LAN

    Hi there,
    I'm looking to introduce an RDS 2012 farm and would like to put the RDS Gateway server on the internal LAN (due to it's AD requirements etc).
    What are the best practise options for using a reverse proxy to forward traffic to the gateway server and is it better to do this than just forward 443 traffic from the DMZ through to the Gateway directly?
    Thanks,
    Paul.

    Hi Paul,
    It is generally considered more secure to have a reverse proxy in front of RDG.  I don't know of a proxy that will handle the RDG UDP traffic, so you will need to consider using direct server return for that or not having the benefit of UDP.  Whether
    or not it is acceptable to simply forward TCP 443/UDP 3391 directly to your internal RDG is up to your security policies.  Many companies are fine with it while many other companies think it is unacceptable and require a reverse proxy or other method
    to provide an extra layer of protection.
    -TP

Maybe you are looking for