Reverse proxy and logs in Proxy Server 3.6SP2

Similar Messages

• Unable to uninstall or remove ADFS Service Proxy and Web Agents from Server 2012

  I have a Server 2012 machine that's a primary host for company websites. An inexperienced developer (with FAR more access than he should've had; yes, epic fail) was able to install ADFS Service Proxy and ADFS 1.1 Web Agents (for SAML) on the server. He didn't
  complete the configuration, realizing he'd over stepped his boundaries. He did install the rollup update 3 to ADFS though. However, now I'm unable to uninstall the components. It's not listed in the updates and the option to remove from Roles/Features is grayed
  out.
  Any help would be awesome!

  Hi,
  Thank you for your sharing!
  Your post is very beneficial to other people who have similar issues.
  Please feel free to let us know if you encounter any issues in the future.
  In addition, here is a dedicated ADFS forum below:
  Claims based access platform (CBA), code-named Geneva Forum
  http://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=Geneva
  Best Regards,
  Amy

• A proxy and in that proxy we will call the BAPI for creating Purchase Requi

  HI all,
  I am explaining a situation please resolve if possible.
  I got source data to create purchase requisition .  the source data was not cleaned and requires lot of validations and crossmapping with actual sap tables . I did it for testing and used bapi ( bapi_requsition_create) and was able to test the data to create a pr in sap. but now as per the instructions from my onsite co-ordinator , they told thy will use  a proxy( in place of idoc) and in that we will call bapi to create purchase requisition in sap. please explain about what kind of proxy it may be and how we call bapi in it . thanx in adv..

  HI all,
  I am explaining a situation please resolve if possible.
  I got source data to create purchase requisition .  the source data was not cleaned and requires lot of validations and crossmapping with actual sap tables . I did it for testing and used bapi ( bapi_requsition_create) and was able to test the data to create a pr in sap. but now as per the instructions from my onsite co-ordinator , they told thy will use  a proxy( in place of idoc) and in that we will call bapi to create purchase requisition in sap. please explain about what kind of proxy it may be and how we call bapi in it . thanx in adv..

• Copying database objects and data from one server database to another server database in AG group

  Hi,
  I am still trying to wrap my head around sql clusters and AGs and I have a project that requires I take a vendor's database and restore it weekly so its available on the production server which is clustered.
  The vendor's database on the cluster is in an AG group and encrypted.
  Right now, I plan to restore the database on a sql staging server and use the SSIS Transfer SQL Server Objects Task to copy the table structure and data from Stage to the Production database of same name and I would first drop the objects in production
  database using the same task.
  I am concerned that this might cause issues with the passive cluster due to "logging" from active to passive. The database is about 260 MBs and I am not sure how many tables.
  Has anyone run into this type of scenario before or have a better solution?
  Thanks
  Sue

  IF I understand anything about clustered sql and logging, the sql server should take the log file and recreate the same scenario on the passive side of the cluster.
  Is that correct?
  Hi Sue,
  Yes, for AlwaysOn Availability Group, the transaction log is basically replayed from the primary to all of the secondary's.
  Besides, from my point of view, as we cannot directly restore a database that is part of an Availability Group, it is a good way using SSIS task to drop and recreate all tables then transfer data from the restored database to the primary replica. Schema changes
  and data changes will also happen on the secondary  replica.
  There are some similar links for your reference.
  http://dba.stackexchange.com/questions/21404/do-schema-changes-break-sql-server-2012-alwayson-or-are-they-handled-transpare
  http://blogs.msdn.com/b/sqlgardner/archive/2012/08/28/sql-2012-alwayson-and-backups-part-3-restore.aspx
  Thanks,
  Lydia Zhang
  If you have any feedback on our support, please click
  here.
  Lydia Zhang
  TechNet Community Support

• Aysnch Proxy calling from Inbound Proxy

  Hello Experts,
  My scenario:-
  Legacy sending File to Inbound proxy and from Inbound proxy I am calling the outbound proxy method to send the data back to Legacy system.
  Its like File request -Inbound Proxy- Outbound Proxy Response- File.
  FileRequest-Inbound Proxy----message in R3 as well in XI moni is successful.
  File Outbound response-File-----message in R3 is coming as empty and because of this the message fails in Xi moni.
  I tried to debug the scenario using test tab with the moni payload, I am able to see the data populated in debugging mode, But after the Outbound method is called the response message is coming is empty. commit work is also used inside outbound method.
  I tried every possible ways,but not getting any clue.
  chirag

  Hi,
  Just check...........in the inbound proxy code, the structure of the response msg is updated as the current structure of response msg.......may be you are filling the data in the old structure of response msg and then asssinging it in the outbound proxy call.......you need to fill the data in the new structure of response msg in your inbound proxy code.
  Regards,
  Rajeev Gupta

• Sun Web Server Reverse Proxy and Weblogic HTTP to HTTPS redirection

  Hi,
  I am currently testing reverse-proxy from SJSW 7.0 update 5 to Weblogic server but I have encountered an issue.
  I have configured a context root to be forwarded to weblogic:
  Web Server: www.server.com
  URI: /path
  Reverse Proxy URL: wlserver:9000
  When I access https://www.server.com/path, I am getting the correct page. The issue is, the weblogic server is configured to redirect HTTP access to HTTPS, i.e., when I access http://www.server.com/path, it should be redirected to https://www.server.com/path. However, that is not the case. What happens is that I am being redirected instead to https://www.server.com/.
  If I don't use reverse proxy, that is, if I use the libproxy.so from weblogic, I get the correct redirection.
  Would appreciate it very much if someone can help me troubleshoot this issue.
  Thanks in advance!
  Edited by: agent_orange on Jul 29, 2010 2:30 AM
  Edited by: agent_orange on Jul 29, 2010 2:31 AM

  I am not sure, how you have configured your reverse proxy since you didn't attach / refer your current configuration file. this is how I would do it..
  - create a new configuration (using web server 7 admin gui , within configuration wizard, disable java option if you plan to use web server 7 only for reverse proxy)
  - select this new configuration and go to reverse proxy and try to reverse proxy / to the origin server.
  that is all it should need.
  your obj.conf or <hostname>-obj.conf depending on your configuration should look like following snippet
  <Object name="default">
  AuthTrans..
  NameTrans fn=map from="/" to="/path" name="reverse-proxy-/"
  </object>
  <Object name="reverse-proxy-/">
  Route fn=....
  Service ..
  </Object>
  this is all you should need..
  However, if you wanted to add complexity to your configuration, you could do some thing like
  <Object name="default">
  Auth..
  <If defined $security>
  NameTrans fn=map from="/" to="/path" name="reverse-proxy-/"
  </If>
  </Object>
  <Object name="reverse-proxy-/">
  Route...
  </Object>

• Ask the Experts: Single Sign-On with Cisco WebEx Meetings Server, Internet Reverse Proxy, and Enterprise License Manager Solutions

  With Arun Kumar
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about Single Sign-On (SSO) with Cisco WebEx Meetings Server (Cisco WMS), Internet Reverse Proxy (IRP), and Enterprise License Manager (ELM) solutions.
  SSO standards such as Security Assertion Markup Language (SAML) 2.0 provide secure mechanisms for passing credentials and related information between different websites that have their own authorization and authentication systems. SSO enables simplified user authentication and management.
  IRP provides public access, enabling users to host or attend meetings from the Internet and mobile devices. Although IRP is optional, Cisco encourages its use because it provides a better user experience for your mobile workforce.
  Example question topics include:
  SSO profiles and SAML 2.0 Identity providers (IdPs) supported in Cisco WMS
  Basic configuration of IdPs
  Interaction between IdPs and Cisco WMS
  Difference between the cloud client implementation and Cisco WMS
  Meeting access behavior in a split-horizon network topology with SSO
  How to enable public access to Cisco WMS
  Cisco WMS ELM operations
  Cisco WMS ELM compared to other unified communications ELM or standalone ELM and compatibility/inoperability between them
  Arun Kumar is a team lead in the San Jose Conferencing Technical Assistance Center. He has over eight years of experience in conferencing technology and specializes in Cisco Unified Meeting Place Express and Cisco WebEx Meeting Server. He joined Cisco in 2010 as an escalation engineer for the Cisco Telepresence group. Before joining Cisco he worked for the UK's third-largest internet service provider Supanet on VoIP technology and the *Nix domain. Kumar holds a master of science degree in computer science from Sikkim Manipal University in India, and he holds CCIE (Voice) and VMware Certified Professional certifications.
  Remember to use the rating system to let Arun know if you have received an adequate response.
  Arun might not be able to answer each question because of the volume expected during this event. Remember that you can continue the conversation on the Collaboration, Voice, and Video community Other Subjects subcommunity shortly after the event. This event lasts through Monday May 17, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hello Mobile Service,
  CWMS and Jabber integrations:
  http://www.cisco.com/en/US/docs/voice_ip_comm/jabber/Windows/9_1/JABW_BK_E4CC9599_00_environment-configuration-guide_chapter_01.html#JABW_TK_SF2ED5E1_00
  In above link start from section: Set Up Cisco WebEx Meetings Server on Cisco Unified Presence
  then move to section: Add Cisco WebEx Meetings Server to a Profile
  Once done, move to section: Specify Conferencing Credentials in the Client side. You will see above server already listed there, just go ahead and enter your username and password (pleae make sure this user already exists on your CWMS) and accept any certificate/s if presented. Jabber Integration is done and you can start testing the same.
  Attached CWMS - AFDS integration doc.
  Please let me know if any furhter question.
  Thanks, Arun

• Using reverse proxy and terminating ssl on them

  Hello
  I am trying to set up IAS 9.03 on 2 machines one holding the infrastructure and one holding the midtier.
  We want to terminate the ssl traffic on reverse proxys on apache. I am not very good at this so i am looking for a solution i read that you can do this in the whitepapers on the subject IAS.
  Much thanks for any answer.
  Boris

  1) So initially we had the following:
  <Object name="reverse-proxy-/">
  Route fn="set-origin-server" server="http://server-backend"
  </Object>
  ... and when getting a 401 from the back-end server it would seem that entering credentials in the dialog prompt does not work as is OOB; had it worked we would not have attempted anything further and hence this post would not exist... if we directly access the back-end server our credentials work so that is not the issue.
  2) I agree that the "set-basic-auth" directive should be removed - as it is clearly to supply a user id and password - what was provided was a far fetched attempt to get this to work and will clearly remove it as well as the "forward-proxy-agent" and "forward-proxy-auth"
  When you configure Web Server 7.0 as a reverse proxy, basic auth should work out of the box. If it doesn't, I recommend looking at the HTTP messages to figure out what's gone wrong. If you don't know how to do that and you have a support contract, Sun support should be able to help you.That is interesting - is this OOB feature documented anywhere?
  I'll turn up the log level on the RP and see what happens - if I turn it high enough should I be able to see the request headers being forwarded; I'll also try to look at the backend server logs. Is there anything else you suggest - i.e. should be trying to snoop the traffic....

• Reverse Proxy and Load Balancer for SMP 2.3 and Agentry Application

  Hi Expert,
  I'm putting in place a mobile solution composed by SMP 2.3 SPS 4 and SAP ECC 6.0. In the SMP 2.3 I created the agentry server and I have deployed my agentry application.
  My SMP/Agentry infrastructure is composed by two servers therefore I need a load balancer for balance the load into the several servers. Furthermore I need to use a reverse proxy in my DMZ zone.
  Based on what indicated in the SAP note "1904213 - SAP Mobile Platform Server Release Information" the Apache Reverse Proxy is not supported for Agentry clients. Agentry uses nginx for Reverse Proxy.
  I also found the following document How-to-Guide for Reverse Proxy and Load Balancing in SAP Mobile Platform 3.x that explain how to set-up a reverse proxy and load balancer with nginx and apache.
  Both the SAP note and the HOW to document are refereed to SMP 3.0 and not to SMP 2.3.
  I would know if the NGINX must be used also for SMP 2.3.
  Any suggestion/information is appreciated.
  Thanks in advance
  g.

  Please see Agentry Network Landscapes

• Apache reverse proxy and SSL termination

  Hi Guru's
      Can anyone tell me, how to do SSL termination at apache reverse proxy. I am using apache reverse proxy for accesing portal from internet. Apache is configured for SSL and portal is NON SSL.
  I am using header variable login module in portal. i wanted to terminate SSL at apache reverse proxy and then all traffic after that should be clear text.
  should i maitain any property. is there any documentation for it.
  Please help me
  Tom

  The majority of the work here is around configuring your Web Dispatcher and Apache Reverse proxy. The work on the portal is straight forward enabling of SSL.
  You can follow http://help.sap.com/saphelp_nw2004s/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm for setting this up.
  what level I need to configure SSL and how do I proceed in both scenarios?
  Your question itself says where you need SSL. SSL is required where ever you need HTTPS communication.
  how do I proceed in both scenarios?
  From a portal perspective, the configuration should remain the same.
  Do I have to install SSL at portal, web dispatcher or at Apache level?
  SSL needs to be configured at all the 3 levels if you are looking at end to end SSL implementation.
  See the following for possible SSL implementation options:
  http://help.sap.com/saphelp_nw04/helpdata/en/d8/a922d7f45f11d5996e00508b5d5211/frameset.htm
  https://cw.sdn.sap.com/cw/docs/DOC-115509
  Will SSL termination work for scenario 2?
  Yes this should work - see http://help.sap.com/saphelp_nw2004s/helpdata/en/36/fd39eacf4cde4a8fe32d7f29b3db16/frameset.htm
  However in case of SSL Termination, the request to your portal from the web dispatcher will be sent as HTTP.
  I would recommend you to take a step by step (backward approach).
  First, enable SSL on your portal and make sure it works - going directly to the server.
  Then, you can introduce the Web Dispatcher - and test if every thing works going through the web dispatcher.
  Finally - you can test the end to end flow - with your Reverse proxy involved.
  - Shanti

• Need in depth knowledge about Certficate request and install for Reverse proxy and CAS role

  Hi,
  I have few confusions about Exchange 2010/13 certificate request and install. As per my understanding best practise is to assign public CA certificate to Reverse proxy and Local CA certificate to CAS servers but need to know that what should be the format
  of certificate request? Do we need to order public certificate just for mail.domain.com and add SAN for other web services URLs and is it required to add CAS array and server names to this certificate ? In what case we will add server names and what will happen
  if we don't add in it ? How the outlook clients connecting from internet will be using this certificate? I have very limited knowledge in certificates and it always pisses me off. Please help me with explanations and articles. I tried to google and gone through
  many articles but didn't get a fair idea. Thanks in advacnce. :) 

  Hi,
  Here are my answers you can refer to:
  1. Use the New-ExchangeCertificate cmdlet to generate a new certificate request:
  New-Exchangecertificate -domainname mail.domain.com, autodiscover.domain.com -generaterequest:$true -keysize 1024 -path "c:\Certificates\xxxx.req” -privatekeyexportable:$true –subjectname "c=US o=domain.com, CN=server.domain.com"
  2. CAS array name doesn’t need to be added in the certificate:
  http://blogs.technet.com/b/exchange/archive/2012/03/23/demystifying-the-cas-array-object-part-1.aspx
  3. It depends on the situation that you configured to add the server name.
  4. Outlook clients use certificate for authentication.
  If you have any question, please feel free to let me know.
  Thanks,
  Angela Shi
  TechNet Community Support

• Reverse Proxy and SLD on an Enterprise Portal 7.0

  Hi
  I need to configure SLD and Reverse Proxy on an Enterprise Portal Server.
  How do i do this...
  can you refer me to the applicable guides
  Thanks
  Kalyan

  Hello,
  Thank you to interest to my problem.
  Browser -
  SSL----
  > Firewall/DMZ (No SSL termination, all traffic forwarded to ISA Server). Yes but there is a port translation port 443 to 50201
  Firewall/DMZ -
  SSL----
  > ISA Servrer -- (SSL Termination)--. IN fact it is noit the ssl terminaison. But from this point the url is modify to reach the host with EP7.0
  ISA Server--SSL--
  > EP7.0 (port 502010) When I test my configuration I have the Message web page not found. With a capture software i have verified that the request is sent to my EP 7.0( url2). But no logon page appeares.  With the modification on line of the HTTP provider in the dispatcher, i have checked that the response contains the URL1 and the standard port. But none web page is displayed.
  Thank you for your help.
  Regards,
  Julien

• Reverse proxy and virtual servers

  Is it possible to have different reverse proxy setting for each virtual server.
  i.e.
  www.server1.com/app1 will reverse proxy to an app server
  www.server2.com/app1 will be a 404
  both server1 and server2 is the same webserver, but using different virtual servers.
  I sought of need like in the virtual manager how you can deploy a webapp under one virtual server, but not another one.
  I've read the reverse proxy documentation, but its quite skimpy on this subject.

  Yes, it is possible. You have two options:
  1. Use the same virtual server class for both virtual servers and use the <Client> tag to specify urlhost-specific configuration.
  2. Use a separate virtual server class (with a separate obj.conf file) for each virtual server.
  With option 1, part of your obj.conf file might look like the following:<Client urlhost="www.server1.com">
  NameTrans fn="assign-name" from="/app1(|*)" name="passthrough"
  </Client>With option 2, you would configure the Reverse Proxy Plugin in only one of the two obj.conf files.

• Reverse proxy and iWS 6.1 SP2?

  Hey all,
  i have 2 questions.
  Can i use reverse proxy (and pass proxy) with iWS 6.1 SP2?
  How must i configure the webserver to use this?
  I need the following thing:
  Client called https://server111.de/XXXXTruePassApp/ ---> Proxy get Data from https://server222.de/XXXXTruePassAppProxy/
  Under Apache looks like that with mod_proxy:
  ProxyPass /eCaSSTruePassApp/ https://server222.de/XXXXTruePassAppProxy/
  ProxyPassReverse /eCaSSTruePassApp/ https://server222.de/XXXXTruePassAppProxy/
  Thanks for help.
  Greets Chmeee-de

  Chmeee-de, I really don't think you should be using Sun ONE Web Server 6.1SP2. That version has known security vulnerabilities. Please consider applying the latest service pack, 6.1SP7.
  Have you downloaded the Reverse Proxy Plugin? Have you tried reading the Reverse Proxy Plugin release notes? The release notes for Reverse Proxy Plugin 6.1SP7 are at http://docs.sun.com/app/docs/doc/820-0262/6nc0vpnc2?a=view.
  Once you have the plugin installed and have edited the magnus.conf configuration file according to the release notes, you can add the following line immediately below the <Object name="default"> line in the obj.conf configuration file:NameTrans fn="assign-name" from="/XXXXTruePassApp/*" name="XXXXTruePassApp"This line indicates that requests for /XXXXTruePassApp/* should be serviced by an object named XXXXTruePassApp.
  You can then create an object named XXXXTruePassApp by adding the following to the bottom of the obj.conf configuration file:<Object name="XXXXTruePassApp">
  Service fn="service-passthrough" servers="https://server222.de"
  </Object>

• Arrowpoint Cookies, Reverse Proxy and Multiplexed Client Requests

  Hi,
  I have a reverse proxy which is performing SSL offload and making backend connections to two web servers. Between the reverse proxy and the two webservers, a CSS is in place to load balance between the web servers. There is a requirement for session stickiness on the web servers and since client IP details are lost through the reverse proxy I have used the arrowpoint-cookie method to load balance connections.
  However, the reverse proxy seems to make only a handful of connections to the servers compared to the number incoming client connections and we have noticed that stickiness is broken. Now, I would assume this is correct if arrowpoint-cookie makes a load balancing based on the first HTTP get in a tcp stream and not on a per transaction basis AND our reverse proxy is multiplexing client requests. However, I can not convince myself of how the arrowpoint-cookie method actually works.
  I wondered if anyone had any insight on this or had experienced similar issues with arrowpoint cookies?

  Hi Gilles,
  I have implemented this today, and we are still seeing issues with requests hitting the wrong server.
  A bit more info, the reverse proxy is an AXG Web Aopplication Firewall. I have been looking at this and am considering disabling connection re-use on here.
  However I am also wondering if this might be to do with the flow timeout multiplier I am using which is 5 (80 seconds). Perhaps this is too low?
  Thanks, David.