O-Portal behind reverse proxy, aliasing of o-portal url to generic url.
I'd like to setup o-Portal behind a reverse proxy. This is a proxy service which accepts connections on http://a.b.com/ and gets the content from internal webservers based on the url. For example http://a.b.com/pls/DAD1 comes from an o-Portal server but http://a.b.com/depts/ comes from a webserver. The problem with o-Portal is now, that it creates pages with its servername and port in the URL of the pages it serves out. For example, if it runs on server x.b.com on the port 7777 the links on all pages are http://x.b.com:7777/pls/DAD1. To get it to work correctly with my proxy, all these links should be http://a.b.com/pls/DAD1 and then the proxy gets the pages from http://x.b.com:77777/pls/DAD1.
How do I tell o-Portal to create this different URL in its pages? You could also say, I'd like to alias http://a.b.com/pls/DAD1 to http://x.b.com:77777/pls/DAD1
I'm sure there is a configuration setting to change this. We had the same problem with Oracle HR11i and there we got it solved.
Web Single Sign On applications like IBM WebSeal or Netegrity Siteminder use these kind of proxies to protect the intranet and to create a Single Sign On domain for all web servers.
Thanks,
Rainer
I also would like overcome this issue. I could not find an answer anywhere on Metalink or OTN.
Can a reverse-proxy (i.e. using ProxyPass & Reverse) be used with and internal Portal?
John Z
Butler Mfg. Co.
[email protected]
Similar Messages
-
Reverse Proxy from Apache to portal to 2 different ITS Systems
We're using Apache 2 webserver and we've enabled reverse proxy from our proxy server to our Enterprise Portal 7.0. We have transaction iviews for different systems, an ECC 6.0 and CRM 5.0. We are using the integrated ITS for these systems provided with basis version 7.0. We have all the necessary ports open in the firewall. I know how to configure the proxy when there's only one ITS server, but how would I do it for two (the ECC and CRM system)?
We have integrated ITS. I am not sure I understand where you are going with globalr.srvc file. We have two systems that we want to hit from the portal via reverse proxy. One is the ECC system and the other CRM 5.0. In our portal we use the integrated ITS for each system:
ECC sytem:
http://ecc.system.com:8001/sap/bc/gui/its/sap/webgui
CRM sytem:
http://crm.system.com:8001/sap/bc/gui/its/sap/webgui
The issue is how would I map to both ITS from the Apache reverse proxy -
Help with Apache Reverse Proxy configuration with SAP Portal and SAP Webgui
Dear Experts,
I have an issue configuring Apache to work with SAP Portal and ERP webgui. Accessing Portal through Reverse Proxy is working fine. But the problem arises when we try to open an iView ERP webgui transaction page from Portal with the Reverse Proxy. Have anyone implemented similar requirements and could advice on the configuration required on the Apache side? Thank youhi,
pls check the below links for reference:
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/24396589-0a01-0010-3c8c-ab2e3acf6fe2
searchsap.techtarget.com/searchSAP/downloads/chapter-december.pdf
1)Learn to implement the reverse proxy filter and portal gateway in SAP Enterprise Portal 6.0 on Web Application Server 6.40.
https:/.../irj/sdn/nw-portalandcollaboration?rid=/webcontent/uuid/006efe7b-1b73-2910-c4ae-f45aa408da5b
.2 )Configuring the Portal for Your Reverse Proxy Filter Solution . ... This document describes the reverse proxy filter mechanism in SAP Enterprise ...
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/32ad9b90-0201-0010-3c8a-c900cd685f8f
3)have full reverse proxy functionality. Possibly. filter. requests. Internet ... Reverse proxy (optionally with authentication etc.) ...
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/c066c390-0201-0010-3cba-cd42dfbcc8be
Note:please reward points if solution found helpfull
Regards
Chandrakanth.k -
Hi,
My application works behind a reverse proxy which has polices for secure and unsecure areas of the application. Architecture and Infra team is not willing to allow any root level policies in any case
When report viewer control is rendered on the page, it is adding a reference to the http handler Reserved.ReportViewerWebControl.axd in the script tag and the URL is at the root level. Unfortunately like other AjaxControlToolkit web resources I cannot modify
the URL to refer to the local script using ScriptManager.
Do we have any other property / means by which I can get this altered.
It is so unfortunate that the Microsoft.ReportViewer.WebForms assembly resources like scripts etc are not exposed as webresource at the assembly level and there is no way to modify this.
Does anyone has any solution to this?
Appreciate your help
Thanks in advance
BadalHi Badal,
Thank you for your question.
I am trying to involve someone more familiar with this topic for a further look at this issue. Sometime delay might be expected from the job transferring. Your patience is greatly appreciated.
Thank you for your understanding and support.
Thanks,
Alisa Tang
If you have any feedback on our support, please click
here.
Alisa Tang
TechNet Community Support -
Unable to set session in Oracle Portal useing reverse proxy
I have deployed a reverse proxy (using Oracle HTTP Server) in front of a Oracle Portal Install (version 10.1.2.0.2). The steps followed to set this up came from the following documents:
Steps mentioned in Section 9.2 Configuring a Reverse Proxy for OracleAS Portal and OracleAS Single Sign-On for a reverse proxy on a Oracle HTTP Server.
http://download-west.oracle.com/docs/cd/B14099_15/core.1012/b13998/variants.htm#ASTED005
Also performed steps mentioned in -> Section 5.3.7 - Step 7: Enable Session Binding on OracleAS Web Cache of the Oracle® Application Server Portal Configuration Guide 10g Release 2 (10.1.2) -- B14037-03.
My current (example names shown only)setup details are as follows:
Reverse Proxy for SSO server (running on internal.oracle.com:7777): proxy.oracle.com:7777
Reverse Proxy for Portal server (running on internal.oracle.com:7778): proxy.oracle.com:7778
With the above steps completed, I can successfully use the http://proxy.oracle.com:7777/pls/orasso for login into SSO without any issues.
Users get authenticated successfully.
I can also use http://proxy.oracle.com:7778/pls/portal for viewing pages on the portal fine . All self referencing links have also been successfully modified to point to proxy.oracle.com:7778.
However, an attempt to login in the portal is not successful. Clicking on the 'Login' link successfully redirects to the SSO login page (http://proxy.oracle.com:7777/<login-page>). However, after successful authentication, the success page fails to show up and the user gets shown the initial login portal home page again.
There are no error messages shown on the screen.But it seems that user session is failing to be initiated/set correctly, as shown by the log file (in $PORTAL_ORACLE_HOME/j2ee/OC4J_Portal/application-deployments/portal/OC4J_Portal_default_island_1/application.log ):
06/11/21 16:49:31 portal: [module=RepositoryServlet, ecid=83928411196,1] Repository Gateway: LWUser: PUBLIC, Cookie: oracle.uix=0^^GMT+10:00;
portal=9.0.3+en-au+us+AUSTRALIA+22BC75924EEAD8A2E040007F010019F7+8DAC5E3559C95F5E0090A6F56FFA58192CB0F437CA57A9102A6394F1EB7FAB5DEE3BFA12C65
91C0C009B6......
06/11/21 16:49:31 portal: [module=RepositoryServlet, ecid=83928411196,1] ERROR: Repository Gateway error: Database Error: ORA=20001 ORA-20001:
Unable to obtain session information from the cookie. Please close your browser and reconnect.
ORA-06512: at "PORTAL.WPG_SESSION", line 149
ORA-06512: at line 22
Any help with this will be appreciated.
Thanks.Hi Chris,
The begin of the expection stack gives you the reason:
06/11/03 09:13:59 java.sql.SQLException: The method 'setSavepoint' cant be called when a global transaction is active
The reason is, that either the whole global transaction must be commited or rollbacked.
I don't know your actual configuration, but between the methods begin() and commit()/rollback() of the UserTransaction instance, OC4J/OracleAS uses a global transaction (= XA transaction) in your configuration. The state of a global transactions is completely under the control of the application server and several restrictions must be considered. One of them is, that you can't use the method setSavePoint/. E.g. you can't also call the method setAutoCommit(true) in this state, or change the transaction isolation level via setTransactionIsolation(newLevel).
This is NOT a limitation of the OC4J/OracleAS but is true for ALL application servers.
P.S. I can successfully set savepoints and rollback to savepoints in weblogic 9.0This means, that WebLogic 9.0 doesn't use a global transaction in this case.
Because I don't know your configurations (Oracle and WebLogic) I can't say, why the behave different in this situation.
Best,
Manfred -
Reverse Proxy with Firewall on Portal R2
We are trying to configure Oracle Portal R2 in the reverse proxy mode. We have a Sun Enterprise 250 used in a single machine configuration. (Infr. and Mid tier on same machine)
The webcache server is listening on server.company.com:7781
The portal server is listening on server.company.com:7782
The login server is listening on server.company.com:7780
The proxy server is listening on www.company.com:81
According to the Oracle Portal Config Guide we have followed the steps to configure Apache (inclusion of the virtual hosts, etc) and run the ptlasst script to reconfigure portal. While portal responds correctly on www.company.com:81 when i try to log on using the login link I get redirected to server.company.com:7780/...
Obviously everything seems to be ok from within the LAN since i can see server.company.com, but via internet it doesnt work.
Here is how we run the script:
./ptlasst.csh -mode MIDTIER -host www.company.com -port 81 -chost server.company.com -cport_i 4007 -i custom -c server.company.com:1521:iasdb -pwd xxxxxx
How can we correct this problem? Do we need to run any other script?Hi Suraj,
The following is the problem.
We have Sun Enterprise 450 on which Oracle 9iAS Release 2 installed and we are trying to use reverse proxy plugin with iplanet, being installed on windows machine. In the hosts file i have mentioned the following required parameters ie.,
oproxy.serverlist=ias1
oproxy.ias1.hostname=http://192.168.1.12 - where Oracle 9iAS is installed
oproxy.ias1.port=7779
oproxy.ias1.urlrule=/*
oproxy.ias1.alias=http://myoracleportal.peesh.com
oproxy.ias1.stripcontext=false
and whenever i restart iplanet server after this, here is the following log information.
06/26/2002 11:57:52 AM: [op_nsapi_plugin.c (296)]: op_init: log_file=e:/iPlanet/https-pncl-hcl028-053.pinnacle.com/logs/oproxy.log server_file=e:/iPlanet/https-pncl-hcl028-053.pinnacle.com/config/servers/oracleProxyPluginInfo.conf
06/26/2002 11:57:52 AM: [op_uri_map.c (128)]: Into op_uri_map_t::uri_map_alloc
06/26/2002 11:57:52 AM: [op_uri_map.c (162)]: Into op_uri_map_t::uri_map_open
06/26/2002 11:57:52 AM: [op_worker_list.c (37)]: op_worker_list_init: propfile=e:/iPlanet/https-pncl-hcl028-053.pinnacle.com/config/servers/oracleProxyPluginInfo.conf p=0x00DC8828 l=0x00DBDA70
06/26/2002 11:57:52 AM: [op_worker_list.c (45)]: op_worker_list_init: numservers=1
06/26/2002 11:57:52 AM: [op_worker_list.c (57)]: op_worker_list_init: inside loop, serverlist[0]=ias1
06/26/2002 11:57:52 AM: [op_worker_list.c (73)]: op_worker_list_init: hostname=http://192.168.1.12
06/26/2002 11:57:52 AM: [op_worker_list.c (82)]: op_worker_list_init: port=7779
06/26/2002 11:57:53 AM: [op_uri_map.c (192)]: op_uri_map_t::uri_map_open, rule map size is 0
06/26/2002 11:57:53 AM: [op_uri_map.c (325)]: op_uri_map_t::uri_map_open, done
06/26/2002 11:57:53 AM: [op_nsapi_plugin.c (304)]: op_init: exiting
I have a feeling that "oracle_proxy_nes.dll" maintains all the .conf file information in a stack, whose size is 0.
pls see interpret this log the way you see.
thanks in advance,
gupta -
Cannot access the content producer portal via reverse proxy
Hi all,
I hope my post is in the right forum
We have an FPN environment using RRA with our EP (NW 7.0 SPS18) as the consumer and our BI portal (NW 7.0 SPS18) as the content producer. The consumer is registered with the producer using HTTP protocol. Everything works as expected.
We're trying to implement an Apache reverse proxy for our FPN with SSL termination so that we can access the portals from the Internet with HTTPS protocol while keeping HTTP protocol for the internal users.
Through the reverse proxy, we can access the consumer portal and we can access the producer portal directly without any problem. The only problem is that, if we logged onto the consumer via the reverse proxy, we cannot access the content from the producer. We'd get the browser security warning message
"Although this page is encrypted. The information you have entered will be sent over an unencrypted connection. ..."
When we hit the Continue button, we'd get the eror 404 Not Found - The request resource does not exist.
Our Unix admin tried both Apache and SAP Web Dispatcher but we couldn't get it to work properly. We went through a lot of blogs and documents and we are at our wits end. We would greatly appreciate if someone can point out where we should look at.
Thank you very much in advance.
DaoHi Kevin,
Unfortunately, our Unix admin thinks you missed the point because my question was not clear enough
We do not have problems with the "correct name" in the reverse proxy and our main SSL termination works fine.
It's just that the consumer is registered with the producer using HTTP protocol; as a result, the producer's URL link is 'hard-coded' to use HTTP protocol in the consumer portal since we are not using SSL in the internal network. Hence, we'd like to know if there's any way to change them to HTTPS for the Internet clients while keeping the HTTP protocol for the internal users.
I hope I made it clearer this time
Regards,
Dao -
Peoplesoft Portal with Reverse Proxy, content provider also need RP?
Hello there,
I need your help, I am currently implementing a PS Portal, I set my CRM as content provider, for safety reasons public access portal is configured using a reverse proxy (rp), my question is: Is there a different option to configure the CRM also with reverse proxy? as static content generated by CRM are then shown through the Website Portal (already rp),
Thanks and regards.
Alexander C.I also would like overcome this issue. I could not find an answer anywhere on Metalink or OTN.
Can a reverse-proxy (i.e. using ProxyPass & Reverse) be used with and internal Portal?
John Z
Butler Mfg. Co.
[email protected] -
I have been trying to implement my portal with a reverse proxy as described in the whitepaper Oracle9iASPortal Configuration Options dated Dec 2000. It hasn't gone well. I did get it to work on a plain portal with no users or customizations but now when I try to set it up with a portal with minor configuration changes, it no longer works thru the reverse proxy. Has anyone had success using Oracle9iASPortal v 1.0.2.1 with a reverse proxy?
The 9.0.4 Portal Configuration Guide has a section about setting this up:
5.6 Configuring Reverse Proxy Servers
The 9.0.4 documentation library can be found on OTN:
http://www.oracle.com/technology/documentation/appserver10g.html -
ACE behind Reverse Proxy - performance issue
Hi,
I've got a config working to accommodate the required use of reverse proxy servers infront of my application servers. Traffic comes into the Front ACE and I insert a header "SRCIP" with the original client IP address which is preserved through the Rev Proxy servers and is then inspected on the Back ACE to create a sticky to a given application server/SRCIP pairing. The use of the RP's appears to require using the persistence-rebalance option otherwise the traffic get stuck to the wrong app server. The app functions perfectly with this config; however, there is a severe performance impact. Using load-runner, we see response times go from 1.5 seconds to 16 seconds for the same transactions comparing this config to a previous config which used static sticky to bind the RP to the app servers..
Question: Is there a better way to do this and remain dynamic, or some way to optimize this approach to reduce the performance impact.
Relevant Config for both ACE's here:
!!Front ACE
parameter-map type http HTTP_REBAL
persistence-rebalance
length-exceed continue
sticky ip-netmask 255.255.255.255 address source ALPHA-SRCIP-sticky
timeout 60
replicate sticky
serverfarm ALPHA
policy-map type loadbalance first-match vip-R1A-ALPHA
class class-default
sticky-serverfarm ALPHA-SRCIP-sticky
insert-http SRCIP header-value "%is"
policy-map multi-match PREP-VIP
class VIP-ALPHA-R1A
loadbalance vip inservice
loadbalance policy vip-R1A-ALPHA
appl-parameter http advanced-options HTTP_REBAL
ssl-proxy server SSL_ALPHA_R1A
!!Back ACE
parameter-map type http HTTP_REBAL
persistence-rebalance
length-exceed continue
sticky http-header SRCIP ALPHA-SRCIP-sticky
timeout 60
replicate sticky
serverfarm coresoms-ALPHAfarm
class-map type http loadbalance match-all SRCIP-MAP
2 match http header SRCIP header-value ".*"
policy-map type loadbalance first-match vip-lb-ALPHA
class SRCIP-MAP
sticky-serverfarm ALPHA-SRCIP-sticky
policy-map multi-match lb-vip
class VIP-ALPHA
loadbalance vip inservice
loadbalance policy vip-lb-ALPHA
appl-parameter http advanced-options HTTP_REBALHi Joseph,
To achieve this you need to do stickiness based on some L7 parameter (either the header you are currently using or some cookie), so, whatever you do you will have to use persistence rebalance.
I have one possible theory for your issue.
The ACE has two different ways of treating the L7 connections internally, that we call "proxied" and "unproxied". In essence, the proxied mode means that the traffic will be processed by one of the CPU (normally to inspect/modify the L7 data), while, on the unproxied mode, the ACE sets up a hardware shortcut that allows forwarding traffic without the need to do any processing on it.
For a L7 connection, the ACE will proxy it at the beginning, and, once all the L7 processing has been done it will unproxy the connection to save resources. Before it goes ahead with the unproxying, it needs to see the ACK for the last L7 data sent. This wait, on a Internet environment can introduce around 100-200ms of delay for each HTTP request, which can end up adding into a very big delay. By default, if the ACE sees that the RTT to the client is more than 200ms, the connection will never be unproxied to avoid these delays, so I think we could fix your issue by tweaking this threshold.
From what you described, I asssume you don't have many connections (because they all come through a proxy) and that the connections will have a lot of HTTP requests inside. With that in mind, I would suggest setting the threshold to 0 to ensure to keep connections always proxied. To do this, you would nee to configure a parameter map like the one below and add it to your VIP
parameter-map type connection
set tcp wan-optimization rtt 0
Even though this setting may avoid your issue, it also has some drawbacks. The main one is that the ACE20 only supports up to 512K simultaneous L7 connections in proxied state (which includes also the connections towards the servers, so, it would be 250K for client connections), so, if the amount of simultaneous connections reaches that limit, new connections would be dropped. The second issue, although not so impacting, would be that the maximum number of connections per second supported would also go down slightly due to the increased processing needed.
I hope this helps
Daniel -
Apache installation for reverse proxy in linux for portal
dear all,
can u please guide me where to download the openssl apache foe linux for the reverse proxy
regards
revanthGoogle is your friend...
It will take 15 seconds !
Regards,
Olivier -
Portal 10.1.2 with reverse proxy
Hi,
Does anybody configure Portal 10.1.2 working with reverse proxy behind the firewall?
I tried using generic docs and Metalink Notes 270160.1, 262451.1, unsuccessful.
I ended with SSO not starting at all.
Now i have fresh install without proxy and I am looking for some success reference.
Thanx
JiriWhat are you going to use for the Reverse Proxy?
1) Apache
2) Oracle Isapi IIS Plugin
3) Oracle HTTP Server
4) Webcache
I've been dealing with basically #1, #2 for the past month so I could have some info for you there. How is your MT's / Infra configured? same server, different servers? Will the proxy be in another server? Do you have webcache running?
I would suggest making sure it works internally first with the name that you want before putting the reverse proxy infront of it. I have 1 URL that works now both internally and externally though a reverse proxy.
It sounds like your having some SSO configuration related issues with your name. These are somewhat difficult to troubleshoot, so if needed open a TAR and Oracle Support can pretty quickly help you resolve those. -
Reverse Proxy and SLD on an Enterprise Portal 7.0
Hi
I need to configure SLD and Reverse Proxy on an Enterprise Portal Server.
How do i do this...
can you refer me to the applicable guides
Thanks
KalyanHello,
Thank you to interest to my problem.
Browser -
SSL----
> Firewall/DMZ (No SSL termination, all traffic forwarded to ISA Server). Yes but there is a port translation port 443 to 50201
Firewall/DMZ -
SSL----
> ISA Servrer -- (SSL Termination)--. IN fact it is noit the ssl terminaison. But from this point the url is modify to reach the host with EP7.0
ISA Server--SSL--
> EP7.0 (port 502010) When I test my configuration I have the Message web page not found. With a capture software i have verified that the request is sent to my EP 7.0( url2). But no logon page appeares. With the modification on line of the HTTP provider in the dispatcher, i have checked that the response contains the URL1 and the standard port. But none web page is displayed.
Thank you for your help.
Regards,
Julien -
How to Install Apache 2.x with ssl on solaris 8/9 for reverse proxy
Hi,
I need to install Apache 2.x on solaris , along with mod_ssl and openssl . I am not sure where to find the required version for solaris and also where to find openssl and mod_ssl for installation for 2.x.
I need this for configuring reverse proxy pointing to the Portal.Harish,
I think, I don't get your problem...
the files are available at http://www.apache.org (binaries and source)
http://www.artfiles.org/apache.org/httpd/binaries/solaris/
openssl at http://www.openssl.org
mod_ssl at http://www.modssl.org
kr, achim -
Hi folks,
I have a huge problem here. I have a apache 2.0.50 on a Linux system that is to act as a reverse proxy for an enterprise portal. I have set up the apache to do reverse proxying and so far I have made first success. I can get to the login page of the portal and I even managed to make it show the images. The problem is, when I try to log on to the portal I am always send back to the logon page in the very instance. If I enter the wrong logon information I see the authorization failed text, but when I enter correct information I only see the logon page again.
I will put tyhe relevant part of my httpd.conf to this message and hope someone can point me to the right location or maybe even tell me what I'm doing wrong.
And ny the way, the portal itself works perfectky when connected directly.
Kind regards,
Christian Guenther
Reverse proxy configuration ############################################
NameVirtualHost 172.30.210.96
<VirtualHost 172.30.210.96>
ServerAdmin [email protected]
ServerName host.external.de
SSL is turned off at the moment
SSLEngine Off
SSLCertificateFile /etc/apache2/ssl.crt/proxy.cert.cert
SSLCertificateKeyFile /etc/apache2/ssl.key/proxy.cert.key
Set up as a proxy for internal SAP systems
ProxyRequests Off
ProxyPreserveHost Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
IRJ
<Location /irj/>
ProxyPass http://host.internal.lan:8001/irj/
ProxyPassReverse http://host.internal.lan:8001/irj/
rewriting rules for proxy
RewriteEngine On
RewriteCond % \.jsp
RewriteRule ^(.+) % [P]
RewriteCond % \.servlet
RewriteRule ^(.+) %
Portal
rewriting rules for proxy
[P]
</Location>
<Location />
ProxyPass http://host.internal.lan:8001/
ProxyPassReverse http://host.internal.lan:8001/
RewriteEngine On
RewriteCond % \.jsp
RewriteRule ^(.+) % [P]
RewriteCond % \.servlet
RewriteRule ^(.+) % [P]
</Location>
</VirtualHost>This is a valid configuration for an Apache Reverse Proxy:
ThreadsPerChild 250
MaxRequestsPerChild 0
ServerRoot /usr/local/apache2
Listen 443
#LoadModule dir_module modules/mod_dir.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule include_module modules/mod_include.so
#LoadModule autoindex_module modules/mod_autoindex.so
LoadModule access_module modules/mod_access.so
#LoadModule auth_module modules/mod_auth.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule mime_module modules/mod_mime.so
#LoadModule env_module modules/mod_env.so
#LoadModule headers_module modules/mod_headers.so
#LoadModule setenvif_module modules/mod_setenvif.so
LoadModule alias_module modules/mod_alias.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule ssl_module modules/mod_ssl.so
ServerAdmin [email protected]
ServerName your.servername.com
UseCanonicalName Off
make sure zou include these with valid entries...
Include conf/log.conf
Include conf/mime.conf
Include conf/default.conf
Include conf/ssl.conf
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
this is for the MS IE SSL bug
BrowserMatch ".MSIE." nokeepalive ssl-unclean-shutdown downgrade-1.0#
force-response-1.0
Header add P3P CP="NOI"
Proxy with caching
LoadModule cache_module modules/mod_cache.so
LoadModule disk_cache_module modules/mod_disk_cache.so
CacheRoot /usr/local/apache2/Cache
CacheEnable disk /
CacheDirLevels 5
CacheDirLength 3
<VirtualHost *:443>
ServerName your.servername.com
ServerAdmin [email protected]
Set the level of log entries - debug produces A LOT of messages
LogLevel debug
ErrorLog logs\error.log
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog logs\access.log common
NEVER turn this On, it would create a forward proxy
ProxyRequests Off
ProxyPreserveHost On
it is important that the proxy uses active protocol used in the
internet section of the request
RequestHeader set ClientProtocol https
Header add P3P CP="NOI"
we need to answer HTTPS requests, so we need an ssl engine
SSLEngine On
and a cipher suite plus certificate
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4RSA:HIGH:MEDIUM:LOW:SSLv2:EXP:+eNULL
SSLProtocol all -SSLv2
of course these entries have to be adopted
SSLCertificateFile conf/certs/server.crt
SSLCertificateKeyFile conf/certs/server.key
SSLOptions +StdEnvVars
this is for the bloody MS IE - I don't know why, but they seem to
have trouble learning in redmond
BrowserMatch ".MSIE." \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request.log \
"%t %h %x %x \"%r\" %b"
below are the proxied hosts - you always need ProxyPass
AND ProxyPassReverse otherwise it will not work correctly
ITS
#ProxyPass /iac/ http://itsserver:8081/iac/
#ProxyPassReverse /iac/ http://itsserver:8081/iac/
direct portal connection this ought to be the IP
ProxyPass /irj/ http://10.8.1.14:50000/irj/
ProxyPassReverse /irj/ http://10.8.1.14:50000/irj/
ProxyPass /logon/ http://10.8.1.14:50000/logon/
ProxyPassReverse /logon/ http://10.8.1.14:50000/logon/
Rewrite Rule in case ICM puts session information in URL
NEVER REALLY HARMS
RewriteEngine On
RewriteRule ^/(sap\(.*) http://10.8.1.14:50000/$1 [P,L]
#ProxyPass /chooselogin/ http://10.8.9.0:50000/chooselogin/
#ProxyPassReverse /chooselogin/ http://10.8.9.0:50000/chooselogin/
</VirtualHost>
Maybe you are looking for
-
This is the first time I get hacked this bad. I was working on a microsoft word document when the computer suddenly started typing meaningful sentences on its own that describes how skillfull the hacker is. At the that time I was on a friends wifi ne
-
Sub item not appearing in consolidation.
Hi Experts, We have an isse in consolidation. We have maintained few P&L GL accounts and have done some depreciation postings. How ever when we have checked in consolidation FS item is updating but sub item is(cost center) which is not updting. How c
-
SQL Server Failover Cluster Questions
Dear All, I am building a two-node failover cluster on SQL Server 2012 SP1 (inside Hyper-V as a Guest Cluster) and want clarification on few things that I am facing. 1. I am receiving MSDTC Warning. I can go ahead and create the cluster
-
Unable to Update to Nokia Belle - E7-00
hii.. I m not able to update my nokia e7 with nokia belle.. Moderator's Note: The subject was amended as we have created a new thread for this topic and moved it to the more appropriate board.
-
Installing and Running Air application from webpage
Hello , I am trying to run the air application from web page and its working fine in my system. (http://localhost:8080/examples/test1.html) if i try to run the same air application from another system's webpage by pointing the url to my system's IP A