Reverse Proxy behind a gateway

hi ,
I want to put a reverse Proxy behind the gateway. All the access Manager and the portal are behind the reverse proxy.Kindly, send me some steps on how to configure gateway to achieve this deployment.
thanks in advance
dhawanmayur

Hi ,
Below steps might help you.
Edit Platform.conf file of the gateway and set the following properties as follows
* gateway.enable.accelerator = true
* gateway.enable.customURl = true
* Append the reverse-proxy server hostname to the gateway.virtualhost property
* gateway.httpsurl = https://<reverse-porxy-host>:<reverse-proxy-host-no>/
Note: Don't miss the Fwd slash "/" at the end of the portNo: in https://hostname.india.sun.com:500/ <--
After that you might have to do URL mapping on the reverse proxy that you are using.

Similar Messages

How to configure ARR to Reverse Proxy to RD Gateway

We have an ARR server in the DMZ working fine providing reverse proxy for our internal Exchange Server 2013 environment and I've tried to create rules to allow access to the internal RD Gateway as well but when testing from an external client it never connects.
Does anyone have any configuration notes for how ARR should be configured to allow reverse proxy of RD Gateway?
Cheers for now
Russell

Hi,
I think you can refer this below article might get some insight from this case.
RD Gateway/RD Web Access & IIS Reverse Proxy/ARR
http://forums.iis.net/t/1210901.aspx?RD+Gateway+RD+Web+Access+IIS+Reverse+Proxy+ARR
Apart seem this as the configurations need to be done in IIS side, I would like to suggest you post the question in our IIS forum for further assistance.
http://forums.iis.net/
Hope it helps!
Thanks.
Dharmesh Solanki
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

RDS 2012 - Using a reverse proxy with the Gateway server on the internal LAN

Hi there,
I'm looking to introduce an RDS 2012 farm and would like to put the RDS Gateway server on the internal LAN (due to it's AD requirements etc).
What are the best practise options for using a reverse proxy to forward traffic to the gateway server and is it better to do this than just forward 443 traffic from the DMZ through to the Gateway directly?
Thanks,
Paul.

Hi Paul,
It is generally considered more secure to have a reverse proxy in front of RDG. I don't know of a proxy that will handle the RDG UDP traffic, so you will need to consider using direct server return for that or not having the benefit of UDP. Whether
or not it is acceptable to simply forward TCP 443/UDP 3391 directly to your internal RDG is up to your security policies. Many companies are fine with it while many other companies think it is unacceptable and require a reverse proxy or other method
to provide an extra layer of protection.
-TP

Citrix Secure Gateway over https reverse proxy - mouse delay

Hello,
i've a citrix secure gateway 3.1 server behind BM 3.9 SP2. I've configured a https reverse proxy to the gateway webserver. the citrixfarm is in our internal lan. My problem is, that i've very strange delays in citrix applications with mouse movement. The delay is about 1-2 seconds. If i connect directly from the DMZ to the gatway server, no delay was happend? So, my idea is, that the reverse proxy is the problem? Any idea would help!
Is it possible to create filter exceptions, delete the reverse proxy, and connct directly per SSL to the citrix secure gateway server. If yes, can anyone tell me the filter exception rules.
Thanks for your help!
Regards,
Norbert

On 09/26/2012 05:16 PM, NSuttner wrote:
>
> Hello,
>
> i've a citrix secure gateway 3.1 server behind BM 3.9 SP2. I've
> configured a https reverse proxy to the gateway webserver. the
> citrixfarm is in our internal lan. My problem is, that i've very strange
> delays in citrix applications with mouse movement. The delay is about
> 1-2 seconds. If i connect directly from the DMZ to the gatway server, no
> delay was happend? So, my idea is, that the reverse proxy is the
> problem? Any idea would help!
>
> Is it possible to create filter exceptions, delete the reverse proxy,
> and connct directly per SSL to the citrix secure gateway server. If yes,
> can anyone tell me the filter exception rules.
>
> Thanks for your help!
>
> Regards,
> Norbert
>
>
tid7004603

Portal 10.1.2 with reverse proxy

Hi,
Does anybody configure Portal 10.1.2 working with reverse proxy behind the firewall?
I tried using generic docs and Metalink Notes 270160.1, 262451.1, unsuccessful.
I ended with SSO not starting at all.
Now i have fresh install without proxy and I am looking for some success reference.
Thanx
Jiri

What are you going to use for the Reverse Proxy?
1) Apache
2) Oracle Isapi IIS Plugin
3) Oracle HTTP Server
4) Webcache
I've been dealing with basically #1, #2 for the past month so I could have some info for you there. How is your MT's / Infra configured? same server, different servers? Will the proxy be in another server? Do you have webcache running?
I would suggest making sure it works internally first with the name that you want before putting the reverse proxy infront of it. I have 1 URL that works now both internally and externally though a reverse proxy.
It sounds like your having some SSO configuration related issues with your name. These are somewhat difficult to troubleshoot, so if needed open a TAR and Oracle Support can pretty quickly help you resolve those.

How to change Script path for Reserved.ReportViewerWebControl.axd when working behind reverse proxy?

Hi,
My application works behind a reverse proxy which has polices for secure and unsecure areas of the application. Architecture and Infra team is not willing to allow any root level policies in any case
When report viewer control is rendered on the page, it is adding a reference to the http handler Reserved.ReportViewerWebControl.axd in the script tag and the URL is at the root level. Unfortunately like other AjaxControlToolkit web resources I cannot modify
the URL to refer to the local script using ScriptManager.
Do we have any other property / means by which I can get this altered.
It is so unfortunate that the Microsoft.ReportViewer.WebForms assembly resources like scripts etc are not exposed as webresource at the assembly level and there is no way to modify this.
Does anyone has any solution to this?
Appreciate your help
Thanks in advance
Badal

Hi Badal,
Thank you for your question.
I am trying to involve someone more familiar with this topic for a further look at this issue. Sometime delay might be expected from the job transferring. Your patience is greatly appreciated.
Thank you for your understanding and support.
Thanks,
Alisa Tang
If you have any feedback on our support, please click
here.
Alisa Tang
TechNet Community Support

O-Portal behind reverse proxy, aliasing of o-portal url to generic url.

I'd like to setup o-Portal behind a reverse proxy. This is a proxy service which accepts connections on http://a.b.com/ and gets the content from internal webservers based on the url. For example http://a.b.com/pls/DAD1 comes from an o-Portal server but http://a.b.com/depts/ comes from a webserver. The problem with o-Portal is now, that it creates pages with its servername and port in the URL of the pages it serves out. For example, if it runs on server x.b.com on the port 7777 the links on all pages are http://x.b.com:7777/pls/DAD1. To get it to work correctly with my proxy, all these links should be http://a.b.com/pls/DAD1 and then the proxy gets the pages from http://x.b.com:77777/pls/DAD1.
How do I tell o-Portal to create this different URL in its pages? You could also say, I'd like to alias http://a.b.com/pls/DAD1 to http://x.b.com:77777/pls/DAD1
I'm sure there is a configuration setting to change this. We had the same problem with Oracle HR11i and there we got it solved.
Web Single Sign On applications like IBM WebSeal or Netegrity Siteminder use these kind of proxies to protect the intranet and to create a Single Sign On domain for all web servers.
Thanks,
Rainer

I also would like overcome this issue. I could not find an answer anywhere on Metalink or OTN.
Can a reverse-proxy (i.e. using ProxyPass & Reverse) be used with and internal Portal?
John Z
Butler Mfg. Co.
[email protected]

SWF verification behind a reverse proxy cache

Hi!
If I place an set of FMS servers behind some reverse proxy caches, will I get problem with SWF verification if the cache layer caches the .f4m meta data file with the SWF verification data? Is there any documented best practice on the requirements to build large scale deployment with security enabled?
best regards
Johan Acevbedo

Hello Johan,
Is in your case drm is embedded inside the f4m??
HLS-VOD
Set the TTL for your f4m to max equal to an interval at which you are expecting the swf hashes to update.
For example, if you expect, you may add/remove swf hashes at interval of say 1 hr, then set the TTL for the f4m as say 50 min (10 min taken as allowed error in your estimation of swf hash update).
You may set HttpStreamingF4MMaxAge under hds-vod (if that is hds vod case) as per your required TTL. Most proxy cashes should ideally respect the TTL dictated by origin response an should re-request the f4m after that period.
HDS-LIVE
Otherwise if this is hds-live case, then I don't think drm is embedded into the f4m. Just verify. Drm is a serperate request. In that case, you can set TTL on drm (HttpStreamingDrmmetaMaxAge) request also under hls-live in httpd.conf.
Read more about these configs http://help.adobe.com/en_US/flashmediaserver/devguide/WSd391de4d9c7bd609a95b3f112a373a7115 -7fff.html#WSae20eaa80bf612516499f756131e06fb583-7fff
You can also set the drm update interval time in the recording section of the application.xml as per your need. Read more about the config at http://help.adobe.com/en_US/flashmediaserver/devguide/WSd391de4d9c7bd609a95b3f112a373a7115 -7fff.html#WSc1a546382286f18f-4a910076130ddc59d17-7ffe . Config setting will only update drm on the disk. But you will still have to set the proper TTL in Apache httpd.conf for the request of the DRM to be sent by the proxy to the origin to fetch it.
-Nitin

Reverse Proxy Different Gateway

I currently have a set up with BM running proxy services for my users and also reverse proxy form my websites. This BM server also runs as the default gateway for all internet based traffic. Is it possible to setup BM with a different default gateway but have the reverse proxy traffic continue to go out the current gateway.
I can go into more detail if needed
Ken

Extreme wrote:
> I currently have a set up with BM running proxy services for my users
> and also reverse proxy form my websites. This BM server also runs as the
> default gateway for all internet based traffic. Is it possible to setup
> BM with a different default gateway but have the reverse proxy traffic
> continue to go out the current gateway.
>
> I can go into more detail if needed
>
>
> Ken
>
>
No, you can not.
THe only way to see is to leave DG as it is and for outgoing http/https
traffic, use a hierarchy with another proxy on the new DG channel.

Logging Client-IP on IWC behind a reverse proxy

I've a Convergence 2 configuration where IWC is contacted through a reverse proxy. The reverse proxy sets Client-IP header.
I'ld like to log that Client-IP information in IWC log.
Is this possible?
Regards.

Dear Expert,
Can i know how do you config the reserve proxy to work with the uwc?
my network topology is:
machine A: uwc (https://port:443) and MEM (https://port 80) (both are running SSL)
machine B: Messaging Server (MTA and store)
machine C: ldap and Identity server
the login page is https://commexp/uwc , after login, it divide to two main session.
Mail tab - https://commexp:80
Other tab - https://commexp/uwc
How can i set the reverse proxy for this configuration?
And which proxy are you using?
Thanks a lot!
Regards,
Angus
had the same problem, fix was -
>
>
in Uwcauth.properties changes
uwcauth.identity.login.url=http://bason.blah.com:81/am
server/UI/Login
AMconfig.properties changes
com.sun.identity.server.fqdnMap[bason.blah.com]=bason.
blah.com
with the hostname (bason.blah.com) being the *uwc
server* with reverse proxy on it
for some fun have a look at the url you are directed
too - in particular the parameters on the url...
can anyone say "SECURITY HOLE"?

Uwc behind a reverse proxy asks for internal urls

Hi,
I have an uwc on the msg store. I try to access it through a web reverse proxy, but after the login page which appeared allright, the url is transformed to a internal url which is invalid from the normal outside scope.
Is this setting a possible one, as advertised or not at all. And what would be the workaround, if any.
Thanks
Fran�ois

Dear Expert,
Can i know how do you config the reserve proxy to work with the uwc?
my network topology is:
machine A: uwc (https://port:443) and MEM (https://port 80) (both are running SSL)
machine B: Messaging Server (MTA and store)
machine C: ldap and Identity server
the login page is https://commexp/uwc , after login, it divide to two main session.
Mail tab - https://commexp:80
Other tab - https://commexp/uwc
How can i set the reverse proxy for this configuration?
And which proxy are you using?
Thanks a lot!
Regards,
Angus
had the same problem, fix was -
>
>
in Uwcauth.properties changes
uwcauth.identity.login.url=http://bason.blah.com:81/am
server/UI/Login
AMconfig.properties changes
com.sun.identity.server.fqdnMap[bason.blah.com]=bason.
blah.com
with the hostname (bason.blah.com) being the *uwc
server* with reverse proxy on it
for some fun have a look at the url you are directed
too - in particular the parameters on the url...
can anyone say "SECURITY HOLE"?

401 Unauthorized: Running portal behind an APACHE reverse proxy

Hello to all,
we've got following scenario:
www <-HTTPS-> APACHE (external SSL termination) <-HTTPS-> portal
If I call the internal URL (https://backend.xy.de:443/irj/portal) of the portal,
I'll be redirected to the logon servlet and logon to the portal application is possible.
Now we set up a APACHE reverse proxy in oder to access the portal from internet.
I've set up a virtual host:
<VirtualHost test.xy.de:443>
     <Location />
          ProxyPass https://backend.xy.de:443/
        ProxyPassReverse /
     </Location>
</VirtualHost test.xy.de:443>
But now if I call the portal application https://test.xy.de/irj/portal I get the following error:
Unauthorized
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
Any idea how to fix this?
Regards Christian

Hello Tobias,
I have adapted your idea, but without success.
I've checked the cookies. No cookies are delivered by the J2EE-Server.
HTTP-ResponseHeader contains following entries:
HTTP/1.1 401 Unauthorized
Date: Thu, 26 Jan 2012 08:31:55 GMT
WWW-Authenticate: Negotiate
Content-Length: 381
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
But its a bit strange.
If I call url https://xy.de/index.html the start page will be displayed.
A log on to system information is possible, but if I try to open the nwa, I get the same error.
So I think this is a problem with the logon servlet. Sites with basic-authentication work.
Calling the logon servlet direct https://xy.de/logon/logonServlet I get the same error.
I don't think, there is a problem with the apache configuration.
If I change the ProxyPass directive to another J2EE server everything works fine.
There is only one difference between both system.
System 1 (error system) is a SAP Netweaver 7.01 SP10
The other system is a SAP Netweaver 7.02 SP 9
Regards Christian
Edited by: Christian Kaiser on Jan 26, 2012 9:53 AM

ACE behind Reverse Proxy - performance issue

Hi,
I've got a config working to accommodate the required use of reverse proxy servers infront of my application servers. Traffic comes into the Front ACE and I insert a header "SRCIP" with the original client IP address which is preserved through the Rev Proxy servers and is then inspected on the Back ACE to create a sticky to a given application server/SRCIP pairing. The use of the RP's appears to require using the persistence-rebalance option otherwise the traffic get stuck to the wrong app server. The app functions perfectly with this config; however, there is a severe performance impact. Using load-runner, we see response times go from 1.5 seconds to 16 seconds for the same transactions comparing this config to a previous config which used static sticky to bind the RP to the app servers..
Question: Is there a better way to do this and remain dynamic, or some way to optimize this approach to reduce the performance impact.
Relevant Config for both ACE's here:
!!Front ACE
parameter-map type http HTTP_REBAL
persistence-rebalance
length-exceed continue
sticky ip-netmask 255.255.255.255 address source ALPHA-SRCIP-sticky
timeout 60
replicate sticky
serverfarm ALPHA
policy-map type loadbalance first-match vip-R1A-ALPHA
class class-default
    sticky-serverfarm ALPHA-SRCIP-sticky
    insert-http SRCIP header-value "%is"
policy-map multi-match PREP-VIP
class VIP-ALPHA-R1A
    loadbalance vip inservice
    loadbalance policy vip-R1A-ALPHA
    appl-parameter http advanced-options HTTP_REBAL
    ssl-proxy server SSL_ALPHA_R1A
!!Back ACE
parameter-map type http HTTP_REBAL
persistence-rebalance
length-exceed continue
sticky http-header SRCIP ALPHA-SRCIP-sticky
timeout 60
replicate sticky
serverfarm coresoms-ALPHAfarm
class-map type http loadbalance match-all SRCIP-MAP
2 match http header SRCIP header-value ".*"
policy-map type loadbalance first-match vip-lb-ALPHA
class SRCIP-MAP
    sticky-serverfarm ALPHA-SRCIP-sticky
policy-map multi-match lb-vip
class VIP-ALPHA
    loadbalance vip inservice
    loadbalance policy vip-lb-ALPHA
    appl-parameter http advanced-options HTTP_REBAL

Hi Joseph,
To achieve this you need to do stickiness based on some L7 parameter (either the header you are currently using or some cookie), so, whatever you do you will have to use persistence rebalance.
I have one possible theory for your issue.
The ACE has two different ways of treating the L7 connections internally, that we call "proxied" and "unproxied". In essence, the proxied mode means that the traffic will be processed by one of the CPU (normally to inspect/modify the L7 data), while, on the unproxied mode, the ACE sets up a hardware shortcut that allows forwarding traffic without the need to do any processing on it.
For a L7 connection, the ACE will proxy it at the beginning, and, once all the L7 processing has been done it will unproxy the connection to save resources. Before it goes ahead with the unproxying, it needs to see the ACK for the last L7 data sent. This wait, on a Internet environment can introduce around 100-200ms of delay for each HTTP request, which can end up adding into a very big delay. By default, if the ACE sees that the RTT to the client is more than 200ms, the connection will never be unproxied to avoid these delays, so I think we could fix your issue by tweaking this threshold.
From what you described, I asssume you don't have many connections (because they all come through a proxy) and that the connections will have a lot of HTTP requests inside. With that in mind, I would suggest setting the threshold to 0 to ensure to keep connections always proxied. To do this, you would nee to configure a parameter map like the one below and add it to your VIP
    parameter-map type connection
      set tcp wan-optimization rtt 0
Even though this setting may avoid your issue, it also has some drawbacks. The main one is that the ACE20 only supports up to 512K simultaneous L7 connections in proxied state (which includes also the connections towards the servers, so, it would be 250K for client connections), so, if the amount of simultaneous connections reaches that limit, new connections would be dropped. The second issue, although not so impacting, would be that the maximum number of connections per second supported would also go down slightly due to the increased processing needed.
I hope this helps
Daniel

Lync Reverse Proxy Alternatives

When migrating from OCS 2007 to Lync 2010, we balked Microsoft’s recommendation to deploy Forefront Threat Management Gateway (or ISA) just to get the reverse proxy services.
TMG is way too expensive and complex for such a limited, simple use case.
I didn't find much information on what people are using as free alternatives to ISA/TMG, so I decided to post this discussion in case there are others out there who are interested.
We decided to use Apache 2.2 on Windows Server 2008 R2.
Here's how we configured it:
Read here to understand what features require a reverse proxy, and follow the steps to configure your FQDNs, Network Adapters and (maybe) obtain an SSL Certificate for the reverse proxy.
http://technet.microsoft.com/en-us/library/gg398069.aspx
Download and install the latest stable release of Apache with OpenSSL on your reverse proxy server.
http://httpd.apache.org/download.cgi
We're using the same certificate on the reverse proxy that we use on our front end server (it has the appropriate SANs), so we need to convert it to PEM format for use with Apache:
Use the Certificates MMC on your front end server to export the certificate and include the private key.
Transfer the resultant .pfx file to your reverse proxy server.
Use OpenSSL to convert your .pfx file to PEM:
openssl pkcs12 -in c:\pathto\yourcert.pfx -out c:\pathto\yourcert.pem –nodes
Separate the private key from the certificate using notepad:
Open the new .pem file and cut the text from the beginning of the file through the end of the “----END RSA PRIVATE KEY----“ tag.
Save that text to a new file named
yourcert.key.
Save
yourcert.pem, which should now only include the certificate.
Copy (or move) the certificate and private key to the Apache configuration directory. We like to use: C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\extra\ssl
for storing the certificates.
Edit httpd.conf (typically in
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf) to enable and configure the proxy and SSL features:
(See http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
for more information on each directive)
Uncomment the following lines, which will enable proxy and SSL:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
Add the following lines to configure reverse proxy behavior:
#Be a reverse proxy, not a forward proxy
ProxyRequests Off
#Accept requests from any client to any URL
<Proxy *>
Order Deny,Allow
Allow from all
</Proxy>
#Set the network buffer to improve throughput
ProxyReceiveBufferSize 4096
#Configure the Reverse Proxy to forward all requests to your front end server on 4443
ProxyPass / https://yourfrontend.domain.com:4443/
ProxyPassReverse / https://yourfrontend.domain.com:4443/
#Preserve Host Headers for Lync
ProxyPreserveHost On
Optionally, configure logging directives, bindings and server name.
Save and close httpd.conf
Edit httpd-ssl.conf (typically in conf\extra):
Configure the session cache:
Uncomment:
SSLSessionCache “dbm:C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/ssl_scache”
Comment out:
SSLSessionCache “shmcb:C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)”
Locate the <VirtualHost _default_:443> tag and configure the following:
Add the following directive:
SSLProxyEngine On
Configure the path to your SSL Certificate saved in step 3-5 above:
SSLCertificateFile “C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\extra\ssl\yourcert.pem”
Configure the path to your private key saved in step 3-5 above:
SSLCertificateKeyFile “C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\extra\ssl\yourcert.key”
Optionally, configure the SSLCACertificateFile (you can download the appropriate bundle from your CA).
Optionally, configure logging directives.
Save and close httpd-ssl.conf
Restart the Apache2.2 service
Configure public DNS records and appropriate firewall rules to allow public http/https traffic to the external interface of your reverse proxy, and to allow the internal interface of
the reverse proxy to talk to the front end Lync server on 8080 and 4443.
From an external connection, test connectivity through the reverse proxy:
Test
https://dialin.company.com (friendly URL for getting dial-in information, if you’re using voice conferencing)
Test the Lync Web App by setting up an online meeting and following the URL to join the meeting.
You can force the use of the web app by appending ?sl= to the end of the meet.company.com link.
See this for more information http://blogs.technet.com/b/jenstr/archive/2010/11/30/launching-lync-web-app.aspx
Hope this information is helpful and saves some of you some money and trouble.
Please contact me if you need further clarification or see any mistakes in my notes.
Best regards,
Kenneth Walden
Enterprise Systems Supervisor
GSD&M
Austin, TX

I'd like to thank you for this article. We were setting up Apache RP for Lync .... needless to say they weren't too excited to learn this new (and highly complex with lots of specific undocumented requirements) Microsoft product. Anyways, your
blog saved me a LOT of headache. I owe you big time.
AWESOME JOB.
-Greg
*****EDIT***
Decided to come back in there and post good information. We had issues with EXTERNAL and ANONYMOUS users being able to attend a meeting. The "DIALUP" url was working fine but the "MEETING" url was broken. On our WFE servers we were getting
the event error as below.   Turns out that our reverse proxy was not set to "PROXYPRESERVEHOST ON". Once we put that in there ALL was good.
Notice that the MEET portion was the only thing that was really broken. So, if you can get DIALUP to work, but MEET doesn't ... your RP is working to FW the 443 to the 4443 correctly but you're RP is sending the wrong HEADER. Look for
http://10.x.x.x/meet/ or soemthing in the event logs.
Log Name:      Application
Source:        ASP.NET 2.0.50727.0
Date:          11/16/2011 1:26:35 PM
Event ID:      1309
Task Category: Web Event
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      OneofMyInternalWFEservers.local
Description:
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 11/16/2011 1:26:35 PM
Event time (UTC): 11/16/2011 6:26:35 PM
Event ID: b2039ecd0a62482284030f62e1e639d8
Event sequence: 129
Event occurrence: 28
Event detail code: 0
Application information:
    Application domain: /LM/W3SVC/34578/ROOT/meet-1-129658725547585993
    Trust level: Full
    Application Virtual Path: /meet
    Application Path: C:\Program Files\Microsoft Lync Server 2010\Web Components\Join Launcher\Ext\
    Machine name: MYWFE.local
Process information:
    Process ID: 14204
    Process name: w3wp.exe
    Account name: NT AUTHORITY\NETWORK SERVICE
Exception information:
    Exception type: HttpException
    Exception message: Server cannot append header after HTTP headers have been sent.
Request information:
    Request URL:
https://FQDN:4443/meet/MyName/456456
    User host address: gatewayIP
    User:
    Is authenticated: False
    Authentication Type:
    Thread account name: NT AUTHORITY\NETWORK SERVICE
Thread information:
    Thread ID: 7
    Thread account name: NT AUTHORITY\NETWORK SERVICE
    Is impersonating: False
    Stack trace:    at System.Web.HttpHeaderCollection.SetHeader(String name, String value, Boolean replace)
   at Microsoft.Rtc.Internal.WebServicesAuthFramework.OCSAuthModule.EndRequest(Object source, EventArgs e)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Custom event details:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
    <Provider Name="ASP.NET 2.0.50727.0" />
    <EventID Qualifiers="32768">1309</EventID>
    <Level>3</Level>
    <Task>3</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2011-11-16T18:26:35.000000000Z" />
    <EventRecordID>4483</EventRecordID>
    <Channel>Application</Channel>
    <Computer>XXXXXXXXXXXXXXXXXX</Computer>
    <Security />
</System>
<EventData>
    <Data>3005</Data>
    <Data>An unhandled exception has occurred.</Data>
    <Data>11/16/2011 1:26:35 PM</Data>
    <Data>11/16/2011 6:26:35 PM</Data>
    <Data>b2039ecd0a62482284030f62e1e639d8</Data>
    <Data>129</Data>
    <Data>28</Data>
    <Data>0</Data>
    <Data>/LM/W3SVC/34578/ROOT/meet-1-129658725547585993</Data>
    <Data>Full</Data>
    <Data>/meet</Data>
    <Data>C:\Program Files\Microsoft Lync Server 2010\Web Components\Join Launcher\Ext\</Data>
    <Data>SNKXS300</Data>
    <Data>
    </Data>
    <Data>14204</Data>
    <Data>w3wp.exe</Data>
    <Data>NT AUTHORITY\NETWORK SERVICE</Data>
    <Data>HttpException</Data>
    <Data>Server cannot append header after HTTP headers have been sent.</Data>
    <Data>XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</Data>
    <Data>/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</Data>
    <Data>10.71.1.1</Data>
    <Data>
    </Data>
    <Data>False</Data>
    <Data>
    </Data>
    <Data>NT AUTHORITY\NETWORK SERVICE</Data>
    <Data>7</Data>
    <Data>NT AUTHORITY\NETWORK SERVICE</Data>
    <Data>False</Data>
    <Data>   at System.Web.HttpHeaderCollection.SetHeader(String name, String value, Boolean replace)
   at Microsoft.Rtc.Internal.WebServicesAuthFramework.OCSAuthModule.EndRequest(Object source, EventArgs e)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
</Data>
</EventData>
</Event>

Web Server 7 Reverse Proxy URI Config

I am testing WS 7.2 to replace WS 6.1 and need input on the configuration of the reverse proxy setup. We currently are using the reverse proxy plugin on our 6.1 servers but I cannot get the same configuration to work on 7.2. I have followed the admin document but I don't want to use / as my URI. I need to only proxy requests for URLs that end in *cfm. Can I configure the new server to work like the 6.1 version?
6.1 Config
=======
obj.conf
NameTrans fn="assign-name" from="(*.cfm)" name="passthrough"
<Object name="passthrough">
ObjectType fn="force-type" type="magnus-internal/passthrough"
Service type="magnus-internal/passthrough" fn="service-passthrough" servers="http://host:8281"
Error reason="Bad Gateway" fn="send-error" uri="$docroot/badgateway.html"
</Object>
magnus.conf
Init fn="load-modules" shlib="/opt/SUNWwbsvr/plugins/passthrough/libpassthrough.so" funcs="init-passthrough,auth-passthrough,check-pass
through,service-passthrough" NativeThread="no"
Init fn="init-passthrough"

In Web Server 7.0 you can use built in reverse proxy feature rather than using libpassthrough.so
configuring reverse proxy
http://docs.sun.com/app/docs/doc/820-2202/gdabp?l=en&a=view
http://docs.sun.com/app/docs/doc/820-2204/create-reverse-proxy-1?l=en&a=view
More information about map SAF :
http://docs.sun.com/app/docs/doc/820-2203/gdhnz?l=en&a=view
set-origin-server sAF:
http://docs.sun.com/app/docs/doc/820-2203/gdhqc?l=en&a=view
Blogs :
http://blogs.sun.com/meena/entry/configuring_reverse_proxy_in_sun

Reverse Proxy behind a gateway

Similar Messages

Maybe you are looking for