Is Web Application Proxy enough as a secure Reverse Proxy/publishing solution

Similar Messages

• Can i setup a secure reverse proxy using sun one web proxy server and windows 2000?

  I've tried this on IPlanet Proxy 3.6 and, after reading the documentation, realized that SSL is not supported on the Windows platform. So I'm asking if it is supported using Sun One Web Proxy Server

  Hi,
  Yes, What you say is right.
  "The NT and Windows 2000 versions of iPlanet Web Proxy Server 3.6 do not support SSL".
  Sun One Web Proxy Server is as same as iPlanet webproxy server.
  May be in future relase of proxy server SSL will be supported in Win2000.
  Regards,
  Dakshin.
  Developer Technical Support
  Sun Microsystems
  http://www.sun.com/developers/support.

• How do I use Sun Web Server 7.0u1 reverse proxy to change public URLs?

  Some of our installations use the Sun Web Server 7.0 (update 1, usually)
  for hosting some of the public resource and reverse-proxying other parts
  of the URI namespace from other backend servers (content, application
  and other types of servers).
  So far every type of backend server served a unique part of the namespace
  and there was no collision of names, and the backend resources were
  published in a one-to-one manner. That is, a backend resource like, say,
  http://appserver:8080/content/page.html would be published in the internet
  as http://www.publicsite.com/content/page.html
  I was recently asked to research whether we can rename some parts of
  the public URI namespace, to publish some or all resources as, say,
  http://www.publicsite.com/data/page.html while using the same backend
  resources.
  Another quest, possibly related in solution, was to make a tidy url for the
  first page the user opens of the site. That is, in the current solution when
  a visitor types the url "www.publicsite.com" in his or her browser, our web
  server returns an HTTP-302 redirect to the actual first page URL, so the
  browser sends a second request (and changes the URL in its location bar).
  One customer said that it is not "tidy". They don't want the URL to change
  right upon first rendering the page. They want the root page to be rendered
  instantly i the first HTTP request.
  So far I found that I can't solve these problems. I believe these problems
  share a solution because it relies on ability to control the actual URI strings
  requested by Sun Web Server from backend servers.
  Some details follow, now:
  It seems that the reverse proxy (Service fn="service-passthrough") takes
  only the $uri value which was originally requested by the browser. I didn't
  yet manage to override this value while processing a request, not even if
  I "restart" a request. Turning the error log up to "finest" I see that even
  when making the "service-passthrough" operation, the Sun Web Server
  still remembers that the request was for "/test" (in my test case below);
  it does indeed ask the backend server for an URI "/test" and that fails.
  [04/Mar/2009:21:45:34] finest (25095) www.publicsite.com: for host xx.xx.xx.83
  trying to GET /content/MainPage.html while trying to GET /test, func_exec reports:
  fn="service-passthrough" rewrite-host="true" rewrite-location="true"
  servers="http://10.16.2.127:8080" Directive="Service" DaemonPool="2b1348"
  returned 0 (REQ_PROCEED)My obj.conf file currently has simple clauses like this:
  # this causes /content/* to be taken from another (backend) server
  NameTrans fn="assign-name" from="/content" name="content-test" nostat="/content"
  # this causes requests to site root to be HTTP-redirected to a certain page URI
  <If $uri =~ '^/$'>
      NameTrans fn="redirect"
          url="http://www.publicsite.com/content/MainPage.html"
  </If>
  <Object name="content-test">
  ### This maps http://public/content/* to http://10.16.2.127:8080/content/*
  ### Somehow the desired solution should instead map http://public/data/* to http://10.16.2.127:8080/content/*
      Service fn="service-passthrough" rewrite-host="true" rewrite-location="true" servers="http://10.16.2.127:8080"
      Service fn="set-variable" set-srvhdrs="host=www.publicsite.com:80"
  </Object>
  I have also tried "restart"ing the request like this:
      NameTrans fn="restart" uri="/data"or desperately trying to set the new request uri like this:
      Service fn="set-variable"  uri="/magnoliaPublic/Main.html"Thanks for any ideas (including a statement whether this can be done at all
  in some version of Sun Web Server 7.0 or its opensourced siblings) ;)
  //Jim

  Some of our installations use the Sun Web Server 7.0 (update 1, usually)please plan on installing the latest service pack - 7.0 Update 4. these updates addresses potentially critical bug fixes.
  I was recently asked to research whether we can rename some parts of
  the public URI namespace, to publish some or all resources as, say,
  http://www.publicsite.com/data/page.html while using the same backend
  resources.> now, if all the resources are under say /data, then how will you know which pages need to be sent to which back end resources. i guess, you probably meant to check for /data/page.html should go to <back-end>/content/page.html
  yes, you could do something like
  - edit your corresponding obj.conf (<hostname>-obj.conf or obj.conf depending on your configuration)
  <Object name=¨default¨>
  <If $uri = ¨/page/¨>
  #move this nametrans SAF (for map directive - which is for reverse proxy within <if> clause)
  NameTrans.. fn=map
  </If
  </Object>
  and you could do https-<hostname>/bin/reconfig (dynamic reconfiguration) to check out if this is what you wanted. also, you might want to move config/server.xml <log-level> to finest and do your configuration . this way, you would get enough information on what is going on within your server logs.
  finally,when you are satisfied, you might have to run the following command to make your manual change into admin config repository.
  <install-root>/bin/wadm pull-config user=admin config=<hostname> <hostname>
  <install-root>/bin/wadm deploy-config --user=admin <hostname>
  you might want to check out this for more info on how you could use <if> else condition to handle your requirement.
  http://docs.sun.com/app/docs/doc/820-6599/gdaer?a=view
  finally, you might want to refer to this doc - which explains on ws7 request processing overview. this should provide you with some pointers as to what these different directives mean
  http://docs.sun.com/app/docs/doc/820-6599/gbysz?a=view
  >
  One customer said that it is not "tidy". They don't want the URL to change
  right upon first rendering the page. They want the root page to be rendered
  instantly i the first HTTP request.
  please check out the rewrite / restart SAF. this should help you.
  http://docs.sun.com/app/docs/doc/820-6599/gdada?a=view
  pl. understand that - like with more web servers - ordering of directives is very important within obj.conf. so, you might want to make sure that you verify the obj.conf directive ordering is what you want it to do..
  It seems that the reverse proxy (Service fn="service-passthrough") takes
  only the $uri value which was originally requested by the browser. I didn't
  yet manage to override this value while processing a request, not even if
  I "restart" a request. Turning the error log up to "finest" I see that even
  when making the "service-passthrough" operation, the Sun Web Server
  still remembers that the request was for "/test" (in my test case below);
  it does indeed ask the backend server for an URI "/test" and that fails.
  now, you are in the totally wrong direction. web server 7 includes a highly integrated reverse proxy solution compared to 6.1. unlike 6.1, you don´t have to download a separate plugin . however, you will need to manually migrate your 6.1 based reverse proxy settings into 7.0. please check out this blog link on how to set up a reverse proxy
  http://blogs.sun.com/amit/entry/setting_up_a_reverse_proxy
  feel free to post to us if you need any futher help
  you are probably better off - starting fresh
  - install ws7u4
  - use gui or CLI to create a reverse proxy and map one on one - say content
  http://docs.sun.com/app/docs/doc/820-6601/create-reverse-proxy-1?a=view
  if you don´t plan on using ws7 integrated web container (ability to process jsp/servlet), then you could disable java support as well. this should reduce your server memory footprint
  <install-root>/bin/wadm disable-java user=admin config=<hostname>
  <install-root>/bin/wadm create-reverse-proxy user=admin uri-prefix=/content server=<http://your back end server/ config=<hostname> --vs=<hostname>
  <install-root>/bin/wadm deploy-config --user=admin <hostname>
  now, you can check out the regular express processing and <if> syntax from our docs and try it out within <https-<hostname>/config/<hostname>-obj.conf> file and restart the server. pl. note that once you disable java, ws7 admin server creates <vs>-obj.conf and you need to edit this file and not default obj.conf for your changes to be read by server.
  >
  I have also tried "restart"ing the request like this:
  NameTrans fn="restart" uri="/data"
  ordering is very important here... you need to do this some thing like
  <Object name=default>
  <If not $restarted>
  NameTrans fn=restart uri from=/¨ uri=/foo.
  </If>

• Sun Web Server Reverse Proxy and Weblogic HTTP to HTTPS redirection

  Hi,
  I am currently testing reverse-proxy from SJSW 7.0 update 5 to Weblogic server but I have encountered an issue.
  I have configured a context root to be forwarded to weblogic:
  Web Server: www.server.com
  URI: /path
  Reverse Proxy URL: wlserver:9000
  When I access https://www.server.com/path, I am getting the correct page. The issue is, the weblogic server is configured to redirect HTTP access to HTTPS, i.e., when I access http://www.server.com/path, it should be redirected to https://www.server.com/path. However, that is not the case. What happens is that I am being redirected instead to https://www.server.com/.
  If I don't use reverse proxy, that is, if I use the libproxy.so from weblogic, I get the correct redirection.
  Would appreciate it very much if someone can help me troubleshoot this issue.
  Thanks in advance!
  Edited by: agent_orange on Jul 29, 2010 2:30 AM
  Edited by: agent_orange on Jul 29, 2010 2:31 AM

  I am not sure, how you have configured your reverse proxy since you didn't attach / refer your current configuration file. this is how I would do it..
  - create a new configuration (using web server 7 admin gui , within configuration wizard, disable java option if you plan to use web server 7 only for reverse proxy)
  - select this new configuration and go to reverse proxy and try to reverse proxy / to the origin server.
  that is all it should need.
  your obj.conf or <hostname>-obj.conf depending on your configuration should look like following snippet
  <Object name="default">
  AuthTrans..
  NameTrans fn=map from="/" to="/path" name="reverse-proxy-/"
  </object>
  <Object name="reverse-proxy-/">
  Route fn=....
  Service ..
  </Object>
  this is all you should need..
  However, if you wanted to add complexity to your configuration, you could do some thing like
  <Object name="default">
  Auth..
  <If defined $security>
  NameTrans fn=map from="/" to="/path" name="reverse-proxy-/"
  </If>
  </Object>
  <Object name="reverse-proxy-/">
  Route...
  </Object>

• How to publish a sharepoint web application to internet for external users.

  Hi
  how to publish a share point site to internet,
  In test server : we branded a publishing enabled site and uploaded content and want to publish for internet users
  we have a production sharepont server,
  1) how to configure alternate access mappings in default zone,internet zone when we create new web application in prod share point server.
  adil

  For internet publishing ifyou want or need change the authentication method you need to EXTEND the website and enable the CLAIM authentication so the user can login using a HTML form for username and password.
  SharePoint make a url parsing to identify the content
  to display so you need to explain all the server name used for contacting the WebApplication. You can use 5 different name for the same server
  (AAM Alternate Access Mapping).
  N.B. http and https are different name (AAM Alternate Access Mapping)Lorenzo
  LSo Lorenzo Soncini Trento TN - Italy

• Secured connections for reverse proxy 4.0 possible?

  Hi,
  Is there any way to have a secure https to https connection while using Sun proxy server 4.0 as a reverse?
  I did the whole connect:// item with the 'connect://.*' defined in the routing table and just keep getting:
  "trying to GET /testdev/, deny-service reports: denying service of connect://testserver.***.com:481/testdev/"
  I tried defining it to https and get the "unable to find certificate".
  I am not showing the internal destination server ever receives any traffic from the reverse proxy, and the proxy logs seems to show it is blocking it all.
  So far coming in to the proxy server on an ssl https url and attempting to map it to another internal https server always fails.
  Mapping the same incoming https traffic to the same internal http server works fine (that is HTTP).
  So a client can hit our reverse proxy at HTTPS://reverseproxy.../testdev and get sent to an internal HTTP URL just fine.
  Doing the same thing to an internal HTTPS URL fails...
  Thanks much.

  The CONNECT is a method meant only for Proxies
  http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.9
  You might try searching for setting up secure reverse proxy in the docs.
  the method is to map using https->http & http->https in both sides.

• Cert auth with a SWS7 reverse-proxy in the way

  We are planning to try authenticating Access Manager 7.1 (Portal, Messaging Server) users with a certificate module so they don't have to enter usernames and passwords all the time.
  By architecture of the project, there are internal servers (actual AM, Portal, etc hosts in cluster config) in the internal LAN, and a Sun Web Server 7 in the DMZ acting as a load-balancer and reverse proxy which can filter some HTTP code if we need it to. This works okay for usual HTTP sessions.
  I have vague ideas how would this NOT break HTTPS sessions concerning the user cert auth module, but I have little to no practice with it.
  I would like to know whether we can offload SSL decoding to the Sun Web Server acting as a reverse proxy (with i.e. Niagara hardware for SSL acceleration) and pass/use the user's certificate information to an internal Access Manager host for user authentication, or are we stuck with TCP port-forwarding from internet straight to the internal hosts on the firewall or some hardware LB?
  Port-forwarding is not good because of security concerns, and in this case it seems we'd have to make several listening ports, one for each backend application, instead of publishing one standard 443 port on the rev-proxy...
  Perhaps there are ways to allow the Web Server to decode HTTPS handshake, determine the destination backend host, and pass the original HTTPS packets to it? Which server certificates would be in effect in such case, or should they be the same on front and backend hosts?
  Perhaps we should set up some AM component for the frontend hosts (I've seen keywords about Distributed Access Manager, but didn't research it yet)?
  Any other good ideas? :)

  Got the rever proxy to work.  Below are the field values in the reverse proxy setting that has worked:
  Reverse proxy name: <any name>
  Incoming http header host name: server1.domain..company.com (get it from the end-point in WSDL) 
  Incoming ICM port: port (get it from the end-point in WSDL)
  Substitute host name: server2.domain..company.com (has to be FQDN)
  Substitute http port: 80 (in my case)
  Substitute https port: (blank)
  Additional path prefix: (blank)
  Meta data protocol subsitution: http
  Endpoint protocol subsitution: http
  Status: active

• Redirecting all HTTP traffic to HTTPS that will reverse proxy specific URI

  -- Requirement --
  I have a Sun web server 6.1 SP4 that sits in a DMZ that must securely reverse proxy traffic to an internal application server listening on 443.
  The web server instance has two listen sockets, 80 and 443.
  The web server instance must accept traffic on port 80 but re-direct it to 443 so all subsequent traffic with the client happens over HTTPS.
  HTTPS traffic for "www.mydomain.com/myapp/" must be reverse proxied to the internal app server, "https://myapp.mydomain.com/myapp/".
  -- Current set-up --
  The server reverse proxies both HTTP and HTTPS traffic with the indicated URI.
  How can I constrain the reverse proxying to HTTPS traffic?
  Thanks for your help,
  Jez

  Thanks Chris that worked perfectly.
  Aside
  Before your solution I had (unsuccessfully) tried the following obj.conf directive
  <Client security="false">
  NameTrans fn="redirect" from="/" url-prefix="https://www.mydomain.com/"
  </Client>However, it didn't work - is it not possible to use the <Client security="false"> in this manner?

• Reverse Proxy Configuration - Apache as an SSL reverse-proxy

  Hi,
  We have EP 6.0 SP 14 installed with SSL configured.
  We are in need to open the application to internet.
  For the same we have set up a reverse proxy server (Apache as SSL
  Reverse Proxy).
  Our requirement is to open the application to the internet with
  web address https://abc.domain.com.
  The issue is we are able to access the application from internet only when
  https://abc.domain.com/irj/potal is typed.
  (ie.) Mapping is working fine for
  https://abc.domain.com/irj/portal to
  our EP Portal address https://abc2.domain.com:50001/irj/portal
  And not working for mapping https://abc.domain.com to our EP Portal
  address https://abc2.domain.com:50001/irj/portal
  We have been working on to resolve this issue for days together but have been really unsuccessful
  Kindly help us in resolving the same asap.
  Note : The references we used are:
  1. SAP's document:
  "Apache Reverse Proxy Configuration for J2ee 6.20 and 6.40 Web Applications"
  2. Weblogs:
  The Reverse Proxy Series -- Part 1: Introduction
  The Reverse Proxy Series -- Part 3: Apache as a reverse-proxy
  The Reverse Proxy Series -- Part 3.1: Apache as an SSL reverse-proxy
  Regards,
  venkat.

  Thanks much for the feedback. We're using the default settings on the HTTP rule we have set up for the portal on the ISA server. We'll be looking into the details of what the default rule settings are, however we did find a note in the Microsoft Knowledge base detailing with the ISA server screening high bits in URL strings for Outlook Web Access (OWA). This generates a similar error message. Here is the link to the detailed note on the Microsoft web site:
  http://support.microsoft.com/?scid=kb;en-us;837865
  Also,we are going to be applying the SP1 upgrade to the ISA server (released in March) to see if this might be some type of issue that may have been identified and corrected by the service pack. We'll see what happens with that.
  One area where we can recreate the problem at will is when we set up the system landscape configuration. We can navigate to a system configuration object, however when we attempt to right click to edit the object we get the error. There are other circumstances where we get errors but that is one that occurs for sure. Anyone have any idea as to what might be special about that type of transaction??
  Thanks again.
  Rich

• Direct calls within the oracle application server to the IIS using reverse

  trying to direct calls within the oracle application server to the IIS using reverse proxy. I am having problems...
  What is trying to be achieved is a call to the 3rd party web server (IIS with Oracle SSO plug-in) that will be invoked from the OAS.
  Any suggestions

  First you might get more response if you move your question to following forum:
  Oracle Application Server - General
  Second, I didn't quite understand your question. Can you pl. clarify it bit more? What exactly do you mean by invoking IIS from OAS (I am assuming by OAS you mean OC4J here)?
  Thanks
  Shail

• ISP redundancy and reverse proxy

  Greetings, community!
  We have two EDGE TMG servers and two INTERNAL TMG servers.
  We have two providers with two dedicated external IP addresses each.
  I configure ISP Redundancy for each EDGE TMG servers with parameters:
  Each EDGE TMG server has two External NIC and one Internal NIC. 
  EDGE 1: Provider1_IP1 and Provider2_IP1
  EDGE 2: Provider1_IP2 and Provider2_IP2
  ISP Connections:
  Provider1 and Provider2
  So, the trouble:
  We have some published Web-Services, like OWA, ActiveSync, TerminalGatewayServers and others.
  Also we made 4 external DNS records for each Web-Service.
  For example:
  mail.domain.com Provider1_IP1
  mail.domain.com Provider1_IP2
  mail.domain.com Provider2_IP1
  mail.domain.com Provider2_IP2
  If we try to connect from external to any published Web-Services, we have big delay (~ 30 sec), and then it connected.
  After some tests we find that ONLY ONE EDGE TMG server is used for reverce proxy. IP Addresses from EDGE 1 is unavailable from external access. But it still works as Web-Proxy from Internal connections. Reverse-Proxy works only for EDGE 2 IP Addresses.
  If we shutdown EDGE 2 TMG server, then Reverse-Proxy for EDGE 1 IP addresses are works correctly.
  Why all 4 my external IP addresses are not works for reverse-proxy? Only 2 from one of my EDGE servers.

  So, I still try to solve my problem...
  When I try to connect from External to one of my EDGE1 IP addresses, I got these logs:
  LOGS on DMZ server (EDGE1):
  Failed Connection Attempt DMZ-TMG-01 21.07.2014 11:27:40 
  Log type: Firewall service 
  Status: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.  
  Rule: Publish TMGBE HTTP 
  Source: External (77.73.111.194:3427) 
  Destination: Internal (172.16.0.100:80) 
  Protocol: HTTP Server 
  Additional information 
  Number of bytes sent: 0 Number of bytes received: 0
  Processing time: 21000ms Original Client IP: 77.73.111.194 
  LOGS on INTERNAL server:
  Initiated Connection BLK-TMG-02 21.07.2014 11:27:20 
  Log type: Firewall service 
  Status: The operation completed successfully.  
  Source: External (77.73.111.194:3427) 
  Destination: Local Host (172.16.0.100:80) 
  Protocol: HTTP 
  Additional information 
  Number of bytes sent: 0 Number of bytes received: 0
  Processing time: 0ms Original Client IP: 77.73.111.194
  Closed Connection BLK-TMG-02 21.07.2014 11:27:40 
  Log type: Firewall service 
  Status: A connection was abortively closed after one of the peers sent an RST packet.  
  Source: External (77.73.111.194:3427) 
  Destination: Local Host (172.16.0.100:80) 
  Protocol: HTTP 
  Additional information 
  Number of bytes sent: 304 Number of bytes received: 192
  Processing time: 20281ms Original Client IP: 77.73.111.194
  When I try to connect my EDGE2 server external IP addresses, then:
  LOGS on DMZ server (EDGE2):
  Initiated Connection DMZ-TMG-02 21.07.2014 11:57:17 
  Log type: Firewall service 
  Status: The operation completed successfully.  
  Rule: Publish TMGBE HTTP 
  Source: External (77.73.111.194:3429) 
  Destination: Internal (172.16.0.100:80) 
  Protocol: HTTP Server 
  Additional information 
  Number of bytes sent: 0 Number of bytes received: 0
  Processing time: 0ms Original Client IP: 77.73.111.194
  Closed Connection DMZ-TMG-02 21.07.2014 11:57:17 
  Log type: Firewall service 
  Status: A connection was gracefully closed in an orderly shutdown process with a three-way FIN-initiated handshake.  
  Rule: Publish TMGBE HTTP 
  Source: External (77.73.111.194:3429) 
  Destination: Internal (172.16.0.100:80) 
  Protocol: HTTP Server 
  Additional information 
  Number of bytes sent: 534 Number of bytes received: 146
  Processing time: 203ms Original Client IP: 77.73.111.194
  Then traffic was redirected to HTTPS:
  Initiated Connection DMZ-TMG-02 21.07.2014 11:57:17 
  Log type: Firewall service 
  Status: The operation completed successfully.  
  Rule: Publish TMGBE HTTPS 
  Source: External (77.73.111.194:3430) 
  Destination: Internal (172.16.0.100:443) 
  Protocol: HTTPS Server 
  Additional information 
  Number of bytes sent: 0 Number of bytes received: 0
  Processing time: 0ms Original Client IP: 77.73.111.194
  LOGS on INTERNAL server:
  Failed Connection Attempt BLK-TMG-02 21.07.2014 11:57:17 
  Log type: Web Proxy (Reverse) 
  Status: 12311 The page must be viewed over a secure channel (Secure Sockets Layer (SSL)). Contact the server administrator.  
  Rule: Publish OWA 
  Source: External (77.73.111.194:3429) 
  Destination: Local Host (172.16.0.100:80) 
  Request: GET http://mail.domain.com/ 
  Filter information: Req ID: 0a314138; Compression: client=Yes, server=No, compress rate=0% decompress rate=0% 
  Protocol: http 
  User: anonymous 
  Additional information 
  Client agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
  Object source: (No source information is available.)
  Cache info: 0x0
  Processing time: 1 MIME type:  
  It's OK, because IIS require SSL. Then:
  Initiated Connection BLK-TMG-02 21.07.2014 11:57:18 
  Log type: Firewall service 
  Status: The operation completed successfully.  
  Source: External (77.73.111.194:3429) 
  Destination: Local Host (172.16.0.100:80) 
  Protocol: HTTP 
  Additional information 
  Number of bytes sent: 0 Number of bytes received: 0
  Processing time: 0ms Original Client IP: 77.73.111.194 
  Closed Connection BLK-TMG-02 21.07.2014 11:57:18 
  Log type: Firewall service 
  Status: A connection was gracefully closed in an orderly shutdown process with a three-way FIN-initiated handshake.  
  Source: External (77.73.111.194:3429) 
  Destination: Local Host (172.16.0.100:80) 
  Protocol: HTTP 
  Additional information 
  Number of bytes sent: 786 Number of bytes received: 318
  Processing time: 15ms Original Client IP: 77.73.111.194
  And HTTPS:
  Allowed Connection BLK-TMG-02 21.07.2014 11:57:17 
  Log type: Web Proxy (Reverse) 
  Status: 302 Moved Temporarily 
  Rule: Publish OWA 
  Source: External (77.73.111.194:3430) 
  Destination: Local Host (10.1.200.129:443) 
  Request: GET http://mail.domain.com/ 
  Filter information: Req ID: 0a31413a; Compression: client=Yes, server=No, compress rate=0% decompress rate=0% 
  Protocol: https 
  User: anonymous 
  Additional information 
  Client agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
  Object source: Internet (Source is the Internet. Object was added to the cache.)
  Cache info: 0x40000000 (Response should not be cached.)
  Processing time: 1 MIME type: text/html; charset=UTF-8 
  I can't understand the difference between there servers. If I shutdown EDGE2, the Publishing will work fine through EDGE1.

• Reverse Proxy FTP server

  Now that TMG is end of life, I am setting up a new Web Application Proxy server to handle all of our reverse proxy duties. This has been fine except that it doesn't seem to be able to publish FTP. So I ask the Microsoft community, how am I supposed to
  reverse proxy an FTP server that's using FTPs? IIS ARR is not the solution. Thanks.

  Hi,
  Sorry to say that I only found that TMG/ISA or the IIS with ARR can be used as a reverse proxy for applications. Maybe some third-party reverse proxy server can
  achieve that.
  Best regards,
  Susie

• Something wrong with my SSL reverse proxy config.  HELP!

  Using Sun ONE Web Proxy Server 3.6-SP6
  1. Got Wildcard SSL Certificate from Verisign
  2. Ran sec-key
  made alias
  used password from Verisign
  3. Installed certificate
  Used "Trusted Certificate Authority (CA)"
  Pasted Cert in "Message Text (with headers)"
  4. Verified Certificate install in "Manage Certificates."
  5. Created regular and reverse mappings.
  When I try to turn on encryption, it says:
  Unable to read key file (9)
  What did I do wrong? I appreciate help from anyone.
  -ba

  What is the OS ?
  If it's Solaris, a truss will give you more details on the error.
  Verify the rights on your folder alias and all its contents.
  Can we have a more detailled error log file when you try to start the Proxy instance.
  Another remark :
  In the Admin Guide the scenario is called "Setting up a secure reverse proxy ".
  The problem is, that if the Webserver request for Client-Authentication
  within the SSL-Handshake the Proxy-Server has to present a cert signed as Client-Cert.
  Solution:
  - Proxy Server owner has own CA.
  Create CSR within Proxy Server and let the CSR be signed as Client Cert.
  - Proxy Server owner has not own CA.
  Choose a CA which allows to get client certs using CSR (e.g. tctrustcenter)
  Create CSR withing Proxy Server, at the common name use your name/Email=your.name@yourdomain
  Get the client cert at the CA using this CSR
  Import the cert into the Proxy Server.
  Create regular and reverse mappings
  e.g regular: http://test.content.org https://test.content.org
  reverse: https://test.content.org http://test.content.org
  Choose "initialize certificates only" at security settings for proxy instance.

• Change the redirect URL sent to reverse proxy

  Hi all,
  My system is composed of a reverse proxy(Apache 2.046) and a backend webserver (Oracle HTTP Server).
  To connect to a web application on the back end web server, the Internet user connect to reverse proxy via HTTPS and the reverse proxy forward the request to backend webserver via HTTP.
  Example :
  Internet user type :
  https://myreverseproxy/myWebApp
  The reverse proxy translate this to :
  http://mybackendserver/myWebApp
  The problem is myWebApp do a redirect like this:
  http://myreverseproxy/myWebApp/login.jsp
  How can I config the reverse proxy to change the redirect URL to :
  https://myreverseproxy/myWebApp/login.jsp
  Thank you in advance

  Hi Ove
      That is working fine.. Only thing i did is mapping node to /author . But is it possible to hit the author instance only wen i type http://localhost:4502/author . Ie: if I type http://localhost:4502 it should not resolve to my login page
  Thanks
  veena

• How to disable hostname verification on iplanet reverse proxy

  I am looking for a way to disable hostname verification of the application server url specified in teh reverse proxy setup.
  I am using the following setting in my Object definitions. It is failing due to the certificate CN is not matching the url I specified
  The error is :
  for host xx.yy.zz.ww trying to GET /uri/loginAction.do, service-http reports: HTTP7758: error sending request (SSL_ERROR_BAD_CERT_DOMAIN: Requested domain name does not match the server's certificate.)
  Route fn="set-origin-server" server="https://bbb.com:7002/" poll-timeout="20000" retries="2"
  My tomcat certificate CN has  aaa.com
  While I am using the tomcat on bbb.com.
  Is there any way to disable hostname verification on a reverproxy setup. I am unable to find any relevant documentation on this.
  The closest discussion I found was https://forums.oracle.com/thread/1943116 but it did not conclude anything.

  Found a solution from Oracle Knowledge base:
  This fixed our issue
  <Object name="reverse-proxy-/abc">
  ObjectType fn="ssl-client-config" validate-server-cert="false"
  Route fn="set-origin-server" server="https://server1.test.com:11011" server="https://server2.test.com:11011"
  </Object>