Retain Orginal URL after Reverse Proxying
I am trying to do a reverse proxy using Apache config file (Apache 2.2)
I am able to successfully reverse proxy a user from https://www4.dev.sonet.se/chatview/ to http://pkma-usis.kaddi.sonet.fe/chatview
But when i try to retain the host domain name after reverse proxy using "Header edit Location" directive, it fails.
i.e, After redirection to http://pkma-usis.kaddi.sonet.fe:80/chatview the user must see the URL as https://www4.dev.sonet.se/chatview.
I wanted to know if what I am trying to do is feasible in the first place and if this is a good practice. Following is my config file.
Can anyone please help me in this? - if I am using a correct approach? any alternate options available? debugging options to find out where my config goes wrong ?
<Macro SingleNode %h1 %lp %rp>
<Location /%lp/>
Header add Set-Cookie "%Chat_SID=h.%{BALANCER_WORKER_ROUTE}e;\
path=/%lp/;" env=BALANCER_ROUTE_CHANGED
Header edit Location "^(.*pkma-usis.kaddi.sonet.fe.*/%lp/)(.*)$" "/%lp/$2"
</Location>
<Proxy balancer://%lpCluster>
BalancerMember http://%h1 min=1 smax=3 max=10 ttl=10 route=%h1
</Proxy>
ProxyPassReverse /%lp/ http://%h1/%rp/
RewriteRule ^/%lp/(.*) balancer://%lpCluster/%rp/$1 [proxy]
ProxySet balancer://%lpCluster stickysession=%Chat_SID
</Macro>
<IfDefine DEV>
Use SingleNode jemma-uusi.stadi.sonera.fi:80 chatview chatview
</IfDefine>
<LocationMatch "/chatview/">
AuthType Basic
Require valid-user
AuthName CT
</LocationMatch>
###################################
Hi,
I am not sure I 100% understand you setup but it is possible to retain the URL after a proxy :-)
Here is a edited example from one of our customers:
1. httpd.conf
<VirtualHost 172.30.123.10:80>
ServerName theheat.dk
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://theheat.dk$1
</VirtualHost>2. ssl.conf
<VirtualHost 172.30.123.10:443>
ServerName theheat.dk
RewriteEngine On
RewriteRule ^/$ /example/faces/Home [R=301]
RequestHeader set WL-Proxy-SSL true
ProxyPass /example/ http://wintermute:8001/example/
ProxyPassReverse /example/ http://wintermute:8001/example/3. Admin Console
In the Admin Console navigate to the Managed Server running on port 8001 and find Configuration => General => Advanced.
Put a check mark in "WebLogic Plug-In Enabled" even though your are not using the mod_wl plug-in.
Now select the Protocols tab and then HTTP. Set "Frontend Host" to theheat.dk and for "Frontend HTTPS Port" input 443.
Hope it helps.
Regards Peter
Similar Messages
-
Configuring a Apache Reverse Proxy for OracleAS Portal and OracleAS Single
I'm trying to implement my Oracle Portal 10g Release 2 with a reverse proxy (Apache 2.2) as described in this link: http://download.oracle.com/docs/cd/B14099_19/core.1012/b13998/variants.htm#BEIFECEH without success. I have Oracle Portal, Oracle SSO,OID in the same domain and Apache Reverse Proxy in another domain. Has anyone had success using OracleAS Portal with a reverse proxy?
First of all i'm trying to configure a reverse proxy only for Ora SSO (infra tier). Here is what i already do:
APACHE REVERSE PROXY (Apache 2.2)
http:/proxy.mycompany.com:80
ProxyRequests off
ProxyPassInterpolateEnv On
ProxyPass / http:/portal.tech.everett.it:7777/
ProxyPassReverse / http:/portal.tech.everett.it:7777/
ProxyPreserveHost On
ORACLE SSO
http:/portal.mycompany.com:7777
Here are the steps i already do:
1- CONFIG OID
create an ldif file called setdasurl.ldif and insert as follow:
dn:cn=OperationURLs,cn=DAS,cn=Products,cn=OracleContext
changetype: modify
replace: orcldasurlbase
orcldasurlbase: http:/proxy.mycompany.com/
then do ldapmodify as follow:
ldapmodify -x -h portal.mycompany.com -p 3060 -D "cn=orcladmin" -w password1 -v -f setdasurl.ldif
2- CONFIG ORA SSO (as gentjan user)
export ORACLE_HOME=/home/gentjan/product/10.1.2/OracleAS/infra/
2.1-config Apache config of ORA SSO
vi $ORACLE_HOME/Apache/Apache/conf/httpd.conf
change from:
ServerName portal.mycompany.com
Port 7777
KeepAlive On
to:
ServerName proxy.mycompany.com
Port 80
KeepAlive Off
and add at the end of httpd.conf
RewriteEngine On
RewriteOptions inherit
2.2- update DCM Repository (as root)
*$ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct HTTP_Server -v -d*
2.3- modify SSO Server Home URL to reverse proxy hostname and port (as root)
*$ORACLE_HOME/sso/bin/ssocfg.sh http proxy.mycompany.com 80*
2.4- Updating the targets.xml File
Open the ORACLE_HOME/sysman/emd/targets.xml file and locate the target type oracle_sso_server.
vi $ORACLE_HOME/sysman/emd/targets.xml
Update the HTTPMachine and HTTPPort attributes with the proxy server host and port attributes that were passed to ssocfg. For example:
Property NAME="HTTPMachine" VALUE="proxy.mycompany.com"
Property NAME="HTTPPort" VALUE="80"
Property NAME="HTTPProtocol" VALUE="http"
Save and close the file.
Reload the Application Server Control Console by issuing this command (as gentjan):
*$ORACLE_HOME/bin/emctl reload*
2.5- Re-register mod_osso on SSO Middle-tier with reverse proxy hostname and port
some needed permissions
chmod -R 775 /home/gentjan/product/10.1.2/OracleAS/infra/dcm/
Re-register mod_osso (as gentjan)
*$ORACLE_HOME/sso/bin/ssoreg.sh -oracle_home_path /home/gentjan/product/10.1.2/OracleAS/infra -site_name infra.proxy.mycompany.com -config_mod_osso TRUE -mod_osso_url http:/proxy.mycompany.com:80 -update_mode MODIFY*
2.6- update DCM Repository (as root)
*$ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct HTTP_Server -v -d*
2.7- Restart OC4J_Security and Oracle HTTP Server at Infrastructure tier
*$ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server*
*$ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY*
After this modifications my reverse proxy is ok.
I can access to http:/proxy.mycompany.com:80 and this redirect me to Oracle Application Server Welcome page.
If i try http:/proxy.mycompany.com/pls/orasso/orasso.home, i can view the SSO Server Home page.
The problem that i find is when i click to Login page for Oracle SSO.
I have the following error:
Forbidden You don't have permission to access /pls/orasso/ORASSO.wwsec_app_priv.login on this server.
So, in other words i can't do the login/logout under reverse proxy. Anyone can help?
Gentjan -
Could you please let me know how SharePoint HNSC can be configured with a reverse proxy server so that HNSC Share Point URLs are not exposed to end users.
In normal path based site collections/web applications, reverse proxy configuration can be done using alternate access mappings with Public URL = "proxy URL", internal = "HNSC Share Point URL" so that share point sends response back
to Public URL = "proxy URL".
In Host Named Site Collections, alternate access mappings are not supported. Each HNSC is designed to have only one URL in each zone. Zone is one of the five zones(Default,Intranet,Internet,Custom,Extranet) with each of which only one alternate
URL is associated. This is what we are able to get using power shell command "Set-SPSiteUrl", but this will not help us to get the response back to proxy URL after a request sent to share point because we could not find any mechanism in share
point HNSC to respond to a different URL(proxy URL). Consequently, Share Point URLs are exposed to external users.
Below share point article in MSDN blog is symmetrical to what we are observing with Share Point 2013 and Proxy Server. It mentions that internal HNSC URLs can’t be hidden using any proxy server. If hiding the internal Share Point URLS is a requirement,
it suggests to use a web application instead of host named site collections.
Though I’m also observing the same behavior with Share Point 2013 HNSC, Could you please confirm my understanding is correct.
http://blogs.msdn.com/b/kaevans/archive/2012/03/27/what-every-sharepoint-admin-needs-to-know-about-host-named-site-collections.aspx
Excerpt from above article-
"Host Named Site Collections Only Use One Host Name
Continuing on the discussion on AAMs and host named site collections, you cannot use multiple host names to address a site collection in SharePoint 2010. Because host-named site collections have a single URL, they do not support alternate access mappings and
are always considered to be in the Default zone. This is important if you are using a reverse proxy to provide access to external users. Products like Unified Access Gateway 2010 allow external users to authenticate to your gateway and access a site
as http://uag.sharepoint.com and forward the call to http://portal.sharepoint.com. Remember that URL rewriting is not permitted. Further, a site collection can only respond to one host name. This means if you are using a reverse proxy, it must forward the
calls to the same URL. If your networking team has a policy against exposing internal URLs externally, you must instead use web applications and extend the web application using an alternate access mapping."<u5:p></u5:p>Hi Satish,
You are right that only one URL is allowed for each zone of the host-name site collections in both SharePoint 2010 and SharePoint 2013.
It is by design that each host-name site collection only support one URL for each zone.
The article below is about RTM version of SharePoint, and it is the same for SharePoint 2013 with the latest CU.
https://support.microsoft.com/en-us/kb/2826457
So to make the URL of HNSC not exposed to external users is not supported, you need to use path-based sites instead.
Best regards.
Thanks
TechNet Community Support
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
[email protected] -
Uwc behind a reverse proxy asks for internal urls
Hi,
I have an uwc on the msg store. I try to access it through a web reverse proxy, but after the login page which appeared allright, the url is transformed to a internal url which is invalid from the normal outside scope.
Is this setting a possible one, as advertised or not at all. And what would be the workaround, if any.
Thanks
Fran�oisDear Expert,
Can i know how do you config the reserve proxy to work with the uwc?
my network topology is:
machine A: uwc (https://port:443) and MEM (https://port 80) (both are running SSL)
machine B: Messaging Server (MTA and store)
machine C: ldap and Identity server
the login page is https://commexp/uwc , after login, it divide to two main session.
Mail tab - https://commexp:80
Other tab - https://commexp/uwc
How can i set the reverse proxy for this configuration?
And which proxy are you using?
Thanks a lot!
Regards,
Angus
had the same problem, fix was -
>
>
in Uwcauth.properties changes
uwcauth.identity.login.url=http://bason.blah.com:81/am
server/UI/Login
AMconfig.properties changes
com.sun.identity.server.fqdnMap[bason.blah.com]=bason.
blah.com
with the hostname (bason.blah.com) being the *uwc
server* with reverse proxy on it
for some fun have a look at the url you are directed
too - in particular the parameters on the url...
can anyone say "SECURITY HOLE"? -
How do I use Sun Web Server 7.0u1 reverse proxy to change public URLs?
Some of our installations use the Sun Web Server 7.0 (update 1, usually)
for hosting some of the public resource and reverse-proxying other parts
of the URI namespace from other backend servers (content, application
and other types of servers).
So far every type of backend server served a unique part of the namespace
and there was no collision of names, and the backend resources were
published in a one-to-one manner. That is, a backend resource like, say,
http://appserver:8080/content/page.html would be published in the internet
as http://www.publicsite.com/content/page.html
I was recently asked to research whether we can rename some parts of
the public URI namespace, to publish some or all resources as, say,
http://www.publicsite.com/data/page.html while using the same backend
resources.
Another quest, possibly related in solution, was to make a tidy url for the
first page the user opens of the site. That is, in the current solution when
a visitor types the url "www.publicsite.com" in his or her browser, our web
server returns an HTTP-302 redirect to the actual first page URL, so the
browser sends a second request (and changes the URL in its location bar).
One customer said that it is not "tidy". They don't want the URL to change
right upon first rendering the page. They want the root page to be rendered
instantly i the first HTTP request.
So far I found that I can't solve these problems. I believe these problems
share a solution because it relies on ability to control the actual URI strings
requested by Sun Web Server from backend servers.
Some details follow, now:
It seems that the reverse proxy (Service fn="service-passthrough") takes
only the $uri value which was originally requested by the browser. I didn't
yet manage to override this value while processing a request, not even if
I "restart" a request. Turning the error log up to "finest" I see that even
when making the "service-passthrough" operation, the Sun Web Server
still remembers that the request was for "/test" (in my test case below);
it does indeed ask the backend server for an URI "/test" and that fails.
[04/Mar/2009:21:45:34] finest (25095) www.publicsite.com: for host xx.xx.xx.83
trying to GET /content/MainPage.html while trying to GET /test, func_exec reports:
fn="service-passthrough" rewrite-host="true" rewrite-location="true"
servers="http://10.16.2.127:8080" Directive="Service" DaemonPool="2b1348"
returned 0 (REQ_PROCEED)My obj.conf file currently has simple clauses like this:
# this causes /content/* to be taken from another (backend) server
NameTrans fn="assign-name" from="/content" name="content-test" nostat="/content"
# this causes requests to site root to be HTTP-redirected to a certain page URI
<If $uri =~ '^/$'>
NameTrans fn="redirect"
url="http://www.publicsite.com/content/MainPage.html"
</If>
<Object name="content-test">
### This maps http://public/content/* to http://10.16.2.127:8080/content/*
### Somehow the desired solution should instead map http://public/data/* to http://10.16.2.127:8080/content/*
Service fn="service-passthrough" rewrite-host="true" rewrite-location="true" servers="http://10.16.2.127:8080"
Service fn="set-variable" set-srvhdrs="host=www.publicsite.com:80"
</Object>
I have also tried "restart"ing the request like this:
NameTrans fn="restart" uri="/data"or desperately trying to set the new request uri like this:
Service fn="set-variable" uri="/magnoliaPublic/Main.html"Thanks for any ideas (including a statement whether this can be done at all
in some version of Sun Web Server 7.0 or its opensourced siblings) ;)
//JimSome of our installations use the Sun Web Server 7.0 (update 1, usually)please plan on installing the latest service pack - 7.0 Update 4. these updates addresses potentially critical bug fixes.
I was recently asked to research whether we can rename some parts of
the public URI namespace, to publish some or all resources as, say,
http://www.publicsite.com/data/page.html while using the same backend
resources.> now, if all the resources are under say /data, then how will you know which pages need to be sent to which back end resources. i guess, you probably meant to check for /data/page.html should go to <back-end>/content/page.html
yes, you could do something like
- edit your corresponding obj.conf (<hostname>-obj.conf or obj.conf depending on your configuration)
<Object name=¨default¨>
<If $uri = ¨/page/¨>
#move this nametrans SAF (for map directive - which is for reverse proxy within <if> clause)
NameTrans.. fn=map
</If
</Object>
and you could do https-<hostname>/bin/reconfig (dynamic reconfiguration) to check out if this is what you wanted. also, you might want to move config/server.xml <log-level> to finest and do your configuration . this way, you would get enough information on what is going on within your server logs.
finally,when you are satisfied, you might have to run the following command to make your manual change into admin config repository.
<install-root>/bin/wadm pull-config user=admin config=<hostname> <hostname>
<install-root>/bin/wadm deploy-config --user=admin <hostname>
you might want to check out this for more info on how you could use <if> else condition to handle your requirement.
http://docs.sun.com/app/docs/doc/820-6599/gdaer?a=view
finally, you might want to refer to this doc - which explains on ws7 request processing overview. this should provide you with some pointers as to what these different directives mean
http://docs.sun.com/app/docs/doc/820-6599/gbysz?a=view
>
One customer said that it is not "tidy". They don't want the URL to change
right upon first rendering the page. They want the root page to be rendered
instantly i the first HTTP request.
please check out the rewrite / restart SAF. this should help you.
http://docs.sun.com/app/docs/doc/820-6599/gdada?a=view
pl. understand that - like with more web servers - ordering of directives is very important within obj.conf. so, you might want to make sure that you verify the obj.conf directive ordering is what you want it to do..
It seems that the reverse proxy (Service fn="service-passthrough") takes
only the $uri value which was originally requested by the browser. I didn't
yet manage to override this value while processing a request, not even if
I "restart" a request. Turning the error log up to "finest" I see that even
when making the "service-passthrough" operation, the Sun Web Server
still remembers that the request was for "/test" (in my test case below);
it does indeed ask the backend server for an URI "/test" and that fails.
now, you are in the totally wrong direction. web server 7 includes a highly integrated reverse proxy solution compared to 6.1. unlike 6.1, you don´t have to download a separate plugin . however, you will need to manually migrate your 6.1 based reverse proxy settings into 7.0. please check out this blog link on how to set up a reverse proxy
http://blogs.sun.com/amit/entry/setting_up_a_reverse_proxy
feel free to post to us if you need any futher help
you are probably better off - starting fresh
- install ws7u4
- use gui or CLI to create a reverse proxy and map one on one - say content
http://docs.sun.com/app/docs/doc/820-6601/create-reverse-proxy-1?a=view
if you don´t plan on using ws7 integrated web container (ability to process jsp/servlet), then you could disable java support as well. this should reduce your server memory footprint
<install-root>/bin/wadm disable-java user=admin config=<hostname>
<install-root>/bin/wadm create-reverse-proxy user=admin uri-prefix=/content server=<http://your back end server/ config=<hostname> --vs=<hostname>
<install-root>/bin/wadm deploy-config --user=admin <hostname>
now, you can check out the regular express processing and <if> syntax from our docs and try it out within <https-<hostname>/config/<hostname>-obj.conf> file and restart the server. pl. note that once you disable java, ws7 admin server creates <vs>-obj.conf and you need to edit this file and not default obj.conf for your changes to be read by server.
>
I have also tried "restart"ing the request like this:
NameTrans fn="restart" uri="/data"
ordering is very important here... you need to do this some thing like
<Object name=default>
<If not $restarted>
NameTrans fn=restart uri from=/¨ uri=/foo.
</If> -
IIS Reverse Proxy with URL rewrite.
Hi all, hoping to leverage the wealth of knowledge contained here.
Any assistance would be very welcome.
I'm having an issue getting a reverse proxy and URL rewrite working in IIS 7.0.
I need to redirect all requests with a specific virtual directory suffix only.
ie; https://domain.test.com/outbound/Content/query_etc
With /Outbound/ being the trigger.
This should be redirected to http://10.10.10.10/inbound/Content/query_etc
While at the same time, requests without the /outbound/ suffix should be handled locally.
I have configured the reverse proxy as described in a few articles, and have had no luck.
Here's a snippet from my (sanitized) web.config at the site level.
<rewrite>
<outboundRules>
<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
<match filterByTags="A" pattern="^http(s)?://10.10.10.10/inbound/(.*)" />
<action type="Rewrite" value="https://domain.test.com/outbound/{R:2}" />
</rule>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
</preConditions>
</outboundRules>
<rules>
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="^outbound/(.*)" />
<action type="Rewrite" url="http://10.10.10.10/inbound/{R:1}" appendQueryString="true" logRewrittenUrl="false" />
</rule>
</rules>
</rewrite>
To me, this looks correct, yet it doesn't work.
With this, I get the normal 404 - Error Code 0x80070002, with the text indicating the local directory doesn't exist, so.... not being picked up by the filter for redirection.Hi Andrew,
Looking at your requirements it appears you need Reverse Proxy To Another Site/Server.
By using URL Rewrite Module together with
Application Request Routing module you can have IIS 7 act as a
reverse proxy.
It seems like URL Rewrite can't re-route the request somewhere else out of the server.
Even when you rewrite the url the actual connection remains with the server. Hence if your original server doesn't have /inbound/Content/query_etc it will fail with 404.
Hosting multiple domain names under a single account using URL Rewrite.
It’s a common desire to have a single IIS website that handles multiple sites with different domain names.
References:
How to create a url alias using IIS URL Rewrite:
http://blogs.technet.com/b/mspfe/archive/2013/11/27/how-to-create-a-url-alias-using-iis-url-rewrite.aspx
Reverse Proxy with URL Rewrite v2 and Application Request Routing:
http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing
Regards,
Satyajit
Please“Vote As Helpful”
if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you. -
Problem with Apache reverse proxy after applying SP13 NW
Hello,
we have a NW04 EP Portal and a Apache reverse proxy in the DMZ. After applying SP 13 for the portal we get the following error from the reverse proxy:
Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /irj/.
Reason: Error reading from remote server
Apache/2.0.52 (Win32) mod_ssl/2.0.52 OpenSSL/0.9.7e Server at servername.company.de Port 443
Is is it possible, that there is a problem with sp13?
Best regards
Daniel HolsteinHi Daniel,
ok I`ll try to find a solution in parallel and keep you up to date.
In the following my settings in case I missed something:
<VirtualHost test.firma.de:443>
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /apache/keys/pac_ssl_qep_dmz_server.crt
SSLCertificateKeyFile /apache/keys/pac_ssl_qep_dmz_server.key
ServerName test.firma.de:443
ServerAdmin [email protected]
LogLevel debug
ErrorLog logs/ssl_443_error
CustomLog logs/ssl_443_access_log common
ProxyVia Off
ProxyPreserveHost On
ReWriteEngine on
ReWriteLogLevel 0
ReWriteLog logs//ssl_443_rewrite_http.log
ProxyPass / https://backend.firma.de:50001/
ProxyPassReverse / https://backend.firma.de:50001/
</VirtualHost>
Regards, Jens -
After setting the reverse proxy, SSO doesn't work
Hi,
We are facing a problem after setting a reverse proxy. ITS&SSO is working fine for internal users but the problem is with the external users;ITS is working fine for external users but SSO is not working. Does anyone can help us out with this problem ? It is kind of urgent.
Thanks
SerkanEric,
Sorry for misunderstanding,
The domain for internal/external users are the same https://external.global.rexam.<b>net</b>/irj/portal
internal.global.rexam.net/irj/portal
But the ITS goes through:
bca.rexam.<b>com</b> -
Images,css not appearing properly after accessing the reverse proxy page.
Usecase :
1) OHS1 with mod_osso agent deployed.
2) OHS1 configured as reverse proxy.It points to the webserver(OHS2) of the app1.
OHS1(mod_osso agent installed)-->OHS2(app1 webserver)
3) httpd.conf entry in OHS1:
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /test/ http://tkcltkcl.padma.xxx.com:8088/test/
ProxyPassReverse /test/ http://tkcltkcl.padma.xxx.com:8088/test/
4) The direct url for appl1 works as per expectation. The reverse proxy redirects from the OHS1 correctly to the app1 OHS webserver accessing the app1 url.But the contents in the redirected app1 url are not aligned properly.Images,css,placement of html links are not appearing properly on the page.
Do we need to do any other configuration in the revere proxy setup so as to avoid the misalignment on the redirected page?
Thanks.Hi:
Thanks for the reply! I have been UTTERLY scrupulous about
keeping precisely time-matched and points-in-my-process-matched
copies of the project folder for logical, "scientific" testing in
RH5 and RH7, on precisely matched content.
I have never even tried to open an RH7-processed copy of the
project in RH5 because I was warned strongly against this action.
It boils down to this; I cleaned up, FANATICALLY, all those
illegitmate filenames, ran the project again in 5, still got
impermissible missing images (and I mean MORALLY impermissible,
because I'm doing the right thing!)
Then, I took that project folder, copied it, and opened the
exact same ingredients, via the .xpj file, in RH7. Same missing
images.
WAIT! Left out something important in first post! Dang; this
was important! I've fixed missing images, had them appear properly
upon compilation, then had others that HAD been right, come out
missing. Have also had reimported, re-placed images come out upon
compilation following repair, and then go missing again on third or
later, subsequent compilations. Maddening.
Am EXTREMELY reluctant to delete CPD file, because the last
time I did that, I lost EXTENSIVE work I'd done on TOC and Index.
Not cool at all.
Hope this wasn't too cranky; truly grateful for help. Just
very frustrated.
Thanks! -
Apache reverse proxy and URL Iview
Hi everybody,
I'm trying to configure apache as reverse proxy to access my portal from extranet.
The first problem I have is that I have to access a URL Iview that connect another internal application.
ProxyPass /irj http://internaPortall/irj
ProxyPassReverse /irj https://externalPortal/irj
ProxyPass /irj http://internalApp/myApp
ProxyPassReverse /irj https://externalApp/myApp
In my portal the urlIview maps externalApp/myApp
No problem to access my portal from extranet but I cannot get myApp.....
Another point:
I have configured SSL but if I try to connect
https://externalPortal:8443/irj/
apache redirects me to
http://externalPortal/irj/
Thanks a lot
MassimilianoHi,
We are in a similiar situation. Can you please share the solution.
Thanks...
Vinay -
O-Portal behind reverse proxy, aliasing of o-portal url to generic url.
I'd like to setup o-Portal behind a reverse proxy. This is a proxy service which accepts connections on http://a.b.com/ and gets the content from internal webservers based on the url. For example http://a.b.com/pls/DAD1 comes from an o-Portal server but http://a.b.com/depts/ comes from a webserver. The problem with o-Portal is now, that it creates pages with its servername and port in the URL of the pages it serves out. For example, if it runs on server x.b.com on the port 7777 the links on all pages are http://x.b.com:7777/pls/DAD1. To get it to work correctly with my proxy, all these links should be http://a.b.com/pls/DAD1 and then the proxy gets the pages from http://x.b.com:77777/pls/DAD1.
How do I tell o-Portal to create this different URL in its pages? You could also say, I'd like to alias http://a.b.com/pls/DAD1 to http://x.b.com:77777/pls/DAD1
I'm sure there is a configuration setting to change this. We had the same problem with Oracle HR11i and there we got it solved.
Web Single Sign On applications like IBM WebSeal or Netegrity Siteminder use these kind of proxies to protect the intranet and to create a Single Sign On domain for all web servers.
Thanks,
RainerI also would like overcome this issue. I could not find an answer anywhere on Metalink or OTN.
Can a reverse-proxy (i.e. using ProxyPass & Reverse) be used with and internal Portal?
John Z
Butler Mfg. Co.
[email protected] -
ACE SSL Reverse Proxy for multible URLs
Hi,
I am trying to setup an ACE as a reverse proxy (one-arm mode) for HTTPS connections for multiple URLs to multiple serverfarms. From what i know i have two options:
1. Use different VIP for each URL and do
L4 loadbalancing or use a
combination of IP address and port.
2. Use different VIP for each URL, do
SSL offloading and do L7 URL based
loadbalancing.
So with these options i am bind to use different IPs for each site. Is there a way i can use one VIP and then offload SSL and do URL based loadbalancing? From my knowledge we are restricted by the nature of the SSL. The reason is that the SSL protocol is a separate layer which encapsulates the HTTP protocol. So the problem is that the SSL session is a separate transaction that takes place before the HTTP session even starts so there is no visibility of the HTTP header.
Any comments appreciated
George GeorgiouGeroge,
your understanding is absolutely correct.
We need to know the site in order to decrypt te traffic because the certificate is associated to a domain name.
But without decrypting, we can't see the domain name.
So, the only way to know the domain without decrypting is to allocate a single ip to each domain.
There is no other solution.
Gilles. -
Changing URL path or prefix for Java Systems for Reverse Proxying
I am running an Apache Reverse Proxy for multiple systems including Enterprise Portal and GRC. Unfortunately, the two systems share the same directory structure (e.g. /webdynpro, /images, /logon, /useradmin, /VC). The reverse proxy won't be able to differentiate URLs for the two systems.
I want to add a prefix (e.g. /grc/webdynpro) or change the URL directories (e.g. /grcwebdynpro) for Portal or GRC. How can I do this?Thank you for the reply, but could you explain? It seems like this wiki is suggesting how to change the default port and start URL and how to configure reverse proxies in general. It doesn't seem to answer the specific question that I have.
I need to add or modify the URL so that it is unique to the reverse proxy. For example, EP and GRC both use /webdynpro. I would like one of them to use a completely different structure (e.g. /grc/webdynpro) so that the reverse proxy can differentiate requests to different hosts.
The reason why changing the Start URL doesn't seem like the answer is because the fundamental directory structure is still the same. The reverse proxy won't be able to differentiate the different requests because of this.
I am looking for some kind of configuration that lets me add a prefix to the entire web application server. Is anyone aware of this configuration or know of an alternative solution? -
Change the redirect URL sent to reverse proxy
Hi all,
My system is composed of a reverse proxy(Apache 2.046) and a backend webserver (Oracle HTTP Server).
To connect to a web application on the back end web server, the Internet user connect to reverse proxy via HTTPS and the reverse proxy forward the request to backend webserver via HTTP.
Example :
Internet user type :
https://myreverseproxy/myWebApp
The reverse proxy translate this to :
http://mybackendserver/myWebApp
The problem is myWebApp do a redirect like this:
http://myreverseproxy/myWebApp/login.jsp
How can I config the reverse proxy to change the redirect URL to :
https://myreverseproxy/myWebApp/login.jsp
Thank you in advanceHi Ove
That is working fine.. Only thing i did is mapping node to /author . But is it possible to hit the author instance only wen i type http://localhost:4502/author . Ie: if I type http://localhost:4502 it should not resolve to my login page
Thanks
veena -
Performing reverse proxy re-directs and re-writes depending on case of url
Hi,
I have a front-end v6.1 SP6 web server running on Windows that hosts a public facing web site as well as re-directs specific folder urls to back-end applications hosted on Linux based application servers.
I need to perform proxy re-directs and / or url re-writes depending on the case-sensitivity of the url requested from the Windows hosted web server.
i.e. There is a back-end application with the internal url http://abc.internal.com/ABC, which importantly will not serve pages from http://abc.internal.com/abc
So what I need is:
www.external.com/ABC -- proxy redirect --> abc.internal.com/ABCwhereas
www.exernal.com/abc -- rewrite --> www.external.com/ABC -- proxy redirect --> abc.internal.com/ABCWhat I have so far will provide the reverse proxy re-write for /ABC:
<Object name="default">
NameTrans fn="assign-name" from="/ABC(|/*)" name="abc.internal.com"
</Object>
<Object name="abc.internal.com" 2=">">
ObjectType fn="force-type" type="magnus-internal/passthrough"
Service fn="service-passthrough" servers="http://191.168.1.10:80"
</Object>However, this will also reverse proxy requests for /abc which will return an error from the internal app server. So, is it possible to perform a case-sensitive dependent re-write / redirection on v6.1 on Windows?
N.b. I realise that the back-end application could be modified to handle both upper and lower case requests but that is not an option here.
Thanks for your help.I can't think of an easy way to do what you want. On Windows, Web Server treats URIs and paths as case insensitive, so there's no obvious way to treat /ABC differently than /abc.
I do see a few options. Unfortunately, they're all relatively complicated:
a) Write an NSAPI plugin
b) Write a Servlet filter
c) Use Sun Java System Web Server 7.0
If you switch to 7.0, you can use case-sensitive regular expressions:<If $uri =~ '^/ABC/?'>
NameTrans fn="assign-name" name="abc.internal.com"
</If>
Maybe you are looking for
-
Some Get Info File Data Not Showing Up On Ext Hard Drives
I've stored all my videos on my external firewire harddrives. I notice some of the file information in the Get Info window on these videos is missing after they are transferred to the external harddrive. Last Opened, Dimensions and Duration are blank
-
I have a power mac g4 with mac os 10.4. 11 , I want to change the hard-drive ,what program can I used to transfer one hard-drive data to another hard- drive on this mac pc.
-
Flat file: loading Master data questions
Hi Experts, 1 If I have a flat file with columns, Columns1, Columns2, Columns3, and we load this manually to an ODS monthly. a. Where in BW can I see the exact match to the columns, Columns1, Columns2, Columns3? b. What will be the effect of receivin
-
Hi can any one please help me.... I cant do my face book or watch some movies. My ipad2 needs adobe flash player and it wont allow that application to be downloaded has any one got any suggestions please. Please help me as im a newbie at this thanks.
-
Upgrade from CS5 Web Premium to eLearning Suite 2
Currently, i'm using CS5 Web Premium but plan to upgade to eLearning Suite 2. As far as i concern, there are 2 software in CS5 web premium not available in eLearning Suite 2 (Fireworks CS5 and Illustrator CS5). My question is will these 2 software (F