Retain Orginal URL after Reverse Proxying

Similar Messages

• Configuring a Apache Reverse Proxy for OracleAS Portal and OracleAS Single

  I'm trying to implement my Oracle Portal 10g Release 2 with a reverse proxy (Apache 2.2) as described in this link: http://download.oracle.com/docs/cd/B14099_19/core.1012/b13998/variants.htm#BEIFECEH without success. I have Oracle Portal, Oracle SSO,OID in the same domain and Apache Reverse Proxy in another domain. Has anyone had success using OracleAS Portal with a reverse proxy?

  First of all i'm trying to configure a reverse proxy only for Ora SSO (infra tier). Here is what i already do:
  APACHE REVERSE PROXY (Apache 2.2)
  http:/proxy.mycompany.com:80
  ProxyRequests off
  ProxyPassInterpolateEnv On
  ProxyPass / http:/portal.tech.everett.it:7777/
  ProxyPassReverse / http:/portal.tech.everett.it:7777/
  ProxyPreserveHost On
  ORACLE SSO
  http:/portal.mycompany.com:7777
  Here are the steps i already do:
  1- CONFIG OID
  create an ldif file called setdasurl.ldif and insert as follow:
  dn:cn=OperationURLs,cn=DAS,cn=Products,cn=OracleContext
  changetype: modify
  replace: orcldasurlbase
  orcldasurlbase: http:/proxy.mycompany.com/
  then do ldapmodify as follow:
  ldapmodify -x -h portal.mycompany.com -p 3060 -D "cn=orcladmin" -w password1 -v -f setdasurl.ldif
  2- CONFIG ORA SSO (as gentjan user)
  export ORACLE_HOME=/home/gentjan/product/10.1.2/OracleAS/infra/
  2.1-config Apache config of ORA SSO
  vi $ORACLE_HOME/Apache/Apache/conf/httpd.conf
  change from:
  ServerName portal.mycompany.com
  Port 7777
  KeepAlive On
  to:
  ServerName proxy.mycompany.com
  Port 80
  KeepAlive Off
  and add at the end of httpd.conf
  RewriteEngine On
  RewriteOptions inherit
  2.2- update DCM Repository (as root)
  *$ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct HTTP_Server -v -d*
  2.3- modify SSO Server Home URL to reverse proxy hostname and port (as root)
  *$ORACLE_HOME/sso/bin/ssocfg.sh http proxy.mycompany.com 80*
  2.4- Updating the targets.xml File
  Open the ORACLE_HOME/sysman/emd/targets.xml file and locate the target type oracle_sso_server.
  vi $ORACLE_HOME/sysman/emd/targets.xml
  Update the HTTPMachine and HTTPPort attributes with the proxy server host and port attributes that were passed to ssocfg. For example:
  Property NAME="HTTPMachine" VALUE="proxy.mycompany.com"
  Property NAME="HTTPPort" VALUE="80"
  Property NAME="HTTPProtocol" VALUE="http"
  Save and close the file.
  Reload the Application Server Control Console by issuing this command (as gentjan):
  *$ORACLE_HOME/bin/emctl reload*
  2.5- Re-register mod_osso on SSO Middle-tier with reverse proxy hostname and port
  some needed permissions
  chmod -R 775 /home/gentjan/product/10.1.2/OracleAS/infra/dcm/
  Re-register mod_osso (as gentjan)
  *$ORACLE_HOME/sso/bin/ssoreg.sh -oracle_home_path /home/gentjan/product/10.1.2/OracleAS/infra -site_name infra.proxy.mycompany.com -config_mod_osso TRUE -mod_osso_url http:/proxy.mycompany.com:80 -update_mode MODIFY*
  2.6- update DCM Repository (as root)
  *$ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct HTTP_Server -v -d*
  2.7- Restart OC4J_Security and Oracle HTTP Server at Infrastructure tier
  *$ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server*
  *$ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY*
  After this modifications my reverse proxy is ok.
  I can access to http:/proxy.mycompany.com:80 and this redirect me to Oracle Application Server Welcome page.
  If i try http:/proxy.mycompany.com/pls/orasso/orasso.home, i can view the SSO Server Home page.
  The problem that i find is when i click to Login page for Oracle SSO.
  I have the following error:
  Forbidden You don't have permission to access /pls/orasso/ORASSO.wwsec_app_priv.login on this server.
  So, in other words i can't do the login/logout under reverse proxy. Anyone can help?
  Gentjan

• How to configure SharePoint HNSC with a reverse proxy server so that HNSC Share Point URLs are not exposed to end users.

  Could you please let me know how SharePoint HNSC can be configured with a reverse proxy server so that HNSC Share Point URLs are not exposed to end users.
  In normal path based site collections/web applications, reverse proxy configuration can be done using alternate access mappings with  Public URL = "proxy URL", internal = "HNSC Share Point URL" so that share point sends response back
  to Public URL = "proxy URL".
  In Host Named Site Collections,  alternate access mappings  are not supported. Each HNSC is designed to have only one URL in each zone. Zone is one of the five zones(Default,Intranet,Internet,Custom,Extranet) with each of which only one alternate
  URL is associated.  This is what we are able to get using power shell command "Set-SPSiteUrl", but this will not help us to get the response back to proxy URL after a request sent to share point because we could not find any mechanism in share
  point HNSC to respond  to a different URL(proxy URL). Consequently, Share Point URLs are exposed to  external users.
  Below share point article in MSDN blog is symmetrical to what we are observing with Share Point 2013 and Proxy Server. It mentions that internal HNSC URLs can’t be hidden using any proxy server. If  hiding the internal Share Point URLS is a requirement,
  it suggests to use a web application instead of host named site collections.
  Though I’m also observing the same behavior with Share Point 2013 HNSC, Could you please confirm my understanding is correct.
  http://blogs.msdn.com/b/kaevans/archive/2012/03/27/what-every-sharepoint-admin-needs-to-know-about-host-named-site-collections.aspx
  Excerpt from above article-
  "Host Named Site Collections Only Use One Host Name
  Continuing on the discussion on AAMs and host named site collections, you cannot use multiple host names to address a site collection in SharePoint 2010. Because host-named site collections have a single URL, they do not support alternate access mappings and
  are always considered to be in the Default zone.  This is important if you are using a reverse proxy to provide access to external users. Products like Unified Access Gateway 2010 allow external users to authenticate to your gateway and access a site
  as http://uag.sharepoint.com and forward the call to http://portal.sharepoint.com. Remember that URL rewriting is not permitted. Further, a site collection can only respond to one host name. This means if you are using a reverse proxy, it must forward the
  calls to the same URL.  If your networking team has a policy against exposing internal URLs externally, you must instead use web applications and extend the web application using an alternate access mapping."<u5:p></u5:p>

  Hi Satish,
  You are right that only one URL is allowed for each zone of the host-name site collections in both SharePoint 2010 and SharePoint 2013.
  It is by design that each host-name site collection only support one URL for each zone.
  The article below is about RTM version of SharePoint, and it is the same for SharePoint 2013 with the latest CU.
  https://support.microsoft.com/en-us/kb/2826457
  So to make the URL of HNSC not exposed to external users is not supported, you need to use path-based sites instead.
  Best regards.
  Thanks
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• Uwc behind a reverse proxy asks for internal urls

  Hi,
  I have an uwc on the msg store. I try to access it through a web reverse proxy, but after the login page which appeared allright, the url is transformed to a internal url which is invalid from the normal outside scope.
  Is this setting a possible one, as advertised or not at all. And what would be the workaround, if any.
  Thanks
  Fran�ois

  Dear Expert,
  Can i know how do you config the reserve proxy to work with the uwc?
  my network topology is:
  machine A: uwc (https://port:443) and MEM (https://port 80) (both are running SSL)
  machine B: Messaging Server (MTA and store)
  machine C: ldap and Identity server
  the login page is https://commexp/uwc , after login, it divide to two main session.
  Mail tab - https://commexp:80
  Other tab - https://commexp/uwc
  How can i set the reverse proxy for this configuration?
  And which proxy are you using?
  Thanks a lot!
  Regards,
  Angus
  had the same problem, fix was -
  >
  >
  in Uwcauth.properties changes
  uwcauth.identity.login.url=http://bason.blah.com:81/am
  server/UI/Login
  AMconfig.properties changes
  com.sun.identity.server.fqdnMap[bason.blah.com]=bason.
  blah.com
  with the hostname (bason.blah.com) being the *uwc
  server* with reverse proxy on it
  for some fun have a look at the url you are directed
  too - in particular the parameters on the url...
  can anyone say "SECURITY HOLE"?

• How do I use Sun Web Server 7.0u1 reverse proxy to change public URLs?

  Some of our installations use the Sun Web Server 7.0 (update 1, usually)
  for hosting some of the public resource and reverse-proxying other parts
  of the URI namespace from other backend servers (content, application
  and other types of servers).
  So far every type of backend server served a unique part of the namespace
  and there was no collision of names, and the backend resources were
  published in a one-to-one manner. That is, a backend resource like, say,
  http://appserver:8080/content/page.html would be published in the internet
  as http://www.publicsite.com/content/page.html
  I was recently asked to research whether we can rename some parts of
  the public URI namespace, to publish some or all resources as, say,
  http://www.publicsite.com/data/page.html while using the same backend
  resources.
  Another quest, possibly related in solution, was to make a tidy url for the
  first page the user opens of the site. That is, in the current solution when
  a visitor types the url "www.publicsite.com" in his or her browser, our web
  server returns an HTTP-302 redirect to the actual first page URL, so the
  browser sends a second request (and changes the URL in its location bar).
  One customer said that it is not "tidy". They don't want the URL to change
  right upon first rendering the page. They want the root page to be rendered
  instantly i the first HTTP request.
  So far I found that I can't solve these problems. I believe these problems
  share a solution because it relies on ability to control the actual URI strings
  requested by Sun Web Server from backend servers.
  Some details follow, now:
  It seems that the reverse proxy (Service fn="service-passthrough") takes
  only the $uri value which was originally requested by the browser. I didn't
  yet manage to override this value while processing a request, not even if
  I "restart" a request. Turning the error log up to "finest" I see that even
  when making the "service-passthrough" operation, the Sun Web Server
  still remembers that the request was for "/test" (in my test case below);
  it does indeed ask the backend server for an URI "/test" and that fails.
  [04/Mar/2009:21:45:34] finest (25095) www.publicsite.com: for host xx.xx.xx.83
  trying to GET /content/MainPage.html while trying to GET /test, func_exec reports:
  fn="service-passthrough" rewrite-host="true" rewrite-location="true"
  servers="http://10.16.2.127:8080" Directive="Service" DaemonPool="2b1348"
  returned 0 (REQ_PROCEED)My obj.conf file currently has simple clauses like this:
  # this causes /content/* to be taken from another (backend) server
  NameTrans fn="assign-name" from="/content" name="content-test" nostat="/content"
  # this causes requests to site root to be HTTP-redirected to a certain page URI
  <If $uri =~ '^/$'>
      NameTrans fn="redirect"
          url="http://www.publicsite.com/content/MainPage.html"
  </If>
  <Object name="content-test">
  ### This maps http://public/content/* to http://10.16.2.127:8080/content/*
  ### Somehow the desired solution should instead map http://public/data/* to http://10.16.2.127:8080/content/*
      Service fn="service-passthrough" rewrite-host="true" rewrite-location="true" servers="http://10.16.2.127:8080"
      Service fn="set-variable" set-srvhdrs="host=www.publicsite.com:80"
  </Object>
  I have also tried "restart"ing the request like this:
      NameTrans fn="restart" uri="/data"or desperately trying to set the new request uri like this:
      Service fn="set-variable"  uri="/magnoliaPublic/Main.html"Thanks for any ideas (including a statement whether this can be done at all
  in some version of Sun Web Server 7.0 or its opensourced siblings) ;)
  //Jim

  Some of our installations use the Sun Web Server 7.0 (update 1, usually)please plan on installing the latest service pack - 7.0 Update 4. these updates addresses potentially critical bug fixes.
  I was recently asked to research whether we can rename some parts of
  the public URI namespace, to publish some or all resources as, say,
  http://www.publicsite.com/data/page.html while using the same backend
  resources.> now, if all the resources are under say /data, then how will you know which pages need to be sent to which back end resources. i guess, you probably meant to check for /data/page.html should go to <back-end>/content/page.html
  yes, you could do something like
  - edit your corresponding obj.conf (<hostname>-obj.conf or obj.conf depending on your configuration)
  <Object name=¨default¨>
  <If $uri = ¨/page/¨>
  #move this nametrans SAF (for map directive - which is for reverse proxy within <if> clause)
  NameTrans.. fn=map
  </If
  </Object>
  and you could do https-<hostname>/bin/reconfig (dynamic reconfiguration) to check out if this is what you wanted. also, you might want to move config/server.xml <log-level> to finest and do your configuration . this way, you would get enough information on what is going on within your server logs.
  finally,when you are satisfied, you might have to run the following command to make your manual change into admin config repository.
  <install-root>/bin/wadm pull-config user=admin config=<hostname> <hostname>
  <install-root>/bin/wadm deploy-config --user=admin <hostname>
  you might want to check out this for more info on how you could use <if> else condition to handle your requirement.
  http://docs.sun.com/app/docs/doc/820-6599/gdaer?a=view
  finally, you might want to refer to this doc - which explains on ws7 request processing overview. this should provide you with some pointers as to what these different directives mean
  http://docs.sun.com/app/docs/doc/820-6599/gbysz?a=view
  >
  One customer said that it is not "tidy". They don't want the URL to change
  right upon first rendering the page. They want the root page to be rendered
  instantly i the first HTTP request.
  please check out the rewrite / restart SAF. this should help you.
  http://docs.sun.com/app/docs/doc/820-6599/gdada?a=view
  pl. understand that - like with more web servers - ordering of directives is very important within obj.conf. so, you might want to make sure that you verify the obj.conf directive ordering is what you want it to do..
  It seems that the reverse proxy (Service fn="service-passthrough") takes
  only the $uri value which was originally requested by the browser. I didn't
  yet manage to override this value while processing a request, not even if
  I "restart" a request. Turning the error log up to "finest" I see that even
  when making the "service-passthrough" operation, the Sun Web Server
  still remembers that the request was for "/test" (in my test case below);
  it does indeed ask the backend server for an URI "/test" and that fails.
  now, you are in the totally wrong direction. web server 7 includes a highly integrated reverse proxy solution compared to 6.1. unlike 6.1, you don´t have to download a separate plugin . however, you will need to manually migrate your 6.1 based reverse proxy settings into 7.0. please check out this blog link on how to set up a reverse proxy
  http://blogs.sun.com/amit/entry/setting_up_a_reverse_proxy
  feel free to post to us if you need any futher help
  you are probably better off - starting fresh
  - install ws7u4
  - use gui or CLI to create a reverse proxy and map one on one - say content
  http://docs.sun.com/app/docs/doc/820-6601/create-reverse-proxy-1?a=view
  if you don´t plan on using ws7 integrated web container (ability to process jsp/servlet), then you could disable java support as well. this should reduce your server memory footprint
  <install-root>/bin/wadm disable-java user=admin config=<hostname>
  <install-root>/bin/wadm create-reverse-proxy user=admin uri-prefix=/content server=<http://your back end server/ config=<hostname> --vs=<hostname>
  <install-root>/bin/wadm deploy-config --user=admin <hostname>
  now, you can check out the regular express processing and <if> syntax from our docs and try it out within <https-<hostname>/config/<hostname>-obj.conf> file and restart the server. pl. note that once you disable java, ws7 admin server creates <vs>-obj.conf and you need to edit this file and not default obj.conf for your changes to be read by server.
  >
  I have also tried "restart"ing the request like this:
  NameTrans fn="restart" uri="/data"
  ordering is very important here... you need to do this some thing like
  <Object name=default>
  <If not $restarted>
  NameTrans fn=restart uri from=/¨ uri=/foo.
  </If>

• IIS Reverse Proxy with URL rewrite.

  Hi all, hoping to leverage the wealth of knowledge contained here.
  Any assistance would be very welcome.
  I'm having an issue getting a reverse proxy and URL rewrite working in IIS 7.0.
  I need to redirect all requests with a specific virtual directory suffix only.
  ie; https://domain.test.com/outbound/Content/query_etc
  With /Outbound/ being the trigger.
  This should be redirected to http://10.10.10.10/inbound/Content/query_etc
  While at the same time, requests without the /outbound/ suffix should be handled locally.
  I have configured the reverse proxy as described in a few articles, and have had no luck.
  Here's a snippet from my (sanitized) web.config at the site level.
  <rewrite>
  <outboundRules>
  <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
  <match filterByTags="A" pattern="^http(s)?://10.10.10.10/inbound/(.*)" />
  <action type="Rewrite" value="https://domain.test.com/outbound/{R:2}" />
  </rule>
  <preConditions>
  <preCondition name="ResponseIsHtml1">
  <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
  </preCondition>
  </preConditions>
  </outboundRules>
  <rules>
  <rule name="ReverseProxyInboundRule1" stopProcessing="true">
  <match url="^outbound/(.*)" />
  <action type="Rewrite" url="http://10.10.10.10/inbound/{R:1}" appendQueryString="true" logRewrittenUrl="false" />
  </rule>
  </rules>
  </rewrite>
  To me, this looks correct, yet it doesn't work.
  With this, I get the normal 404 - Error Code 0x80070002, with the text indicating the local directory doesn't exist, so.... not being picked up by the filter for redirection.

  Hi Andrew,
  Looking at your requirements it appears you need Reverse Proxy To Another Site/Server.
  By using URL Rewrite Module together with
  Application Request Routing module you can have IIS 7 act as a
  reverse proxy.
  It seems like URL Rewrite can't re-route the request somewhere else out of the server.
  Even when you rewrite the url the actual connection remains with the server. Hence if your original server doesn't have /inbound/Content/query_etc  it will fail with 404.
  Hosting multiple domain names under a single account using URL Rewrite.
  It’s a common desire to have a single IIS website that handles multiple sites with different domain names.
  References:
  How to create a url alias using IIS URL Rewrite:
  http://blogs.technet.com/b/mspfe/archive/2013/11/27/how-to-create-a-url-alias-using-iis-url-rewrite.aspx
  Reverse Proxy with URL Rewrite v2 and Application Request Routing:
  http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing
  Regards,
  Satyajit
  Please“Vote As Helpful”
  if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

• Problem with Apache reverse proxy after applying SP13 NW

  Hello,
  we have a NW04 EP Portal and a Apache reverse proxy in the DMZ. After applying SP 13 for the portal we get the following error from the reverse proxy:
  Proxy Error
  The proxy server received an invalid response from an upstream server.
  The proxy server could not handle the request GET /irj/.
  Reason: Error reading from remote server
  Apache/2.0.52 (Win32) mod_ssl/2.0.52 OpenSSL/0.9.7e Server at servername.company.de Port 443
  Is is it possible, that there is a problem with sp13?
  Best regards
  Daniel Holstein

  Hi Daniel,
  ok I`ll try to find a solution in parallel and keep you up to date.
  In the following my settings in case I missed something:
  <VirtualHost test.firma.de:443>
  SSLEngine on
  SSLProxyEngine on
  SSLCertificateFile /apache/keys/pac_ssl_qep_dmz_server.crt
  SSLCertificateKeyFile /apache/keys/pac_ssl_qep_dmz_server.key
  ServerName test.firma.de:443
  ServerAdmin [email protected]
  LogLevel debug
  ErrorLog logs/ssl_443_error
  CustomLog logs/ssl_443_access_log common
  ProxyVia Off
  ProxyPreserveHost On
  ReWriteEngine on
  ReWriteLogLevel 0
  ReWriteLog logs//ssl_443_rewrite_http.log
  ProxyPass / https://backend.firma.de:50001/
  ProxyPassReverse / https://backend.firma.de:50001/
  </VirtualHost>
  Regards, Jens

• After setting the reverse proxy, SSO doesn't work

  Hi,
  We are facing a problem after setting a reverse proxy. ITS&SSO is working fine for internal users but the problem is with the external users;ITS is working fine for external users but SSO is not working. Does anyone can help us out with this problem ? It is kind of urgent.
  Thanks
  Serkan

  Eric,
  Sorry for misunderstanding,
  The domain for internal/external users are the same https://external.global.rexam.<b>net</b>/irj/portal
          internal.global.rexam.net/irj/portal
  But the ITS goes through:
  bca.rexam.<b>com</b>

• Images,css not appearing properly after accessing the reverse proxy page.

  Usecase :
  1) OHS1 with mod_osso agent deployed.
  2) OHS1 configured as reverse proxy.It points to the webserver(OHS2) of the app1.
  OHS1(mod_osso agent installed)-->OHS2(app1 webserver)
  3) httpd.conf entry in OHS1:
  ProxyRequests Off
  <Proxy *>
  Order deny,allow
  Allow from all
  </Proxy>
  ProxyPass /test/ http://tkcltkcl.padma.xxx.com:8088/test/
  ProxyPassReverse /test/ http://tkcltkcl.padma.xxx.com:8088/test/
  4) The direct url for appl1 works as per expectation. The reverse proxy redirects from the OHS1 correctly to the app1 OHS webserver accessing the app1 url.But the contents in the redirected app1 url are not aligned properly.Images,css,placement of html links are not appearing properly on the page.
  Do we need to do any other configuration in the revere proxy setup so as to avoid the misalignment on the redirected page?
  Thanks.

  Hi:
  Thanks for the reply! I have been UTTERLY scrupulous about
  keeping precisely time-matched and points-in-my-process-matched
  copies of the project folder for logical, "scientific" testing in
  RH5 and RH7, on precisely matched content.
  I have never even tried to open an RH7-processed copy of the
  project in RH5 because I was warned strongly against this action.
  It boils down to this; I cleaned up, FANATICALLY, all those
  illegitmate filenames, ran the project again in 5, still got
  impermissible missing images (and I mean MORALLY impermissible,
  because I'm doing the right thing!)
  Then, I took that project folder, copied it, and opened the
  exact same ingredients, via the .xpj file, in RH7. Same missing
  images.
  WAIT! Left out something important in first post! Dang; this
  was important! I've fixed missing images, had them appear properly
  upon compilation, then had others that HAD been right, come out
  missing. Have also had reimported, re-placed images come out upon
  compilation following repair, and then go missing again on third or
  later, subsequent compilations. Maddening.
  Am EXTREMELY reluctant to delete CPD file, because the last
  time I did that, I lost EXTENSIVE work I'd done on TOC and Index.
  Not cool at all.
  Hope this wasn't too cranky; truly grateful for help. Just
  very frustrated.
  Thanks!

• Apache reverse proxy and URL Iview

  Hi everybody,
  I'm trying to configure apache as reverse proxy to access my portal from extranet.
  The first problem I have is that I have to access a URL Iview that connect another internal application.
  ProxyPass /irj http://internaPortall/irj
  ProxyPassReverse /irj https://externalPortal/irj
  ProxyPass /irj http://internalApp/myApp
  ProxyPassReverse /irj https://externalApp/myApp
  In my portal the urlIview maps externalApp/myApp
  No problem to access my portal from extranet but I cannot get myApp.....
  Another point:
  I have configured SSL but if I try to connect
  https://externalPortal:8443/irj/
  apache redirects me to
  http://externalPortal/irj/
  Thanks a lot
  Massimiliano

  Hi,
  We are in a similiar situation. Can you please share the solution.
  Thanks...
  Vinay

• O-Portal behind reverse proxy, aliasing of o-portal url to generic url.

  I'd like to setup o-Portal behind a reverse proxy. This is a proxy service which accepts connections on http://a.b.com/ and gets the content from internal webservers based on the url. For example http://a.b.com/pls/DAD1 comes from an o-Portal server but http://a.b.com/depts/ comes from a webserver. The problem with o-Portal is now, that it creates pages with its servername and port in the URL of the pages it serves out. For example, if it runs on server x.b.com on the port 7777 the links on all pages are http://x.b.com:7777/pls/DAD1. To get it to work correctly with my proxy, all these links should be http://a.b.com/pls/DAD1 and then the proxy gets the pages from http://x.b.com:77777/pls/DAD1.
  How do I tell o-Portal to create this different URL in its pages? You could also say, I'd like to alias http://a.b.com/pls/DAD1 to http://x.b.com:77777/pls/DAD1
  I'm sure there is a configuration setting to change this. We had the same problem with Oracle HR11i and there we got it solved.
  Web Single Sign On applications like IBM WebSeal or Netegrity Siteminder use these kind of proxies to protect the intranet and to create a Single Sign On domain for all web servers.
  Thanks,
  Rainer

  I also would like overcome this issue. I could not find an answer anywhere on Metalink or OTN.
  Can a reverse-proxy (i.e. using ProxyPass & Reverse) be used with and internal Portal?
  John Z
  Butler Mfg. Co.
  [email protected]

• ACE SSL Reverse Proxy for multible URLs

  Hi,
  I am trying to setup an ACE as a reverse proxy (one-arm mode) for HTTPS connections for multiple URLs to multiple serverfarms. From what i know i have two options:
  1. Use different VIP for each URL and do
  L4 loadbalancing or use a
  combination of IP address and port.
  2. Use different VIP for each URL, do
  SSL offloading and do L7 URL based
  loadbalancing.
  So with these options i am bind to use different IPs for each site. Is there a way i can use one VIP and then offload SSL and do URL based loadbalancing? From my knowledge we are restricted by the nature of the SSL. The reason is that the SSL protocol is a separate layer which encapsulates the HTTP protocol. So the problem is that the SSL session is a separate transaction that takes place before the HTTP session even starts so there is no visibility of the HTTP header.
  Any comments appreciated
  George Georgiou

  Geroge,
  your understanding is absolutely correct.
  We need to know the site in order to decrypt te traffic because the certificate is associated to a domain name.
  But without decrypting, we can't see the domain name.
  So, the only way to know the domain without decrypting is to allocate a single ip to each domain.
  There is no other solution.
  Gilles.

• Changing URL path or prefix for Java Systems for Reverse Proxying

  I am running an Apache Reverse Proxy for multiple systems including Enterprise Portal and GRC.  Unfortunately, the two systems share the same directory structure (e.g. /webdynpro, /images, /logon, /useradmin, /VC).  The reverse proxy won't be able to differentiate URLs for the two systems.
  I want to add a prefix (e.g. /grc/webdynpro) or change the URL directories (e.g. /grcwebdynpro) for Portal or GRC.  How can I do this?

  Thank you for the reply, but could you explain?  It seems like this wiki is suggesting how to change the default port and start URL and how to configure reverse proxies in general.  It doesn't seem to answer the specific question that I have.
  I need to add or modify the URL so that it is unique to the reverse proxy.  For example, EP and GRC both use /webdynpro.  I would like one of them to use a completely different structure (e.g. /grc/webdynpro) so that the reverse proxy can differentiate requests to different hosts.
  The reason why changing the Start URL doesn't seem like the answer is because the fundamental directory structure is still the same.  The reverse proxy won't be able to differentiate the different requests because of this.
  I am looking for some kind of configuration that lets me add a prefix to the entire web application server.  Is anyone aware of this configuration or know of an alternative solution?

• Change the redirect URL sent to reverse proxy

  Hi all,
  My system is composed of a reverse proxy(Apache 2.046) and a backend webserver (Oracle HTTP Server).
  To connect to a web application on the back end web server, the Internet user connect to reverse proxy via HTTPS and the reverse proxy forward the request to backend webserver via HTTP.
  Example :
  Internet user type :
  https://myreverseproxy/myWebApp
  The reverse proxy translate this to :
  http://mybackendserver/myWebApp
  The problem is myWebApp do a redirect like this:
  http://myreverseproxy/myWebApp/login.jsp
  How can I config the reverse proxy to change the redirect URL to :
  https://myreverseproxy/myWebApp/login.jsp
  Thank you in advance

  Hi Ove
      That is working fine.. Only thing i did is mapping node to /author . But is it possible to hit the author instance only wen i type http://localhost:4502/author . Ie: if I type http://localhost:4502 it should not resolve to my login page
  Thanks
  veena

• Performing reverse proxy re-directs and re-writes depending on case of url

  Hi,
  I have a front-end v6.1 SP6 web server running on Windows that hosts a public facing web site as well as re-directs specific folder urls to back-end applications hosted on Linux based application servers.
  I need to perform proxy re-directs and / or url re-writes depending on the case-sensitivity of the url requested from the Windows hosted web server.
  i.e. There is a back-end application with the internal url http://abc.internal.com/ABC, which importantly will not serve pages from http://abc.internal.com/abc
  So what I need is:
  www.external.com/ABC  -- proxy redirect -->  abc.internal.com/ABCwhereas
  www.exernal.com/abc  -- rewrite -->  www.external.com/ABC  -- proxy redirect -->  abc.internal.com/ABCWhat I have so far will provide the reverse proxy re-write for /ABC:
  <Object name="default">
  NameTrans fn="assign-name" from="/ABC(|/*)" name="abc.internal.com"
  </Object>
  <Object name="abc.internal.com" 2=">">
  ObjectType fn="force-type" type="magnus-internal/passthrough"
  Service fn="service-passthrough" servers="http://191.168.1.10:80"
  </Object>However, this will also reverse proxy requests for /abc which will return an error from the internal app server. So, is it possible to perform a case-sensitive dependent re-write / redirection on v6.1 on Windows?
  N.b. I realise that the back-end application could be modified to handle both upper and lower case requests but that is not an option here.
  Thanks for your help.

  I can't think of an easy way to do what you want. On Windows, Web Server treats URIs and paths as case insensitive, so there's no obvious way to treat /ABC differently than /abc.
  I do see a few options. Unfortunately, they're all relatively complicated:
  a) Write an NSAPI plugin
  b) Write a Servlet filter
  c) Use Sun Java System Web Server 7.0
  If you switch to 7.0, you can use case-sensitive regular expressions:<If $uri =~ '^/ABC/?'>
  NameTrans fn="assign-name" name="abc.internal.com"
  </If>