Released :: Reverse Proxy Plug-in 1.0.2

We are delighted to announce that Reverse Proxy Plug-in 1.0.2 is released for Sun Java System WebServer 6.1 SP11. It can be publicly downloaded at:
[https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_SMI-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=SJWS-6.1SP11-RPAddOn1.0.2-G-F@CDS-CDS_SMI]
The Release Notes are here: [http://docs.sun.com/app/docs/doc/820-7660]
This new RPP release addresses couple of bugs, that includes one RPP related bug fixed in the base WS6.1SP11.
All RPP Plug-in users (RPP1.0 & RPP1.0.1) are encourage to upgrade to RPP1.0.2 & WS6.1SP11.
Thank you to the entire product team for another great release!
On Behalf of WS Team!
============== WS6.1 SP11 Release =====================
We are delighted to announce that Web Server 6.1 SP11 has been released. It can be publicly downloaded at:
[https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_SMI-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=SJWS-6.1-SP11-OTH-G-F@CDS-CDS_SMI]
The Release Notes are here: [http://docs.sun.com/app/docs/doc/820-7659]
This service pack addresses around 15-bugs, which are mostly customer escalated issues. All users of Web Server 6.1 through Web Server 6.1 SP10 are encourage to upgrade.
Thank you to the entire product team for another great release!
On Behalf of WS Team!

Similar Messages

Reverse Proxy plug in and Load Balancer Plug in

Hi,
Can anyone please provide me with an example obj.conf file showing how to combine the reverse proxy plug-in and Load Balancer plug-in.
I would like to use the reverse proxy plug in to detect when static content is requested and provide this from the web server. Requests for dynamic content would then be forwarded to an Application server via the Load balancer plug-in. I have found plenty of documentation on how to configure these plug-in separately but nothing on how to combine the two.

smiking
reverse proxy plugin - its job is to forward the requests to another server for a specific task. you can use the webserver 7 . it does forward and limited load balancing (using round robin ) based on the number of servers you provide in the configuration. i would say this is a poor man's setup.
load balancer plugin - some app servers like sun java system app server or web logic provide this plugin so that you can effectively use the back end app server
with both these setup, you can <if> constructs to determine which requests need to be forwarded to the back end server.
I wonder, why do you need both - if both of them is designed to do the same thing.

Load Balancing with Reverse Proxy Plug-in in SunOne 6.1

Hello
we are configuring our reverse proxy web server SunOn 6.1 for load balancing and we have some conflicting information that we have found on the internet. The options we have found are the following:
1- In one case, it seems that all we need to do is add the destination servers to the servers parameter (quoted, space-delimited). We have read that the proxy server will simply round-robin requests.
2- In another case, we have seen that we have to use an loadbalancer.xml file with the server names and reference the file from both magnus.conf and obj.conf.
I have doubts about the second option because I really think this is configuration in 7.0 not 6.1.
Also, I also need to configure session stickiness but it is not clear how this works. There is an option for sticky cookies that defaults to JSESSIONID if not configured. Does this mean that I will have session stickiness but simply without the use of cookies?
ANY HELP? We need to solve this in the next day.

HI,
This may work for you.
obj.conf
<Object name="passthrough1">
Service fn="service-passthrough" servers="http://localhost:8080"
</Object>
<Object name="default">
AuthTrans fn="match-browser" browser="MSIE" ssl-unclean-shutdown="true"
NameTrans fn="assign-name" from="/idm(|/*)" name="passthrough1"
NameTrans fn="ntrans-j2ee" name="j2ee"
NameTrans fn="pfx2dir" from="/mc-icons" dir="D:/Sun/WebServer6.1/ns-icons" name="es-internal"
NameTrans fn="document-root" root="$docroot"
PathCheck fn="nt-uri-clean"
PathCheck fn="check-acl" acl="default"
PathCheck fn="find-pathinfo"
PathCheck fn="find-index" index-names="intro.htm,index.html,home.html,index.jsp"
ObjectType fn="type-by-extension"
ObjectType fn="force-type" type="text/plain"
Service method="(GET|HEAD)" type="magnus-internal/imagemap" fn="imagemap"
Service method="(GET|HEAD)" type="magnus-internal/directory" fn="index-common"
Service method="(GET|HEAD|POST)" type="~magnus-internal/" fn="send-file"
Service method="TRACE" fn="service-trace"
Error fn="error-j2ee"
AddLog fn="flex-log" name="access"
</Object>
<Object name="j2ee">
Service fn="service-j2ee" method="*"
</Object>
<Object name="cgi">
ObjectType fn="force-type" type="magnus-internal/cgi"
Service fn="send-cgi"
</Object>
<Object name="es-internal">
PathCheck fn="check-acl" acl="es-internal"
</Object>
============================================
magnus.conf
# The NetsiteRoot, ServerName, and ServerID directives are DEPRECATED.
# They will not be supported in future releases of the Web Server.
NetsiteRoot D:/Sun/WebServer6.1
ServerName abc
ServerID https-www.abc.com
RqThrottle 128
DNS off
Security off
ExtraPath D:/Sun/WebServer6.1/bin/https/bin
Init fn=flex-init access="$accesslog" format.access="%Ses->client.ip% - %Req->vars.auth-user% [%SYSDATE%] \"%Req->reqpb.clf-request%\" %Req->srvhdrs.clf-status% %Req->srvhdrs.content-length%"
Init fn="load-modules" shlib="D:/Sun/WebServer6.1/bin/https/bin/j2eeplugin.dll" shlib_flags="(global|now)"
Init fn="load-modules" shlib="D:/Sun/WebServer6.1/plugins/passthrough/passthrough.dll"

Sun Web server 6.1 SP9 Reverse proxy - Changing Web Server Context

I am trying to configure a Reverse Proxy such that it can change the context of the requested URL.
My SOWS reverse proxy plug-in is running on server server1.sample.com and the destination server is running on server2.sample.com. The use case, the incoming URL is [|http://server1.sample.com/dummy1/]...... and I need to map this to {color:#0000ff}http://server2.sample.com/*dummy2*/.....;{color} It looks like the reverse proxy only maps to a server level but disregards the context. The reason I say that, in the server 2 logs I see - .... trying to GET /dummy1....; I needed the call to look for dummy2 context. Can this be done?

well, web server uri processing does not understand web application level context (in terms of java web applications). however, if you would like to map all uri's ending with /dummy1 to go to /dummy2, then you can easily do this with web server 7 regular express processing
http://blogs.sun.com/elving/entry/mass_virtual_hosting_in_7
http://docs.sun.com/app/docs/doc/820-6599/gdaer?a=view
besides web server 7 includes a very tightly integrated reverse proxy unlike 6.1 where you need reverse proxy as a separate plugin. so, you might want to check out if ws7 can serve your needs
- sriram

Sun One Application Server 7 SSL Reverse Proxy Setup?

Hi,
I've made a similiar post on the Web Server forum,
http://forum.sun.com/jive/thread.jspa?threadID=95666&tstart=0
I've noticed there's a reverse proxy plug in setup for Web Server,
as well as a AddOn package for Application Server.
I've so far successfully installed the reverse proxy plugin for
the Web Server and it manage to passthrough the jsp contents
to the Application Server.
There's a file in our application server, Step2Cert.jsp in the
appserver that requires to be viewed/accessed in https mode
and I'm guessing the Web Server to Application Server communication
should be in https?
Anywhere I can find references on how this can be done?
My two references:
Web Server Reverse Proxy Plug-in
http://docs.sun.com/source/819-0902-05/rpp61.html
Web Server and Application Server setup for passthrough
http://docs.sun.com/source/819-2783/agplugin.html
I've not installed the AddOn package for the Appserver yet. But
I figured I should, right? I'm rather confused about the two
package.
Thanks,
Mac.

Hi,
I've made a similiar post on the Web Server forum,
http://forum.sun.com/jive/thread.jspa?threadID=95666&tstart=0
I've noticed there's a reverse proxy plug in setup for Web Server,
as well as a AddOn package for Application Server.
I've so far successfully installed the reverse proxy plugin for
the Web Server and it manage to passthrough the jsp contents
to the Application Server.
There's a file in our application server, Step2Cert.jsp in the
appserver that requires to be viewed/accessed in https mode
and I'm guessing the Web Server to Application Server communication
should be in https?
Anywhere I can find references on how this can be done?
My two references:
Web Server Reverse Proxy Plug-in
http://docs.sun.com/source/819-0902-05/rpp61.html
Web Server and Application Server setup for passthrough
http://docs.sun.com/source/819-2783/agplugin.html
I've not installed the AddOn package for the Appserver yet. But
I figured I should, right? I'm rather confused about the two
package.
Thanks,
Mac.

Sun One 6.1 reverse proxy with multiple certs

We are using Sun One Web Server 6.1sp6 as a reverse proxy without the passthrough plugin. We also have multiple certs and not a global cert and what we are seeing is the data getting "staged" on the web server before moving on to the destination (which obviously halves throughput). Some research tells us that this staging is happening because it needs to re-encrypt the packets for the next cert.
Is there any way besides having a global cert that we can get around this? Would using the passthrough plugin help?
Thanks,
Don

The thing is that it apparently doesn't do it on the fly, which is why I was wondering if the passthrough plug in would help. In other words, if I am sending a 10mb file through to the destination server (there's a weblogic server on the back end with a different cert that I want to do the real processing), the web server waits until it gets all 10mb then resends it. Seems it should do the encrypt/decrypt on a packet level to me.
As far as the config, I didn't set it up, I'm just trying to get it to work :)
Here are the configs, if it would help. If there's something set up wrong here, please feel free to point it out!
Thanks,
Don
magnus.conf
# The NetsiteRoot, ServerName, and ServerID directives are DEPRECATED.
# They will not be supported in future releases of the Web Server.
NetsiteRoot /iplanet/servers
ServerName rpserver.testdomain.com
ServerID https-rpserver.testdomain.com
RqThrottle 256
DNS off
Security on
PidLog /iplanet/servers/https-rpserver.testdomain.com/logs/pid
User iplanet1
StackSize 131072
TempDir /tmp/https-rpserver.testdomain.com-a9dd9515
PostThreadsEarly off
KernelThreads off
ChunkedRequestBufferSize 0
LogVerbose on
LogVsId off
AsyncDNS off
KeepAliveTimeout 10
UseNativePoll on
Init fn="load-modules" funcs="wl_proxy,wl_init" shlib=/iplanet/servers/plugins/nsapi/wls923/libproxy128_61.so
Init fn="wl_init"
Init fn="load-modules" shlib="/iplanet/servers/bin/https/lib/libj2eeplugin.so" shlib_flags="(global|now)"
Init fn="stats-init" profiling="on"
obj.conf
# The NetsiteRoot, ServerName, and ServerID directives are DEPRECATED.
# They will not be supported in future releases of the Web Server.
NetsiteRoot /iplanet/servers
ServerName rpserver.testdomain.com
ServerID https-rpserver.testdomain.com
RqThrottle 256
DNS off
Security on
PidLog /iplanet/servers/https-rpserver.testdomain.com/logs/pid
User iplanet1
StackSize 131072
TempDir /tmp/https-rpserver.testdomain.com-a9dd9515
PostThreadsEarly off
KernelThreads off
ChunkedRequestBufferSize 0
LogVerbose on
LogVsId off
AsyncDNS off
KeepAliveTimeout 10
UseNativePoll on
Init fn="load-modules" funcs="wl_proxy,wl_init" shlib=/iplanet/servers/plugins/nsapi/wls923/libproxy128_61.so
Init fn="wl_init"
Init fn="load-modules" shlib="/iplanet/servers/bin/https/lib/libj2eeplugin.so" shlib_flags="(global|now)"
Init fn="stats-init" profiling="on"
server.xml
<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE SERVER PUBLIC "-//Sun Microsystems Inc.//DTD Sun ONE Web Server 6.1//EN" "file:///iplanet/servers/bin/https/dtds/sun-web-server_6_1.dtd">
<SERVER qosactive="false">
<PROPERTY name="docroot" value="/iplanet/servers/docs"/>
<PROPERTY name="accesslog" value="/iplanet/servers/https-rpserver.testdomain.com/logs/access"/>
<PROPERTY name="user" value=""/>
<PROPERTY name="group" value=""/>
<PROPERTY name="chroot" value=""/>
<PROPERTY name="dir" value=""/>
<PROPERTY name="nice" value=""/>
<LS id="ls1" port="443" servername="rpserver.testdomain.com" defaultvs="https-rpserver.testdomain.com" security="on" ip="any" blocking="false" acceptorthreads="2">
<SSLPARAMS servercertnickname="Server-Cert" ssl2="off" ssl2ciphers="-rc4,-rc4export,-rc2,-rc2export,-desede3,-des" ssl3="on" tls="on" ssl3tlsciphers="-rsa_rc4_128_sha,+rsa_rc4_128_md5,-rsa_rc4_56_sha,-rsa_rc4_40_md5,+rsa_3des_sha,+rsa_des_sha,-rsa_des_56_sha,-rsa_rc2_40_md5,-rsa_null_md5,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,+fips_3des_sha,-fips_des_sha" tlsrollback="on" clientauth="off"/>
</LS>
<MIME id="mime1" file="mime.types"/>
<ACLFILE id="acl1" file="/iplanet/servers/httpacl/generated.https-rpserver.testdomain.com.acl"/>
<VSCLASS id="vsclass1" objectfile="obj.conf" rootobject="default" acceptlanguage="false">
<VS id="https-rpserver.testdomain.com" connections="ls1" mime="mime1" aclids="acl1" urlhosts="rpserver.testdomain.com" state="on">
<PROPERTY name="docroot" value="/iplanet/servers/docs"/>
<USERDB id="default"/>
<SEARCH>
<WEBAPP uri="/search" path="/iplanet/servers/bin/https/webapps/search" enabled="true"/>
</SEARCH>
</VS>
</VSCLASS>
<JAVA javahome="/iplanet/servers/bin/https/jdk" serverclasspath="/iplanet/servers/bin/https/jar/webserv-rt.jar:${java.home}/lib/tools.jar:/iplanet/servers/bin/https/jar/webserv-ext.jar:/iplanet/servers/bin/https/jar/webserv-jstl.jar:/iplanet/servers/bin/https/jar/ktsearch.jar" classpathsuffix="" envclasspathignored="true" nativelibrarypathprefix="" debug="false" debugoptions="-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n" dynamicreloadinterval="-1">
<JVMOPTIONS>-Djava.security.auth.login.config=/iplanet/servers/https-rpserver.testdomain.com/config/login.conf</JVMOPTIONS>
<JVMOPTIONS>-Djava.util.logging.manager=com.iplanet.ias.server.logging.ServerLogManager</JVMOPTIONS>
<JVMOPTIONS>-Xmx256m</JVMOPTIONS>
<SECURITY defaultrealm="native" anonymousrole="ANYONE" audit="false">
<AUTHREALM name="file" classname="com.iplanet.ias.security.auth.realm.file.FileRealm">
<PROPERTY name="file" value="/iplanet/servers/https-rpserver.testdomain.com/config/keyfile"/>
<PROPERTY name="jaas-context" value="fileRealm"/>
</AUTHREALM>
<AUTHREALM name="native" classname="com.iplanet.ias.security.auth.realm.webcore.NativeRealm">
<PROPERTY name="jaas-context" value="nativeRealm"/>
</AUTHREALM>
<AUTHREALM name="ldap" classname="com.iplanet.ias.security.auth.realm.ldap.LDAPRealm">
<PROPERTY name="directory" value="ldap://localhost:389"/>
<PROPERTY name="base-dn" value="o=isp"/>
<PROPERTY name="jaas-context" value="ldapRealm"/>
</AUTHREALM>
</SECURITY>
<RESOURCES/>
</JAVA>
<LOG file="/iplanet/servers/https-rpserver.testdomain.com/logs/errors" loglevel="info" logtoconsole="true" usesyslog="false" createconsole="false" logstderr="true" logstdout="true" logvsid="false"/>
</SERVER>

Lync Reverse Proxy Alternatives

When migrating from OCS 2007 to Lync 2010, we balked Microsoft’s recommendation to deploy Forefront Threat Management Gateway (or ISA) just to get the reverse proxy services.
TMG is way too expensive and complex for such a limited, simple use case.
I didn't find much information on what people are using as free alternatives to ISA/TMG, so I decided to post this discussion in case there are others out there who are interested.
We decided to use Apache 2.2 on Windows Server 2008 R2.
Here's how we configured it:
Read here to understand what features require a reverse proxy, and follow the steps to configure your FQDNs, Network Adapters and (maybe) obtain an SSL Certificate for the reverse proxy.
http://technet.microsoft.com/en-us/library/gg398069.aspx
Download and install the latest stable release of Apache with OpenSSL on your reverse proxy server.
http://httpd.apache.org/download.cgi
We're using the same certificate on the reverse proxy that we use on our front end server (it has the appropriate SANs), so we need to convert it to PEM format for use with Apache:
Use the Certificates MMC on your front end server to export the certificate and include the private key.
Transfer the resultant .pfx file to your reverse proxy server.
Use OpenSSL to convert your .pfx file to PEM:
openssl pkcs12 -in c:\pathto\yourcert.pfx -out c:\pathto\yourcert.pem –nodes
Separate the private key from the certificate using notepad:
Open the new .pem file and cut the text from the beginning of the file through the end of the “----END RSA PRIVATE KEY----“ tag.
Save that text to a new file named
yourcert.key.
Save
yourcert.pem, which should now only include the certificate.
Copy (or move) the certificate and private key to the Apache configuration directory. We like to use: C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\extra\ssl
for storing the certificates.
Edit httpd.conf (typically in
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf) to enable and configure the proxy and SSL features:
(See http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
for more information on each directive)
Uncomment the following lines, which will enable proxy and SSL:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
Add the following lines to configure reverse proxy behavior:
#Be a reverse proxy, not a forward proxy
ProxyRequests Off
#Accept requests from any client to any URL
<Proxy *>
Order Deny,Allow
Allow from all
</Proxy>
#Set the network buffer to improve throughput
ProxyReceiveBufferSize 4096
#Configure the Reverse Proxy to forward all requests to your front end server on 4443
ProxyPass / https://yourfrontend.domain.com:4443/
ProxyPassReverse / https://yourfrontend.domain.com:4443/
#Preserve Host Headers for Lync
ProxyPreserveHost On
Optionally, configure logging directives, bindings and server name.
Save and close httpd.conf
Edit httpd-ssl.conf (typically in conf\extra):
Configure the session cache:
Uncomment:
SSLSessionCache “dbm:C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/ssl_scache”
Comment out:
SSLSessionCache “shmcb:C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)”
Locate the <VirtualHost _default_:443> tag and configure the following:
Add the following directive:
SSLProxyEngine On
Configure the path to your SSL Certificate saved in step 3-5 above:
SSLCertificateFile “C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\extra\ssl\yourcert.pem”
Configure the path to your private key saved in step 3-5 above:
SSLCertificateKeyFile “C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\extra\ssl\yourcert.key”
Optionally, configure the SSLCACertificateFile (you can download the appropriate bundle from your CA).
Optionally, configure logging directives.
Save and close httpd-ssl.conf
Restart the Apache2.2 service
Configure public DNS records and appropriate firewall rules to allow public http/https traffic to the external interface of your reverse proxy, and to allow the internal interface of
the reverse proxy to talk to the front end Lync server on 8080 and 4443.
From an external connection, test connectivity through the reverse proxy:
Test
https://dialin.company.com (friendly URL for getting dial-in information, if you’re using voice conferencing)
Test the Lync Web App by setting up an online meeting and following the URL to join the meeting.
You can force the use of the web app by appending ?sl= to the end of the meet.company.com link.
See this for more information http://blogs.technet.com/b/jenstr/archive/2010/11/30/launching-lync-web-app.aspx
Hope this information is helpful and saves some of you some money and trouble.
Please contact me if you need further clarification or see any mistakes in my notes.
Best regards,
Kenneth Walden
Enterprise Systems Supervisor
GSD&M
Austin, TX

I'd like to thank you for this article. We were setting up Apache RP for Lync .... needless to say they weren't too excited to learn this new (and highly complex with lots of specific undocumented requirements) Microsoft product. Anyways, your
blog saved me a LOT of headache. I owe you big time.
AWESOME JOB.
-Greg
*****EDIT***
Decided to come back in there and post good information. We had issues with EXTERNAL and ANONYMOUS users being able to attend a meeting. The "DIALUP" url was working fine but the "MEETING" url was broken. On our WFE servers we were getting
the event error as below. Turns out that our reverse proxy was not set to "PROXYPRESERVEHOST ON". Once we put that in there ALL was good.
Notice that the MEET portion was the only thing that was really broken. So, if you can get DIALUP to work, but MEET doesn't ... your RP is working to FW the 443 to the 4443 correctly but you're RP is sending the wrong HEADER. Look for
http://10.x.x.x/meet/ or soemthing in the event logs.
Log Name: Application
Source: ASP.NET 2.0.50727.0
Date: 11/16/2011 1:26:35 PM
Event ID: 1309
Task Category: Web Event
Level: Warning
Keywords: Classic
User: N/A
Computer: OneofMyInternalWFEservers.local
Description:
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 11/16/2011 1:26:35 PM
Event time (UTC): 11/16/2011 6:26:35 PM
Event ID: b2039ecd0a62482284030f62e1e639d8
Event sequence: 129
Event occurrence: 28
Event detail code: 0
Application information:
 Application domain: /LM/W3SVC/34578/ROOT/meet-1-129658725547585993
 Trust level: Full
 Application Virtual Path: /meet
 Application Path: C:\Program Files\Microsoft Lync Server 2010\Web Components\Join Launcher\Ext\
 Machine name: MYWFE.local
Process information:
 Process ID: 14204
 Process name: w3wp.exe
 Account name: NT AUTHORITY\NETWORK SERVICE
Exception information:
 Exception type: HttpException
 Exception message: Server cannot append header after HTTP headers have been sent.
Request information:
 Request URL:
https://FQDN:4443/meet/MyName/456456
 User host address: gatewayIP
 User:
 Is authenticated: False
 Authentication Type:
 Thread account name: NT AUTHORITY\NETWORK SERVICE
Thread information:
 Thread ID: 7
 Thread account name: NT AUTHORITY\NETWORK SERVICE
 Is impersonating: False
 Stack trace: at System.Web.HttpHeaderCollection.SetHeader(String name, String value, Boolean replace)
 at Microsoft.Rtc.Internal.WebServicesAuthFramework.OCSAuthModule.EndRequest(Object source, EventArgs e)
 at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
 at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Custom event details:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
 <Provider Name="ASP.NET 2.0.50727.0" />
 <EventID Qualifiers="32768">1309</EventID>
 <Level>3</Level>
 <Task>3</Task>
 <Keywords>0x80000000000000</Keywords>
 <TimeCreated SystemTime="2011-11-16T18:26:35.000000000Z" />
 <EventRecordID>4483</EventRecordID>
 <Channel>Application</Channel>
 <Computer>XXXXXXXXXXXXXXXXXX</Computer>
 <Security />
</System>
<EventData>
 <Data>3005</Data>
 <Data>An unhandled exception has occurred.</Data>
 <Data>11/16/2011 1:26:35 PM</Data>
 <Data>11/16/2011 6:26:35 PM</Data>
 <Data>b2039ecd0a62482284030f62e1e639d8</Data>
 <Data>129</Data>
 <Data>28</Data>
 <Data>0</Data>
 <Data>/LM/W3SVC/34578/ROOT/meet-1-129658725547585993</Data>
 <Data>Full</Data>
 <Data>/meet</Data>
 <Data>C:\Program Files\Microsoft Lync Server 2010\Web Components\Join Launcher\Ext\</Data>
 <Data>SNKXS300</Data>
 <Data>
 </Data>
 <Data>14204</Data>
 <Data>w3wp.exe</Data>
 <Data>NT AUTHORITY\NETWORK SERVICE</Data>
 <Data>HttpException</Data>
 <Data>Server cannot append header after HTTP headers have been sent.</Data>
 <Data>XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</Data>
 <Data>/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</Data>
 <Data>10.71.1.1</Data>
 <Data>
 </Data>
 <Data>False</Data>
 <Data>
 </Data>
 <Data>NT AUTHORITY\NETWORK SERVICE</Data>
 <Data>7</Data>
 <Data>NT AUTHORITY\NETWORK SERVICE</Data>
 <Data>False</Data>
 <Data> at System.Web.HttpHeaderCollection.SetHeader(String name, String value, Boolean replace)
 at Microsoft.Rtc.Internal.WebServicesAuthFramework.OCSAuthModule.EndRequest(Object source, EventArgs e)
 at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
 at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
</Data>
</EventData>
</Event>

Reverse Proxy with Sun Web Server 7 update 4

Hi All,
I've just migrating to Sun Java System Web Server 7.0U4 B12/02/2008 from Sun Java System Web Server 7.0-Technology-Preview-3 B09/13/2006. I've have the two web servers running side by side on separate machines. Both have a VS configured as a reverse proxy pointing to the same apache tomcat web server.
The Tech Preview 3 server works fine and has been doing since it was installed. However the Update 4 server doesn't. I can access the tomcat app via the U4 server in a browser, but not with the app on my mobile (sync ML). Snooping the traffic show me that the U4 server is sending a different response that the Tech Preview server. I'm thinking it may have to do with Transfer Encoding: chunked. I've looked around the web to see if I can turn this off in the U4 server, as I seem to recall having to do so at some point in my life, though I can't remember when and with what.
Does anybody have any clues they can throw at me?? Or anybody know what has change in the reverse proxy part of the web server from Tech Preview 3 to U4??
Both VS reverse proxies are congfigured exactly the same.
Thanks,
Stuart.

well, technology preview is what the name says .. i am surprised that u decided to stick with a technology preview release all these days.. in any case, there should not have any feature change between technology preview build and U4. but , there has been lot of bug fixes - so, unless we know the exact problem - we can't easily narrow down the change between tp3 build with U4 and find out how it is affecting u.
here is a related article on how to use chunked encoding within web server 7
http://developers.sun.com/webtier/reference/techart/chunked_req.html
now, to help you more appropriately, you need to provide us with errors (probably with log level set to finest within server.xml) and let us know with the error reported by web server when it is unable to send those requests to back end tomcat
you can set log level to finest by running the following command
/sun/webserver7/bin/wadm set-config-prop -user=admin --config=<hostname> log-level=finest
/sun/webserver7/bin/wadm deploy-config --user=admin <hostname>
http://docs.sun.com/app/docs/doc/820-4842/set-config-prop-1?a=view
(once you have identified the problem, you might want to set log level to info as setting to finest will cause your logs to grow humongous and also hurt performance
thanks
sriram

What is the alternative to TMG/ISA For SSL-Bridging-Capable Reverse Proxy For System Center 2012 R2 IBCM?

When I look up alternatives to TMG many other answers say something like "Don't worry about it. TMG 2010 is under support until 2020."
Well, we don't have TMG and can't buy it since it is off the market. Can it still be legitimately purchased through any resellers?
We need a reverse proxy that specifically supports SSL-Bridging so that device certificate authentication is not broken when the connection passes through the proxy.
Which reverse proxies that are currently on the market are known to work successfully with System Center Config Manager Internet-Based Client Management and also with other Microsoft products such as Lync 2010 and RD Gateway 2012 R2?
Do any Cisco ASA or ACE models support the required functionality for machine certificate authentication?
We have ISA 2006 licenses available, but I would hate to roll that out and then have to replace it in only 2 years rather than using something that can stay in place long term. Maybe we could use ISA 2006 temporarily as a stopgap if the next version
released of Windows Server Web Application Proxy would meet the requirements and can be deployed in production before ISA 2006 is completely EOL.
I hate that Microsoft keeps discontinuing all the related products to this before they have their replacements ready.

Hi,
You are correct, all TMG product sales officially ended in December 2012.
In addition, an ISA Server and a TS Gateway server can be used together to enhance security for remote connections to internal network resources. However, it
seems that ISA 2006 cannot support that on Windows Server 2012 R2. For more detailed information:
Configuring the TS Gateway ISA Server Scenario
Personally, Web application proxy would be an alternate. In addition, for the question related to Cisco product, you can contact Cisco for assistance.
Best regards,
Susie

Unable to set session in Oracle Portal useing reverse proxy

I have deployed a reverse proxy (using Oracle HTTP Server) in front of a Oracle Portal Install (version 10.1.2.0.2). The steps followed to set this up came from the following documents:
Steps mentioned in Section 9.2 Configuring a Reverse Proxy for OracleAS Portal and OracleAS Single Sign-On for a reverse proxy on a Oracle HTTP Server.
http://download-west.oracle.com/docs/cd/B14099_15/core.1012/b13998/variants.htm#ASTED005
Also performed steps mentioned in -> Section 5.3.7 - Step 7: Enable Session Binding on OracleAS Web Cache of the Oracle® Application Server Portal Configuration Guide 10g Release 2 (10.1.2) -- B14037-03.
My current (example names shown only)setup details are as follows:
Reverse Proxy for SSO server (running on internal.oracle.com:7777): proxy.oracle.com:7777
Reverse Proxy for Portal server (running on internal.oracle.com:7778): proxy.oracle.com:7778
With the above steps completed, I can successfully use the http://proxy.oracle.com:7777/pls/orasso for login into SSO without any issues.
Users get authenticated successfully.
I can also use http://proxy.oracle.com:7778/pls/portal for viewing pages on the portal fine . All self referencing links have also been successfully modified to point to proxy.oracle.com:7778.
However, an attempt to login in the portal is not successful. Clicking on the 'Login' link successfully redirects to the SSO login page (http://proxy.oracle.com:7777/<login-page>). However, after successful authentication, the success page fails to show up and the user gets shown the initial login portal home page again.
There are no error messages shown on the screen.But it seems that user session is failing to be initiated/set correctly, as shown by the log file (in $PORTAL_ORACLE_HOME/j2ee/OC4J_Portal/application-deployments/portal/OC4J_Portal_default_island_1/application.log ):
06/11/21 16:49:31 portal: [module=RepositoryServlet, ecid=83928411196,1] Repository Gateway: LWUser: PUBLIC, Cookie: oracle.uix=0^^GMT+10:00;
portal=9.0.3+en-au+us+AUSTRALIA+22BC75924EEAD8A2E040007F010019F7+8DAC5E3559C95F5E0090A6F56FFA58192CB0F437CA57A9102A6394F1EB7FAB5DEE3BFA12C65
91C0C009B6......
06/11/21 16:49:31 portal: [module=RepositoryServlet, ecid=83928411196,1] ERROR: Repository Gateway error: Database Error: ORA=20001 ORA-20001:
Unable to obtain session information from the cookie. Please close your browser and reconnect.
ORA-06512: at "PORTAL.WPG_SESSION", line 149
ORA-06512: at line 22
Any help with this will be appreciated.
Thanks.

Hi Chris,
The begin of the expection stack gives you the reason:
06/11/03 09:13:59 java.sql.SQLException: The method 'setSavepoint' cant be called when a global transaction is active
The reason is, that either the whole global transaction must be commited or rollbacked.
I don't know your actual configuration, but between the methods begin() and commit()/rollback() of the UserTransaction instance, OC4J/OracleAS uses a global transaction (= XA transaction) in your configuration. The state of a global transactions is completely under the control of the application server and several restrictions must be considered. One of them is, that you can't use the method setSavePoint/. E.g. you can't also call the method setAutoCommit(true) in this state, or change the transaction isolation level via setTransactionIsolation(newLevel).
This is NOT a limitation of the OC4J/OracleAS but is true for ALL application servers.
P.S. I can successfully set savepoints and rollback to savepoints in weblogic 9.0This means, that WebLogic 9.0 doesn't use a global transaction in this case.
Because I don't know your configurations (Oracle and WebLogic) I can't say, why the behave different in this situation.
Best,
Manfred

Reverse Proxy and Load Balancer for SMP 2.3 and Agentry Application

Hi Expert,
I'm putting in place a mobile solution composed by SMP 2.3 SPS 4 and SAP ECC 6.0. In the SMP 2.3 I created the agentry server and I have deployed my agentry application.
My SMP/Agentry infrastructure is composed by two servers therefore I need a load balancer for balance the load into the several servers. Furthermore I need to use a reverse proxy in my DMZ zone.
Based on what indicated in the SAP note "1904213 - SAP Mobile Platform Server Release Information" the Apache Reverse Proxy is not supported for Agentry clients. Agentry uses nginx for Reverse Proxy.
I also found the following document How-to-Guide for Reverse Proxy and Load Balancing in SAP Mobile Platform 3.x that explain how to set-up a reverse proxy and load balancer with nginx and apache.
Both the SAP note and the HOW to document are refereed to SMP 3.0 and not to SMP 2.3.
I would know if the NGINX must be used also for SMP 2.3.
Any suggestion/information is appreciated.
Thanks in advance
g.

Please see Agentry Network Landscapes

Load Balance Plug-in VS Reserve Proxy Plug-in

Hi,
We are trying to setup the connectivity between sun java system web server 7.0 to glass fish 2.1.
Which technology of Load Balance Plug-in VS Reserve Proxy Plug-in is better? What is the advantage one over another? Thanks!

It may be helpful to note the lineage of the SAFs:
The GF LoadBalancer SAF is the eldest
The Web Server Reverse Proxy SAF is the next version and is derived from the GF LoadBalancer
The Reverse Proxy feature of WS7 is the third version and is derived from the Web Server Reverse Proxy SAF
The source for the Reverse Proxy SAF in WS7 is visible in the moribund Open Web Server source drop.

Reverse Proxy using S1AS7 with libpassthrough.so

My second tier is not functionning properly when placed behind a S1AS7 with reverse proxy
Client ====== SunOne web server with Passthrough ====== .NET app server & web services.
The web server configuration (reverse proxy � libpassthrough.so) is configured and is working correctly when it comes to requesting normal pages, however a problem arises when the request is made either by:
1- Invoking a web service on the .Net tier, or
2- The .Net tier performs a server.transfer call within the same .net server (Page transfer)
Keep in mind that the .Net tier works fine when not accessed through the reverse proxy.
We tried to isolate the problem from different angles but came up short, the http server log shows that the request was made
192.168.2.7 - - [14/Jul/2004:14:10:56 +0300] "POST /wavedms2.0/TestWebService/TestService.asmx HTTP/1.1" 100 0
Although response 100 indicates that it is waiting for more, while the web service error shows the following:
The underlying connection was closed: An unexpected error occurred on a receive.
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at TestWebService.oWebService.MyWebSvc.HelloWorld()
at TestWebService.Form1.button1_Click(Object sender, EventArgs e)
I appreciate any help you can provide us with a solution on this issue.

Thanks a million, yes it is exactly the same
Do you know if this release is available for download / purchase????

Apache as reverse proxy - 400 Bad request

Hi all,
I'm configured apache as reverse proxy according to this blog:
The Reverse Proxy Series -- Part 3: Apache as a reverse-proxy
When I try to navigate http://testcomp/irj I get "400 - Bad request"
See exception;
Message : User Guest, IP address
Cannot parse the http request. Http error response [400 Bad Request] will be returned. Request is [Host: sapportal:50000
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, /
Accept-Language: en,he;q=0.5
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; FDM; .NET CLR 2.0.50727)
Max-Forwards: 10
Via: 1.1 localhost
X-Forwarded-For: 10.0.0.4
X-Forwarded-Host: 10.0.0.6
X-Forwarded-Server: localhost
Connection: Keep-Alive
GET /irj HTTP/1.1
Host: sapportal:50000
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, /
Accept-Language: en,he;q=0.5
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; FDM; .NET CLR 2.0.50727)
Max-Forwards: 10
Via: 1.1 localhost
X-Forwarded-For: 10.0.0.4
X-Forwarded-Host: 10.0.0.6
X-Forwarded-Server: localhost
Connection: Keep-Alive
com.sap.engine.services.httpserver.exceptions.HttpIllegalArgumentException: Incompatible field content in the MIME header.
 at com.sap.engine.services.httpserver.lib.headers.MimeHeaderField.parse(MimeHeaderField.java:364)
 at com.sap.engine.services.httpserver.lib.headers.MimeHeaders.init(MimeHeaders.java:504)
 at com.sap.engine.services.httpserver.server.RequestAnalizer.initialize(RequestAnalizer.java:196)
 at com.sap.engine.services.httpserver.server.Client.initialize(Client.java:84)
 at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:143)
 at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
 at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
 at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
 at java.security.AccessController.doPrivileged(Native Method)
 at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
 at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
Severity : Error
Category :
Location : com.sap.engine.services.httpserver
Application :
Thread : SAPEngine_Application_Thread[impl:3]_32
Datasource : 9332850:C:usrsapPD9JC00j2eeclusterserver0logdefaultTrace.trc
Message ID : 000C29EFE9A300570000002D00000B9000043A81D3311894
Source Name : com.sap.engine.services.httpserver
Argument Objs :
Arguments :
Dsr Component :
Dsr Transaction : 5359e85066e411dcbf6b000c29efe9a3
Dsr User :
Indent : 0
Level : 0
Message Code :
Message Type : 0
Relatives :
Resource Bundlename :
Session : 2
Source : com.sap.engine.services.httpserver
ThreadObject : SAPEngine_Application_Thread[impl:3]_32
Transaction :
User : Guest
The lines I added to http.conf
#Enable reverse-proxying
ProxyVia on
ProxyTimeout 600
#disable forward-proxying
ProxyRequests Off
#proxy /irj both ways
ProxyPass /irj http://sapportal:50000/irj
ProxyPassReverse /irj http://testcomp/irj
#proxy /logon both ways
ProxyPass /logon http://sapportal:50000/logon
ProxyPassReverse /logon http://testcomp/logon
I tried with apache version 2.2.3 & 2.0.59 with no success.
My J2EE/Portal version is 6.17.
Since this is a testing environment the two computers are under the same workgroup (no domain).
If I naviagte directly to the portal (without the reverse proxy) everything is working.
How can I solve it?
Regards,
Omri

Hi Jakub,
Thanks for the answer.
It's not working for me...
I'm attaching my httpd.conf file.
Also, what apache version do you use?
Can you send me your post your httpd.conf file?
Thanks,
Omri
httpd.conf
This is the main Apache HTTP server configuration file. It contains the
configuration directives that give the server its instructions.
See <URL:http://httpd.apache.org/docs/2.2/> for detailed information.
In particular, see
<URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
for a discussion of each configuration directive.
Do NOT simply read the instructions in here without understanding
what they do. They're here only as hints or reminders. If you are unsure
consult the online docs. You have been warned.
Configuration and logfile names: If the filenames you specify for many
of the server's control files begin with "/" (or "drive:/" for Win32), the
server will use that explicit path. If the filenames do not begin
with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
with ServerRoot set to "c:/apache" will be interpreted by the
server as "c:/apache/logs/foo.log".
NOTE: Where filenames are specified, you must use forward slashes
instead of backslashes (e.g., "c:/apache" instead of "c:\apache").
If a drive letter is omitted, the drive on which Apache.exe is located
will be used by default. It is recommended that you always supply
an explicit drive letter in absolute paths, however, to avoid
confusion.
ThreadsPerChild: constant number of worker threads in the server process
MaxRequestsPerChild: maximum number of requests a server process serves
ThreadsPerChild 250
MaxRequestsPerChild 0
ServerRoot: The top of the directory tree under which the server's
configuration, error, and log files are kept.
Do not add a slash at the end of the directory path. If you point
ServerRoot at a non-local disk, be sure to point the LockFile directive
at a local disk. If you wish to share the same ServerRoot for multiple
httpd daemons, you will need to change at least LockFile and PidFile.
ServerRoot "c:/apache"
Listen: Allows you to bind Apache to specific IP addresses and/or
ports, instead of the default. See also the <VirtualHost>
directive.
Change this to Listen on specific IP addresses as shown below to
prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#Listen 12.34.56.78:80
Listen 80
Dynamic Shared Object (DSO) Support
To be able to use the functionality of a module which was built as a DSO you
have to place corresponding `LoadModule' lines at this location so the
directives contained in it are actually available before they are used.
Statically compiled modules (those listed by `httpd -l') do not need
to be loaded here.
Example:
LoadModule foo_module modules/mod_foo.so
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule cgi_module modules/mod_cgi.so
#LoadModule dav_module modules/mod_dav.so
#LoadModule dav_fs_module modules/mod_dav_fs.so
#LoadModule deflate_module modules/mod_deflate.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
#LoadModule expires_module modules/mod_expires.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule headers_module modules/mod_headers.so
LoadModule imagemap_module modules/mod_imagemap.so
LoadModule include_module modules/mod_include.so
#LoadModule info_module modules/mod_info.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule negotiation_module modules/mod_negotiation.so
#LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
#LoadModule speling_module modules/mod_speling.so
#LoadModule status_module modules/mod_status.so
#LoadModule unique_id_module modules/mod_unique_id.so
LoadModule userdir_module modules/mod_userdir.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
#LoadModule ssl_module modules/mod_ssl.so
'Main' server configuration
The directives in this section set up the values used by the 'main'
server, which responds to any requests that aren't handled by a
<VirtualHost> definition. These values also provide defaults for
any <VirtualHost> containers you may define later in the file.
All of these directives may appear inside <VirtualHost> containers,
in which case these default settings will be overridden for the
virtual host being defined.
ServerAdmin: Your address, where problems with the server should be
e-mailed. This address appears on some server-generated pages, such
as error documents. e.g. [email protected]
ServerAdmin @@ServerAdmin@@
ServerName gives the name and port that the server uses to identify itself.
This can often be determined automatically, but we recommend you specify
it explicitly to prevent problems during startup.
If your host doesn't have a registered DNS name, enter its IP address here.
ServerName localhost:80
DocumentRoot: The directory out of which you will serve your
documents. By default, all requests are taken from this directory, but
symbolic links and aliases may be used to point to other locations.
DocumentRoot "c:/apache/htdocs"
Each directory to which Apache has access can be configured with respect
to which services and features are allowed and/or disabled in that
directory (and its subdirectories).
First, we configure the "default" to be a very restrictive set of
features.
<Directory />
 Options FollowSymLinks
 AllowOverride None
 Order deny,allow
 Deny from all
 Satisfy all
</Directory>
Note that from this point forward you must specifically allow
particular features to be enabled - so if something's not working as
you might expect, make sure that you have specifically enabled it
below.
This should be changed to whatever you set DocumentRoot to.
<Directory "c:/apache/htdocs">
Possible values for the Options directive are "None", "All",
or any combination of:
Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
Note that "MultiViews" must be named explicitly --- "Options All"
doesn't give it to you.
The Options directive is both complicated and important. Please see
http://httpd.apache.org/docs/2.2/mod/core.html#options
for more information.
 Options Indexes FollowSymLinks
AllowOverride controls what directives may be placed in .htaccess files.
It can be "All", "None", or any combination of the keywords:
Options FileInfo AuthConfig Limit
 AllowOverride None
Controls who can get stuff from this server.
 Order allow,deny
 Allow from all
</Directory>
DirectoryIndex: sets the file that Apache will serve if a directory
is requested.
<IfModule dir_module>
 DirectoryIndex index.html
</IfModule>
The following lines prevent .htaccess and .htpasswd files from being
viewed by Web clients.
<FilesMatch "^\.ht">
 Order allow,deny
 Deny from all
</FilesMatch>
ErrorLog: The location of the error log file.
If you do not specify an ErrorLog directive within a <VirtualHost>
container, error messages relating to that virtual host will be
logged here. If you do define an error logfile for a <VirtualHost>
container, that host's errors will be logged there and not here.
ErrorLog logs/error.log
LogLevel: Control the number of messages logged to the error_log.
Possible values include: debug, info, notice, warn, error, crit,
alert, emerg.
LogLevel warn
<IfModule log_config_module>
The following directives define some format nicknames for use with
a CustomLog directive (see below).
 LogFormat "%h %l %u %t \"%r\" %>s %b \"%You need to enable mod_logio.c to use %I and %Oi\" \"%{User-Agent}i\"" combined
 LogFormat "%h %l %u %t \"%r\" %>s %b" common
 <IfModule logio_module>
 LogFormat "%h %l %u %t \"%r\" %>s %b \"%i\" \"%{User-Agent}i\" %I %O" combinedio
 </IfModule>
The location and format of the access logfile (Common Logfile Format).
If you do not define any access logfiles within a <VirtualHost>
container, they will be logged here. Contrariwise, if you do
define per-<VirtualHost> access logfiles, transactions will be
logged therein and not in this file.
 CustomLog logs/access.log common
If you prefer a logfile with access, agent, and referer information
(Combined Logfile Format) you can use the following directive.
 #CustomLog logs/access.log combined
</IfModule>
<IfModule alias_module>
Redirect: Allows you to tell clients about documents that used to
exist in your server's namespace, but do not anymore. The client
will make a new request for the document at its new location.
Example:
Redirect permanent /foo http://www.example.com/bar
Alias: Maps web paths into filesystem paths and is used to
access content that does not live under the DocumentRoot.
Example:
Alias /webpath /full/filesystem/path
If you include a trailing / on /webpath then the server will
require it to be present in the URL. You will also likely
need to provide a <Directory> section to allow access to
the filesystem path.
ScriptAlias: This controls which directories contain server scripts.
ScriptAliases are essentially the same as Aliases, except that
documents in the target directory are treated as applications and
run by the server when requested rather than as documents sent to the
client. The same rules about trailing "/" apply to ScriptAlias
directives as to Alias.
 ScriptAlias /cgi-bin/ "c:/apache/cgi-bin/"
</IfModule>
"c:/apache/cgi-bin" should be changed to whatever your ScriptAliased
CGI directory exists, if you have that configured.
<Directory "c:/apache/cgi-bin">
 AllowOverride None
 Options None
 Order allow,deny
 Allow from all
</Directory>
Apache parses all CGI scripts for the shebang line by default.
This comment line, the first line of the script, consists of the symbols
pound (#) and exclamation followed by the path of the program that
can execute this specific script. For a perl script, with perl.exe in
the C:\Program Files\Perl directory, the shebang line should be:
 #!c:/program files/perl/perl
Note you mustnot_ indent the actual shebang line, and it must be the
first line of the file. Of course, CGI processing must be enabled by
the appropriate ScriptAlias or Options ExecCGI directives for the files
or directory in question.
However, Apache on Windows allows either the Unix behavior above, or can
use the Registry to match files by extention. The command to execute
a file of this type is retrieved from the registry by the same method as
the Windows Explorer would use to handle double-clicking on a file.
These script actions can be configured from the Windows Explorer View menu,
'Folder Options', and reviewing the 'File Types' tab. Clicking the Edit
button allows you to modify the Actions, of which Apache 1.3 attempts to
perform the 'Open' Action, and failing that it will try the shebang line.
This behavior is subject to change in Apache release 2.0.
Each mechanism has it's own specific security weaknesses, from the means
to run a program you didn't intend the website owner to invoke, and the
best method is a matter of great debate.
To enable the this Windows specific behavior (and therefore -disable- the
equivilant Unix behavior), uncomment the following directive:
#ScriptInterpreterSource registry
The directive above can be placed in individual <Directory> blocks or the
.htaccess file, with either the 'registry' (Windows behavior) or 'script'
(Unix behavior) option, and will override this server default option.
DefaultType: the default MIME type the server will use for a document
if it cannot otherwise determine one, such as from filename extensions.
If your server contains mostly text or HTML documents, "text/plain" is
a good value. If most of your content is binary, such as applications
or images, you may want to use "application/octet-stream" instead to
keep browsers from trying to display binary files as though they are
text.
DefaultType text/plain
<IfModule mime_module>
TypesConfig points to the file containing the list of mappings from
filename extension to MIME-type.
 TypesConfig conf/mime.types
AddType allows you to add to or override the MIME configuration
file specified in TypesConfig for specific file types.
 #AddType application/x-gzip .tgz
AddEncoding allows you to have certain browsers uncompress
information on the fly. Note: Not all browsers support this.
 #AddEncoding x-compress .Z
 #AddEncoding x-gzip .gz .tgz
If the AddEncoding directives above are commented-out, then you
probably should define those extensions to indicate media types:
 AddType application/x-compress .Z
 AddType application/x-gzip .gz .tgz
AddHandler allows you to map certain file extensions to "handlers":
actions unrelated to filetype. These can be either built into the server
or added with the Action directive (see below)
To use CGI scripts outside of ScriptAliased directories:
(You will also need to add "ExecCGI" to the "Options" directive.)
 #AddHandler cgi-script .cgi
For type maps (negotiated resources):
 #AddHandler type-map var
Filters allow you to process content before it is sent to the client.
To parse .shtml files for server-side includes (SSI):
(You will also need to add "Includes" to the "Options" directive.)
 #AddType text/html .shtml
 #AddOutputFilter INCLUDES .shtml
</IfModule>
The mod_mime_magic module allows the server to use various hints from the
contents of the file itself to determine its type. The MIMEMagicFile
directive tells the module where the hint definitions are located.
#MIMEMagicFile conf/magic
Customizable error responses come in three flavors:
1) plain text 2) local redirects 3) external redirects
Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
EnableMMAP and EnableSendfile: On systems that support it,
memory-mapping or the sendfile syscall is used to deliver
files. This usually improves server performance, but must
be turned off when serving from networked-mounted
filesystems or if support for these functions is otherwise
broken on your system.
#EnableMMAP off
#EnableSendfile off
Supplemental configuration
The configuration files in the conf/extra/ directory can be
included to add extra features or to modify the default configuration of
the server, or you may simply copy their contents here and change as
necessary.
Server-pool management (MPM specific)
#Include conf/extra/httpd-mpm.conf
Multi-language error messages
#Include conf/extra/httpd-multilang-errordoc.conf
Fancy directory listings
#Include conf/extra/httpd-autoindex.conf
Language settings
#Include conf/extra/httpd-languages.conf
User home directories
#Include conf/extra/httpd-userdir.conf
Real-time info on requests and configuration
#Include conf/extra/httpd-info.conf
Virtual hosts
#Include conf/extra/httpd-vhosts.conf
Local access to the Apache HTTP Server Manual
#Include conf/extra/httpd-manual.conf
Distributed authoring and versioning (WebDAV)
#Include conf/extra/httpd-dav.conf
Various default settings
#Include conf/extra/httpd-default.conf
Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
Note: The following must must be present to support
 starting without SSL on platforms with no /dev/random equivalent
 but a statically compiled-in mod_ssl.
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
ProxyPreserveHost On
ProxyVia on
ProxyTimeout 600
#disable forward-proxying
ProxyRequests Off
#proxy /irj both ways
ProxyPass /irj http://sapportal:50000/irj
ProxyPassReverse /irj http://sapportal:50000/irj
#ProxyPassReverse /irj http://testcomp/irj
#proxy /logon both ways
ProxyPass /logon http://sapportal:50000/logon
ProxyPassReverse /logon http://sapportal:50000/logon
#ProxyPassReverse /logon http://testcomp/logon

Apache Reverse proxy with SSL

Hi,
I'm trying to install Apache Reverse proxy which will support both HTTP and HTTPS request.
What do I need to activate to support the HTTPS requests?
I installed Apache 2.0.53 Released and trying to activate the mod_ssl.
From Where can I get the mod_ssl.so?
I saw that there are 2 projects:
Apache Interface to OpenSSL (mod_ssl)
Apache-SSL
Do I need to use them in case I want to use HTTPs?
Regards,
Yael

Get the latest oppenssl compile it. before you compile apache, execute ./configure --help in the apache directory. It will give you the commands that you need to use to activate and deactivate various things in apache.
mine is as follows:
./configure --with-layout=GNU --enable-proxy --enable-ssl --with-ssl=/usr/lo
cal/src/apachessl/openssl-0.9.7f/ --enable-vhost-alias --enable-rewrite --enable
-so --enable-proxy-http --enable-proxy-connect --enable- headers
then make and make install.
hope it helps.
Jai

Released :: Reverse Proxy Plug-in 1.0.2

Similar Messages

Maybe you are looking for