Reverse Proxy Pbm Rewriting Location

Sun Java Web Proxy Server v4.0.7 is running on Windows 2003 Server.
The SJWP server is running as a reverse proxy for the following domains:
app.example1.com
appmgt.example1.com
I have configured the SJWP server to use Virtual Multihosting in Reverse Proxy:
app.example1.com --> app.example2.com
appmgt.example1.com --> appmgt.example2.com
The SJWP server routes all requests through another web proxy (squid), but this is acting a a forward proxy.
The SJWP server has a Content URL Rewriting filter (because all pages within example2.com use fixed path URLs, not relative ones):
Source Pattern: example2.com
Destination Pattern: example1.com
MIME Type: *
At one point, when trying to load a page from app.example1.com (app.example2.com) -- the page attempts to do a Location redirect from app.example1.com to app.example2.com, and this fails since the client does not know about example2.com.
The problem seems to be that the SJWP server is not rewriting the Location header.
What do I need to do to get the SJWP rewrite the Location header? Shouldn't the virtual multihosting config handle this?
Edited by: macdsg on Jul 31, 2008 10:41 AM

No, a virtual multihosting configuration does not do rewriting of "Location" headers.

Similar Messages

Non-Oracle Apache as Front-end/reverse proxy?

Hi,
The question I have is kind of OID-related, but I think is more relevant to OAS, so I hope that I'm posting this in the right forum.
We have an existing OID instance, using the Apache 1.3-based OHS, and up till now, users have been accessing the OID/OIDDAS web-interface directly, e.g., by going to http:<hostname>:7777/oiddas, then signing in.
We also have a (non-Oracle OHS) enterprise-wide Apache 2.x-based reverse-proxy, and they want to be able to reverse-proxy through this Apache 2.x to the OID web interface.
We tried adding the <Location> sections to the Apache 2.x reverse proxy, e.g.:
<Location /oiddas>
ProxyPass http://<hostname>:7777/oiddas
ProxyPassReverse http://<hostname>:7777/oiddas
</Location>
<Location /pls>
ProxyPass http://<hostname>:7777/pls
ProxyPassReverse http://<hostname>:7777/pls
</Location>
Then, when we go to http://<apache-2.0-reverse-proxy-hostname>/oiddas, we get the initial page with the "Login" link. But, when we click on the "Login" link, we are getting a "Forbidden" error (HTTP 403 error).
Has anyone configured something like this before? What else do we need to configure in the Apache 2.x reverse-proxy?
Thanks,
Jim

Hi,
I just stood up a new test instance of 10gAS (only one I had the install files for), and I can access the oiddas via port 7777, i.e., http://<hostname>:7777/oiddas.
I setup a reverse-proxy to it on a separate Apache 2.x instance, and it looks like at least part of the problem is that when I access via the proxy, the 10gAS sends back redirects (HTTP 302) responses with Location headers with the original <10gAS_hostname>:7777.
In other words, I do the original access using http:<proxy_hostname>/oiddas, but then when I click the "Login" link, the 10gAS redirects my browser to http://<10gAS_hostname>:7777/pls/orasso (to go to the SSO server).
This doesn't explain why were were seeing the 403 errors at work, but I think that, as suggested in that webpage that I linked earlier, there are re-directs that may not be totally visible going on, i.e., you can't "just" setup the Apache reverse-proxy with the <Location> directives.
Thus far, I haven't been able to replicate the 403 error problem that we had...
Jim

IIS Reverse Proxy with URL rewrite.

Hi all, hoping to leverage the wealth of knowledge contained here.
Any assistance would be very welcome.
I'm having an issue getting a reverse proxy and URL rewrite working in IIS 7.0.
I need to redirect all requests with a specific virtual directory suffix only.
ie; https://domain.test.com/outbound/Content/query_etc
With /Outbound/ being the trigger.
This should be redirected to http://10.10.10.10/inbound/Content/query_etc
While at the same time, requests without the /outbound/ suffix should be handled locally.
I have configured the reverse proxy as described in a few articles, and have had no luck.
Here's a snippet from my (sanitized) web.config at the site level.
<rewrite>
<outboundRules>
<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
<match filterByTags="A" pattern="^http(s)?://10.10.10.10/inbound/(.*)" />
<action type="Rewrite" value="https://domain.test.com/outbound/{R:2}" />
</rule>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
</preConditions>
</outboundRules>
<rules>
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="^outbound/(.*)" />
<action type="Rewrite" url="http://10.10.10.10/inbound/{R:1}" appendQueryString="true" logRewrittenUrl="false" />
</rule>
</rules>
</rewrite>
To me, this looks correct, yet it doesn't work.
With this, I get the normal 404 - Error Code 0x80070002, with the text indicating the local directory doesn't exist, so.... not being picked up by the filter for redirection.

Hi Andrew,
Looking at your requirements it appears you need Reverse Proxy To Another Site/Server.
By using URL Rewrite Module together with
Application Request Routing module you can have IIS 7 act as a
reverse proxy.
It seems like URL Rewrite can't re-route the request somewhere else out of the server.
Even when you rewrite the url the actual connection remains with the server. Hence if your original server doesn't have /inbound/Content/query_etc it will fail with 404.
Hosting multiple domain names under a single account using URL Rewrite.
It’s a common desire to have a single IIS website that handles multiple sites with different domain names.
References:
How to create a url alias using IIS URL Rewrite:
http://blogs.technet.com/b/mspfe/archive/2013/11/27/how-to-create-a-url-alias-using-iis-url-rewrite.aspx
Reverse Proxy with URL Rewrite v2 and Application Request Routing:
http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing
Regards,
Satyajit
Please“Vote As Helpful”
if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

How do I use Sun Web Server 7.0u1 reverse proxy to change public URLs?

Some of our installations use the Sun Web Server 7.0 (update 1, usually)
for hosting some of the public resource and reverse-proxying other parts
of the URI namespace from other backend servers (content, application
and other types of servers).
So far every type of backend server served a unique part of the namespace
and there was no collision of names, and the backend resources were
published in a one-to-one manner. That is, a backend resource like, say,
http://appserver:8080/content/page.html would be published in the internet
as http://www.publicsite.com/content/page.html
I was recently asked to research whether we can rename some parts of
the public URI namespace, to publish some or all resources as, say,
http://www.publicsite.com/data/page.html while using the same backend
resources.
Another quest, possibly related in solution, was to make a tidy url for the
first page the user opens of the site. That is, in the current solution when
a visitor types the url "www.publicsite.com" in his or her browser, our web
server returns an HTTP-302 redirect to the actual first page URL, so the
browser sends a second request (and changes the URL in its location bar).
One customer said that it is not "tidy". They don't want the URL to change
right upon first rendering the page. They want the root page to be rendered
instantly i the first HTTP request.
So far I found that I can't solve these problems. I believe these problems
share a solution because it relies on ability to control the actual URI strings
requested by Sun Web Server from backend servers.
Some details follow, now:
It seems that the reverse proxy (Service fn="service-passthrough") takes
only the $uri value which was originally requested by the browser. I didn't
yet manage to override this value while processing a request, not even if
I "restart" a request. Turning the error log up to "finest" I see that even
when making the "service-passthrough" operation, the Sun Web Server
still remembers that the request was for "/test" (in my test case below);
it does indeed ask the backend server for an URI "/test" and that fails.
[04/Mar/2009:21:45:34] finest (25095) www.publicsite.com: for host xx.xx.xx.83
trying to GET /content/MainPage.html while trying to GET /test, func_exec reports:
fn="service-passthrough" rewrite-host="true" rewrite-location="true"
servers="http://10.16.2.127:8080" Directive="Service" DaemonPool="2b1348"
returned 0 (REQ_PROCEED)My obj.conf file currently has simple clauses like this:
# this causes /content/* to be taken from another (backend) server
NameTrans fn="assign-name" from="/content" name="content-test" nostat="/content"
# this causes requests to site root to be HTTP-redirected to a certain page URI
<If $uri =~ '^/$'>
    NameTrans fn="redirect"
        url="http://www.publicsite.com/content/MainPage.html"
</If>
<Object name="content-test">
### This maps http://public/content/* to http://10.16.2.127:8080/content/*
### Somehow the desired solution should instead map http://public/data/* to http://10.16.2.127:8080/content/*
    Service fn="service-passthrough" rewrite-host="true" rewrite-location="true" servers="http://10.16.2.127:8080"
    Service fn="set-variable" set-srvhdrs="host=www.publicsite.com:80"
</Object>
I have also tried "restart"ing the request like this:
    NameTrans fn="restart" uri="/data"or desperately trying to set the new request uri like this:
    Service fn="set-variable" uri="/magnoliaPublic/Main.html"Thanks for any ideas (including a statement whether this can be done at all
in some version of Sun Web Server 7.0 or its opensourced siblings) ;)
//Jim

Some of our installations use the Sun Web Server 7.0 (update 1, usually)please plan on installing the latest service pack - 7.0 Update 4. these updates addresses potentially critical bug fixes.
I was recently asked to research whether we can rename some parts of
the public URI namespace, to publish some or all resources as, say,
http://www.publicsite.com/data/page.html while using the same backend
resources.> now, if all the resources are under say /data, then how will you know which pages need to be sent to which back end resources. i guess, you probably meant to check for /data/page.html should go to <back-end>/content/page.html
yes, you could do something like
- edit your corresponding obj.conf (<hostname>-obj.conf or obj.conf depending on your configuration)
<Object name=¨default¨>
<If $uri = ¨/page/¨>
#move this nametrans SAF (for map directive - which is for reverse proxy within <if> clause)
NameTrans.. fn=map
</If
</Object>
and you could do https-<hostname>/bin/reconfig (dynamic reconfiguration) to check out if this is what you wanted. also, you might want to move config/server.xml <log-level> to finest and do your configuration . this way, you would get enough information on what is going on within your server logs.
finally,when you are satisfied, you might have to run the following command to make your manual change into admin config repository.
<install-root>/bin/wadm pull-config user=admin config=<hostname> <hostname>
<install-root>/bin/wadm deploy-config --user=admin <hostname>
you might want to check out this for more info on how you could use <if> else condition to handle your requirement.
http://docs.sun.com/app/docs/doc/820-6599/gdaer?a=view
finally, you might want to refer to this doc - which explains on ws7 request processing overview. this should provide you with some pointers as to what these different directives mean
http://docs.sun.com/app/docs/doc/820-6599/gbysz?a=view
>
One customer said that it is not "tidy". They don't want the URL to change
right upon first rendering the page. They want the root page to be rendered
instantly i the first HTTP request.
please check out the rewrite / restart SAF. this should help you.
http://docs.sun.com/app/docs/doc/820-6599/gdada?a=view
pl. understand that - like with more web servers - ordering of directives is very important within obj.conf. so, you might want to make sure that you verify the obj.conf directive ordering is what you want it to do..
It seems that the reverse proxy (Service fn="service-passthrough") takes
only the $uri value which was originally requested by the browser. I didn't
yet manage to override this value while processing a request, not even if
I "restart" a request. Turning the error log up to "finest" I see that even
when making the "service-passthrough" operation, the Sun Web Server
still remembers that the request was for "/test" (in my test case below);
it does indeed ask the backend server for an URI "/test" and that fails.
now, you are in the totally wrong direction. web server 7 includes a highly integrated reverse proxy solution compared to 6.1. unlike 6.1, you don´t have to download a separate plugin . however, you will need to manually migrate your 6.1 based reverse proxy settings into 7.0. please check out this blog link on how to set up a reverse proxy
http://blogs.sun.com/amit/entry/setting_up_a_reverse_proxy
feel free to post to us if you need any futher help
you are probably better off - starting fresh
- install ws7u4
- use gui or CLI to create a reverse proxy and map one on one - say content
http://docs.sun.com/app/docs/doc/820-6601/create-reverse-proxy-1?a=view
if you don´t plan on using ws7 integrated web container (ability to process jsp/servlet), then you could disable java support as well. this should reduce your server memory footprint
<install-root>/bin/wadm disable-java user=admin config=<hostname>
<install-root>/bin/wadm create-reverse-proxy user=admin uri-prefix=/content server=<http://your back end server/ config=<hostname> --vs=<hostname>
<install-root>/bin/wadm deploy-config --user=admin <hostname>
now, you can check out the regular express processing and <if> syntax from our docs and try it out within <https-<hostname>/config/<hostname>-obj.conf> file and restart the server. pl. note that once you disable java, ws7 admin server creates <vs>-obj.conf and you need to edit this file and not default obj.conf for your changes to be read by server.
>
I have also tried "restart"ing the request like this:
NameTrans fn="restart" uri="/data"
ordering is very important here... you need to do this some thing like
<Object name=default>
<If not $restarted>
NameTrans fn=restart uri from=/¨ uri=/foo.
</If>

Reverse Proxy - Apache vs SAP Web Dispatcher

Hi,
my config consists in a portal (EP7.0 - DB/CI + AS) and an ECC system (ECC 6.0 - DB/CI + AS).
Web developments are based on Abap Web Dynpro and are also located on ECC.
To ensure load balancing there are 2 web dispatchers : one on EP DB/CI, one on ECC DB/CI.
Those 2 systems are located in intranet. Intranet access are realized via http.
Moreover I need to open this solution to internet. I need a component to filter access in DMZ and ensure reverse proxy + https functions.
Technical target chain links are depicted below.
internet access : browser (https) -
> (https) reverse proxy in DMZ (http) -
> IS (Portal/ECC)
intranet access : browser (http) -
> IS (portal/ECC)
At the moment two application gateway solutions have been identified :
Apache (MOD_PROXY + MOD_HTTPS) - My configuration is based on Linux
SAP Web Dispatcher ("cascading" implementation as described in OSS note 740234)
I'm looking for PROs and CONs of those 2 solutions and I'm also seeking for the impact of ensuring https encryption/decryption at the application gateway level ("a priori" this usage is not transparent in term of server sizing - CPU/memory, do I require to implement an SSL accelerator ?).
Regards.
Frederic.

Hi,
PRO Webdispatcher:
- Supports SAP Java + ABAP
- Loadbalancing of SAP applications (stateful)
- Supports load balancing (saplb_* cookie)
- Free of costs
- easy to set up (up & running in 2 minutes)
- Supports HA solutions out-of-the-box (process HA)
- Filter + Rules to modify the requests
CONS Webdispatcher
- not a full reverse proxy
- Limited functionality
- one more server/solution (normaly, a company already does have a reverse proxy solution in place)
- limited user base (only SAP customers)
PRO Apache
- free
- widly in use
- full reverse proxy
- allows more complex filtering / rewriting
- can be used for more web solutions, reuse of existing apache reverse proxy
CONS Apache
- does not support SAP load balancing (connection to the message server port for load distribution)
- can be more complex to set up
- SAP specific technology / problems are more harder to fix (ABAP, Stateful connections, sap_lb*)
Short: both will server well as a reverse proxy.
Rule of thumb: If you go for Apache or Web Dispatcher should mainly depend on you current IT landscape. If you already do have an apache in use, use Apache. You already have the people / knowledge, try to foster it .
If you start from scratch and have SAP Logon Groups or many WebDynpro ABAP applications, go for the Web Dispatcher.
br,
Tobias

Load Balancing in Reverse Proxy Mode

Hi,
Is the HTTP Load Balancing function working only in the Routing context or works it generally. I set the SJWPS as a Reverse Proxy like this
NameTrans fn="reverse-map" from="http://server1.domain.de" to="http://proxy.domain.de" rewrite-location="false" rewrite-content-location="false"
NameTrans fn="map" from="http://proxy.domain.de" to="http://server1.domain.de" rewrite-host="false"
NameTrans fn="map" from="/" to="http://server1.domain.de" rewrite-host="false"
Now the Proxy should do Load balancing with a second, mirrored server like http://server2.domain.de. How could I configure that?
Please help me.
InfoSeeker09
Edited by: InfoSeeker09 on Sep 11, 2009 2:18 AM

if you need to route / provide load balancing between 2 hosts, then you will need to have Route SAF . you can use web server 7 reverse proxy cli or gui to get this. however, you might want to start from a fresh configuration to avoid reverse-map / map that you have experimented with does not overlap with the 'Route' functionality that you seem to need here
here are some reference content
http://blogs.sun.com/amit/entry/setting_up_a_reverse_proxy
http://blogs.sun.com/meena/entry/configuring_reverse_proxy_in_sun
http://www.sun.com/bigadmin/features/articles/web_server_zones.jsp

Reverse proxy with apache2

Hi folks,
I have a huge problem here. I have a apache 2.0.50 on a Linux system that is to act as a reverse proxy for an enterprise portal. I have set up the apache to do reverse proxying and so far I have made first success. I can get to the login page of the portal and I even managed to make it show the images. The problem is, when I try to log on to the portal I am always send back to the logon page in the very instance. If I enter the wrong logon information I see the authorization failed text, but when I enter correct information I only see the logon page again.
I will put tyhe relevant part of my httpd.conf to this message and hope someone can point me to the right location or maybe even tell me what I'm doing wrong.
And ny the way, the portal itself works perfectky when connected directly.
Kind regards,
   Christian Guenther
Reverse proxy configuration ############################################
NameVirtualHost 172.30.210.96
<VirtualHost 172.30.210.96>
   ServerAdmin [email protected]
   ServerName host.external.de
SSL is turned off at the moment
   SSLEngine Off
   SSLCertificateFile /etc/apache2/ssl.crt/proxy.cert.cert
   SSLCertificateKeyFile /etc/apache2/ssl.key/proxy.cert.key
Set up as a proxy for internal SAP systems
   ProxyRequests Off
   ProxyPreserveHost Off
   <Proxy *>
      Order deny,allow
      Allow from all
   </Proxy>
IRJ
<Location /irj/>
    ProxyPass http://host.internal.lan:8001/irj/
    ProxyPassReverse http://host.internal.lan:8001/irj/
rewriting rules for proxy
    RewriteEngine On
    RewriteCond % \.jsp
    RewriteRule ^(.+) % [P]
    RewriteCond % \.servlet
    RewriteRule ^(.+) %
Portal
rewriting rules for proxy
[P]
</Location>
<Location />
    ProxyPass http://host.internal.lan:8001/
    ProxyPassReverse http://host.internal.lan:8001/
    RewriteEngine On
    RewriteCond % \.jsp
    RewriteRule ^(.+) % [P]
    RewriteCond % \.servlet
    RewriteRule ^(.+) % [P]
</Location>
</VirtualHost>

This is a valid configuration for an Apache Reverse Proxy:
ThreadsPerChild 250
MaxRequestsPerChild 0
ServerRoot /usr/local/apache2
Listen 443
#LoadModule dir_module modules/mod_dir.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule include_module modules/mod_include.so
#LoadModule autoindex_module modules/mod_autoindex.so
LoadModule access_module modules/mod_access.so
#LoadModule auth_module modules/mod_auth.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule mime_module modules/mod_mime.so
#LoadModule env_module modules/mod_env.so
#LoadModule headers_module modules/mod_headers.so
#LoadModule setenvif_module modules/mod_setenvif.so
LoadModule alias_module modules/mod_alias.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule ssl_module modules/mod_ssl.so
ServerAdmin [email protected]
ServerName your.servername.com
UseCanonicalName Off
make sure zou include these with valid entries...
Include conf/log.conf
Include conf/mime.conf
Include conf/default.conf
Include conf/ssl.conf
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
this is for the MS IE SSL bug
BrowserMatch ".MSIE." nokeepalive ssl-unclean-shutdown downgrade-1.0#
force-response-1.0
Header add P3P CP="NOI"
Proxy with caching
LoadModule cache_module modules/mod_cache.so
LoadModule disk_cache_module modules/mod_disk_cache.so
CacheRoot /usr/local/apache2/Cache
CacheEnable disk /
CacheDirLevels 5
CacheDirLength 3
<VirtualHost *:443>
    ServerName your.servername.com
    ServerAdmin [email protected]
Set the level of log entries - debug produces A LOT of messages
    LogLevel debug
    ErrorLog logs\error.log
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    CustomLog logs\access.log common
NEVER turn this On, it would create a forward proxy
    ProxyRequests Off
    ProxyPreserveHost On
it is important that the proxy uses active protocol used in the
internet section of the request
    RequestHeader set ClientProtocol https
    Header add P3P CP="NOI"
we need to answer HTTPS requests, so we need an ssl engine
    SSLEngine On
and a cipher suite plus certificate
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4RSA:HIGH:MEDIUM:LOW:SSLv2:EXP:+eNULL
    SSLProtocol all -SSLv2
of course these entries have to be adopted
    SSLCertificateFile conf/certs/server.crt
    SSLCertificateKeyFile conf/certs/server.key
    SSLOptions +StdEnvVars
this is for the bloody MS IE - I don't know why, but they seem to
have trouble learning in redmond
    BrowserMatch ".MSIE." \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
    CustomLog logs/ssl_request.log \
          "%t %h %x %x \"%r\" %b"
below are the proxied hosts - you always need ProxyPass
AND ProxyPassReverse otherwise it will not work correctly
ITS
    #ProxyPass /iac/               http://itsserver:8081/iac/
    #ProxyPassReverse /iac/          http://itsserver:8081/iac/
direct portal connection              this ought to be the IP
    ProxyPass /irj/               http://10.8.1.14:50000/irj/
    ProxyPassReverse /irj/          http://10.8.1.14:50000/irj/
    ProxyPass /logon/               http://10.8.1.14:50000/logon/
    ProxyPassReverse /logon/          http://10.8.1.14:50000/logon/
Rewrite Rule in case ICM puts session information in URL
NEVER REALLY HARMS
    RewriteEngine On
    RewriteRule ^/(sap\(.*) http://10.8.1.14:50000/$1 [P,L]
    #ProxyPass /chooselogin/          http://10.8.9.0:50000/chooselogin/
    #ProxyPassReverse /chooselogin/     http://10.8.9.0:50000/chooselogin/
</VirtualHost>

ACE 4710, reverse proxy?

Hello All,
Please forgive my ignorance but can the ACE appliance behave as a reverse proxy for http and ssl traffic? I would assume it can given how it does SLB but SLB is not a requirement at this time. Thanks for your input.

Hi Mate,
The reverse proxy servers can perform many tasks, like:
Note: this info from Wikipedia: http://en.wikipedia.org/wiki/Reverse_proxy
Reverse proxies can hide the existence and characteristics of the origin server(s), The ACE will do that.
Application firewall features can protect against common web-based attacks. Without a reverse proxy, removing malware or initiating takedowns, for example, can become difficult, The ACE has some built-in security features, you can refer to this document for full detail:
http://www.cisco.com/en/US/partner/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_2_7/configuration/security/guide/securgd.html
In the case of secure websites, the SSL encryption is sometimes not performed by the web server itself, but is instead offloaded to a reverse proxy that may be equipped with SSL acceleration hardware. The ACE can do this:
http://www.cisco.com/en/US/partner/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_2_7/configuration/ssl/guide/sslgd.html
A reverse proxy can distribute the load from incoming requests to several servers, with each server serving its own application area. In the case of reverse proxying in the neighborhood of web servers, the reverse proxy may have to rewrite the URL in each incoming request in order to match the relevant internal location of the requested resource. The ACE can do that perfectly.
A reverse proxy can reduce load on its origin servers by caching static content, as well as dynamic content. Proxy caches of this sort can often satisfy a considerable amount of website requests, greatly reducing the load on the origin server(s). Another term for this is web accelerator. A reverse proxy can optimize content by compressing it in order to speed up loading times. Please check this link for more detail about ACE Application Acceleration and Optimization:
http://www.cisco.com/en/US/partner/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_2_7/configuration/app_acc_and_opt/guide/appaccoptgd.html
Best regards,
Ahmad

Reverse proxying EM

hi,
Among of couples of web sites, oracle EM is recently behind Apache reverse proxy, i'm using mod_proxy and mod_proxy_http, the problem is that the images don't appear due to URL resolution. I know about apache_proxy_html but i'm asking if there is another alternative of this one.
thanks.

8081 is the application server port.
even this fails
NameTrans fn="map" from="/uwc" to="http://192.168.1.34/uwc"
NameTrans fn="reverse-map" from="http://192.168.1.34/uwc" to="http://192.168.1.34:8082/uwc" rewrite-location="true" rewrite-content-location="true"
it directs me to
http://192.168.1.34/uwc/webmail/en/mail.html?lang=en&laurel=on&cal=0 after login which means the source webserver
but if i specify the port within the above url it works
http://192.168.1.34:8082/uwc/webmail/en/mail.html?lang=en&laurel=on&cal=0
which means that the proxy is getting the contents but it redirects to the source url and doesn't rewrite it with the proxy url
how can i solve it?

Reverse Proxy Configuration help Needed

Hi,
What steps should i follow if i have both Sun Web Server 6.1.
Web Server 1 - http://192.168.20.40:768 (Want to use this as reverse proxy)
Web Server 2 - http://201.192.30.20:1010
Can anyone please guide me what changes i should do in obj.conf and magnus.conf.
Add this line in Magnus.conf
Init fn="load-modules" shlib="/appl/sunjs/SUNWwbsvr/plugins/passthrough/libpassthrough.so"
This libpassthrough.so location is in the Server 1.
Add the below line in obj.conf
<Object name="passthrough">
Service fn="service-passthrough" servers="http://team.yahoo.co.nz:1010"
</Object>
Do i need to do any changes to the obj.conf and magnus.conf in the Server 2.
Please let me know if i am going wrong.
Regards,

Hi,
Reverse Proxy Web Server - http://Sol9-dev.uname.yahoo.co.nz:8002
All request Want to redirect to - http://Sol10-dev.uname.yahoo.co.nz:8080
Obj.Conf
<Object name="default">
AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
NameTrans fn="assign-name" from="/amserver(|/*)" name="reverse-proxy"
NameTrans fn="ntrans-j2ee" name="j2ee"
NameTrans fn=pfx2dir from=/mc-icons dir="/appl/sunjs/SUNWwbsvr/ns-icons" name="es-internal"
NameTrans fn=document-root root="$docroot"
PathCheck fn=unix-uri-clean
PathCheck fn="check-acl" acl="default"
PathCheck fn=find-pathinfo
PathCheck fn=find-index index-names="index.html,home.html,index.jsp"
PathCheck fn=validate_session_policy
ObjectType fn=type-by-extension
ObjectType fn=force-type type=text/plain
Service method=(GET|HEAD) type=magnus-internal/imagemap fn=imagemap
Service method=(GET|HEAD) type=magnus-internal/directory fn=index-common
Service method=(GET|HEAD|POST) type=*~magnus-internal/* fn=send-file
Service method=TRACE fn=service-trace
Error fn="error-j2ee"
AddLog fn=flex-log name="access"
</Object>
<Object name="j2ee">
Service fn="service-j2ee" method="*"
</Object>
<Object name="cgi">
ObjectType fn=force-type type=magnus-internal/cgi
Service fn=send-cgi user="$user" group="$group" chroot="$chroot" dir="$dir" nice="$nice"
</Object>
<Object name="es-internal">
PathCheck fn="check-acl" acl="es-internal"
</Object>
<Object name="send-compressed">
PathCheck fn="find-compressed"
</Object>
<Object name="compress-on-demand">
Output fn="insert-filter" filter="http-compression"
</Object>
<Object ppath="*/dummypost/sunpostpreserve*">
Service type=text/* method=(GET) fn=append_post_data
</Object>
<Object ppath="*/UpdateAgentCacheServlet*">
Service type=text/* method=(POST) fn=process_notification
</Object>
<Object name="reverse-proxy">
Service fn="service-passthrough" servers="http://sol10-dev.uname.yahoo.co.nz:8080"
</Object>
Log Messages
[22/Apr/2008:13:36:11] fine ( 4761): for host 10.112.66.87 trying to GET /amserver/, ntrans-j2ee reports: directory listing for context "/amserver"
[22/Apr/2008:13:36:11] fine ( 4761): GET requests for virtual server https-Sol9-dev-pa.uname.yahoo.co.nz can safely bypass ACL checks
[22/Apr/2008:13:36:11] fine ( 4761): for host 10.112.66.87 trying to GET /amserver/index.html, service-passthrough reports: PASS1022: passing request to http://Sol10-dev.uname.yahoo.co.nz:8080
[22/Apr/2008:13:36:11] fine ( 4761): for host 10.112.66.87 trying to GET /amserver/index.html, service-passthrough reports: PASS1037: not rewriting "Location: http://Sol9-dev.uname.yahoo.co.nz:8002/amserver/index.html" from http://Sol10-dev.uname.yahoo.co.nz:8080
[22/Apr/2008:13:36:11] fine ( 4761): for host 10.112.66.87 trying to GET /amserver/UI/Login, service-passthrough reports: PASS1022: passing request to http://Sol10-dev.uname.yahoo.co.nz:8080
[22/Apr/2008:13:36:11] fine ( 4761): for host 10.112.66.87 trying to GET /amserver/UI/Login, service-passthrough reports: PASS1037: not rewriting "Location: http://Sol10-dev.uname.yahoo.co.nz:8002/amserver/UI/Login" from http://Sol10-dev.uname.yahoo.co.nz:8080
Now i do not have anything in the reverse proxy server /amserver apart from the index.html (http://Sol9-dev.uname.yahoo.co.nz:8002/amserver/index.html)
I guess i do not need to have the same application on the reverse proxy as of the original server where i am redirecting.
Hope to find a solution soon.
Thanks for all your help.
Reagrds,

Lync Reverse Proxy Alternatives

When migrating from OCS 2007 to Lync 2010, we balked Microsoft’s recommendation to deploy Forefront Threat Management Gateway (or ISA) just to get the reverse proxy services.
TMG is way too expensive and complex for such a limited, simple use case.
I didn't find much information on what people are using as free alternatives to ISA/TMG, so I decided to post this discussion in case there are others out there who are interested.
We decided to use Apache 2.2 on Windows Server 2008 R2.
Here's how we configured it:
Read here to understand what features require a reverse proxy, and follow the steps to configure your FQDNs, Network Adapters and (maybe) obtain an SSL Certificate for the reverse proxy.
http://technet.microsoft.com/en-us/library/gg398069.aspx
Download and install the latest stable release of Apache with OpenSSL on your reverse proxy server.
http://httpd.apache.org/download.cgi
We're using the same certificate on the reverse proxy that we use on our front end server (it has the appropriate SANs), so we need to convert it to PEM format for use with Apache:
Use the Certificates MMC on your front end server to export the certificate and include the private key.
Transfer the resultant .pfx file to your reverse proxy server.
Use OpenSSL to convert your .pfx file to PEM:
openssl pkcs12 -in c:\pathto\yourcert.pfx -out c:\pathto\yourcert.pem –nodes
Separate the private key from the certificate using notepad:
Open the new .pem file and cut the text from the beginning of the file through the end of the “----END RSA PRIVATE KEY----“ tag.
Save that text to a new file named
yourcert.key.
Save
yourcert.pem, which should now only include the certificate.
Copy (or move) the certificate and private key to the Apache configuration directory. We like to use: C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\extra\ssl
for storing the certificates.
Edit httpd.conf (typically in
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf) to enable and configure the proxy and SSL features:
(See http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
for more information on each directive)
Uncomment the following lines, which will enable proxy and SSL:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
Add the following lines to configure reverse proxy behavior:
#Be a reverse proxy, not a forward proxy
ProxyRequests Off
#Accept requests from any client to any URL
<Proxy *>
Order Deny,Allow
Allow from all
</Proxy>
#Set the network buffer to improve throughput
ProxyReceiveBufferSize 4096
#Configure the Reverse Proxy to forward all requests to your front end server on 4443
ProxyPass / https://yourfrontend.domain.com:4443/
ProxyPassReverse / https://yourfrontend.domain.com:4443/
#Preserve Host Headers for Lync
ProxyPreserveHost On
Optionally, configure logging directives, bindings and server name.
Save and close httpd.conf
Edit httpd-ssl.conf (typically in conf\extra):
Configure the session cache:
Uncomment:
SSLSessionCache “dbm:C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/ssl_scache”
Comment out:
SSLSessionCache “shmcb:C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)”
Locate the <VirtualHost _default_:443> tag and configure the following:
Add the following directive:
SSLProxyEngine On
Configure the path to your SSL Certificate saved in step 3-5 above:
SSLCertificateFile “C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\extra\ssl\yourcert.pem”
Configure the path to your private key saved in step 3-5 above:
SSLCertificateKeyFile “C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\extra\ssl\yourcert.key”
Optionally, configure the SSLCACertificateFile (you can download the appropriate bundle from your CA).
Optionally, configure logging directives.
Save and close httpd-ssl.conf
Restart the Apache2.2 service
Configure public DNS records and appropriate firewall rules to allow public http/https traffic to the external interface of your reverse proxy, and to allow the internal interface of
the reverse proxy to talk to the front end Lync server on 8080 and 4443.
From an external connection, test connectivity through the reverse proxy:
Test
https://dialin.company.com (friendly URL for getting dial-in information, if you’re using voice conferencing)
Test the Lync Web App by setting up an online meeting and following the URL to join the meeting.
You can force the use of the web app by appending ?sl= to the end of the meet.company.com link.
See this for more information http://blogs.technet.com/b/jenstr/archive/2010/11/30/launching-lync-web-app.aspx
Hope this information is helpful and saves some of you some money and trouble.
Please contact me if you need further clarification or see any mistakes in my notes.
Best regards,
Kenneth Walden
Enterprise Systems Supervisor
GSD&M
Austin, TX

I'd like to thank you for this article. We were setting up Apache RP for Lync .... needless to say they weren't too excited to learn this new (and highly complex with lots of specific undocumented requirements) Microsoft product. Anyways, your
blog saved me a LOT of headache. I owe you big time.
AWESOME JOB.
-Greg
*****EDIT***
Decided to come back in there and post good information. We had issues with EXTERNAL and ANONYMOUS users being able to attend a meeting. The "DIALUP" url was working fine but the "MEETING" url was broken. On our WFE servers we were getting
the event error as below.   Turns out that our reverse proxy was not set to "PROXYPRESERVEHOST ON". Once we put that in there ALL was good.
Notice that the MEET portion was the only thing that was really broken. So, if you can get DIALUP to work, but MEET doesn't ... your RP is working to FW the 443 to the 4443 correctly but you're RP is sending the wrong HEADER. Look for
http://10.x.x.x/meet/ or soemthing in the event logs.
Log Name:      Application
Source:        ASP.NET 2.0.50727.0
Date:          11/16/2011 1:26:35 PM
Event ID:      1309
Task Category: Web Event
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      OneofMyInternalWFEservers.local
Description:
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 11/16/2011 1:26:35 PM
Event time (UTC): 11/16/2011 6:26:35 PM
Event ID: b2039ecd0a62482284030f62e1e639d8
Event sequence: 129
Event occurrence: 28
Event detail code: 0
Application information:
    Application domain: /LM/W3SVC/34578/ROOT/meet-1-129658725547585993
    Trust level: Full
    Application Virtual Path: /meet
    Application Path: C:\Program Files\Microsoft Lync Server 2010\Web Components\Join Launcher\Ext\
    Machine name: MYWFE.local
Process information:
    Process ID: 14204
    Process name: w3wp.exe
    Account name: NT AUTHORITY\NETWORK SERVICE
Exception information:
    Exception type: HttpException
    Exception message: Server cannot append header after HTTP headers have been sent.
Request information:
    Request URL:
https://FQDN:4443/meet/MyName/456456
    User host address: gatewayIP
    User:
    Is authenticated: False
    Authentication Type:
    Thread account name: NT AUTHORITY\NETWORK SERVICE
Thread information:
    Thread ID: 7
    Thread account name: NT AUTHORITY\NETWORK SERVICE
    Is impersonating: False
    Stack trace:    at System.Web.HttpHeaderCollection.SetHeader(String name, String value, Boolean replace)
   at Microsoft.Rtc.Internal.WebServicesAuthFramework.OCSAuthModule.EndRequest(Object source, EventArgs e)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Custom event details:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
    <Provider Name="ASP.NET 2.0.50727.0" />
    <EventID Qualifiers="32768">1309</EventID>
    <Level>3</Level>
    <Task>3</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2011-11-16T18:26:35.000000000Z" />
    <EventRecordID>4483</EventRecordID>
    <Channel>Application</Channel>
    <Computer>XXXXXXXXXXXXXXXXXX</Computer>
    <Security />
</System>
<EventData>
    <Data>3005</Data>
    <Data>An unhandled exception has occurred.</Data>
    <Data>11/16/2011 1:26:35 PM</Data>
    <Data>11/16/2011 6:26:35 PM</Data>
    <Data>b2039ecd0a62482284030f62e1e639d8</Data>
    <Data>129</Data>
    <Data>28</Data>
    <Data>0</Data>
    <Data>/LM/W3SVC/34578/ROOT/meet-1-129658725547585993</Data>
    <Data>Full</Data>
    <Data>/meet</Data>
    <Data>C:\Program Files\Microsoft Lync Server 2010\Web Components\Join Launcher\Ext\</Data>
    <Data>SNKXS300</Data>
    <Data>
    </Data>
    <Data>14204</Data>
    <Data>w3wp.exe</Data>
    <Data>NT AUTHORITY\NETWORK SERVICE</Data>
    <Data>HttpException</Data>
    <Data>Server cannot append header after HTTP headers have been sent.</Data>
    <Data>XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</Data>
    <Data>/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</Data>
    <Data>10.71.1.1</Data>
    <Data>
    </Data>
    <Data>False</Data>
    <Data>
    </Data>
    <Data>NT AUTHORITY\NETWORK SERVICE</Data>
    <Data>7</Data>
    <Data>NT AUTHORITY\NETWORK SERVICE</Data>
    <Data>False</Data>
    <Data>   at System.Web.HttpHeaderCollection.SetHeader(String name, String value, Boolean replace)
   at Microsoft.Rtc.Internal.WebServicesAuthFramework.OCSAuthModule.EndRequest(Object source, EventArgs e)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
</Data>
</EventData>
</Event>

Reverse proxy to applications on a server by just domain names possible?

Hi All
I am looking for a solution to set up a single server, that hosts four J2EE web applications running on a Glassfish application server with just only one IP address.
When a user wants to use an application, he/she can just type URL without specifing port and path, and the corresponding web application will be displayed accordingly as shown below
http://sub1.domain1.com -- > webapp1 at port 9100
https://sub2.domain1.com -- > webapp2 at port 9200
http://sub1.domain2.com -- > webapp3 at port 9300
https://sub2.domain2.com -- > webapp4 at port 9400
I am wandering whether I could use reverse proxy of Sun Java System Web Server 7 to route the traffic from the domain names to their own application on Glassfish as shown above? I tried by creating two HTTP listeners to listen at port 80, and 443 respectively, but I could not access different applications based on domain names without specifying specifix path or port.
Is there any recommended resources or example of the mapping, or any other suggested solution?

Thank you for your reply nsegura. I created 4 different virtual servers as you suggested and it worked :)
However, I have a problem in reverse proxy base on path.
The scenario is below
I have an J2EE application that needs to be deployed in three different environment (production, training, testing). It
is the same application for three environments, so I want them to have the same context-root. I want to use Sun Web Server 7.0 to reverse proxy to the application in each environment based on path, not URL redirect. Example of URL are shown below
https://sub.domain3.com/app -- > http://localhost:9500 (with context-root /app)
https://sub.domain3.com/training/app -- > http://localhost:9600 (with context-root /app)
https://sub.domain3.com/testing/app -- > http://localhost:9700 (with context-root /app)
So far, it works if I set context-root of the application in each environment differently
https://sub.domain3.com/app -- > http://localhost:9500 (with context-root /app)
https://sub.domain3.com/training/app -- > http://localhost:9600 (with context-root /training/app)
https://sub.domain3.com/testing/app -- > http://localhost:9700 (with context-root /testing/app)
I am wandering whether there is a solution with Sun Web Server 7 that I can use to achieve reverse proxy of the same application in different environments without having to modifying context-root for each environment and use URL redirect?
I was thinking about using rewriting path with reverse proxy, but I did not see this function under reverse proxy tab.
Any ideas?

How to configure SharePoint HNSC with a reverse proxy server so that HNSC Share Point URLs are not exposed to end users.

Could you please let me know how SharePoint HNSC can be configured with a reverse proxy server so that HNSC Share Point URLs are not exposed to end users.
In normal path based site collections/web applications, reverse proxy configuration can be done using alternate access mappings with Public URL = "proxy URL", internal = "HNSC Share Point URL" so that share point sends response back
to Public URL = "proxy URL".
In Host Named Site Collections, alternate access mappings are not supported. Each HNSC is designed to have only one URL in each zone. Zone is one of the five zones(Default,Intranet,Internet,Custom,Extranet) with each of which only one alternate
URL is associated. This is what we are able to get using power shell command "Set-SPSiteUrl", but this will not help us to get the response back to proxy URL after a request sent to share point because we could not find any mechanism in share
point HNSC to respond to a different URL(proxy URL). Consequently, Share Point URLs are exposed to external users.
Below share point article in MSDN blog is symmetrical to what we are observing with Share Point 2013 and Proxy Server. It mentions that internal HNSC URLs can’t be hidden using any proxy server. If hiding the internal Share Point URLS is a requirement,
it suggests to use a web application instead of host named site collections.
Though I’m also observing the same behavior with Share Point 2013 HNSC, Could you please confirm my understanding is correct.
http://blogs.msdn.com/b/kaevans/archive/2012/03/27/what-every-sharepoint-admin-needs-to-know-about-host-named-site-collections.aspx
Excerpt from above article-
"Host Named Site Collections Only Use One Host Name
Continuing on the discussion on AAMs and host named site collections, you cannot use multiple host names to address a site collection in SharePoint 2010. Because host-named site collections have a single URL, they do not support alternate access mappings and
are always considered to be in the Default zone. This is important if you are using a reverse proxy to provide access to external users. Products like Unified Access Gateway 2010 allow external users to authenticate to your gateway and access a site
as http://uag.sharepoint.com and forward the call to http://portal.sharepoint.com. Remember that URL rewriting is not permitted. Further, a site collection can only respond to one host name. This means if you are using a reverse proxy, it must forward the
calls to the same URL. If your networking team has a policy against exposing internal URLs externally, you must instead use web applications and extend the web application using an alternate access mapping."<u5:p></u5:p>

Hi Satish,
You are right that only one URL is allowed for each zone of the host-name site collections in both SharePoint 2010 and SharePoint 2013.
It is by design that each host-name site collection only support one URL for each zone.
The article below is about RTM version of SharePoint, and it is the same for SharePoint 2013 with the latest CU.
https://support.microsoft.com/en-us/kb/2826457
So to make the URL of HNSC not exposed to external users is not supported, you need to use path-based sites instead.
Best regards.
Thanks
TechNet Community Support
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
[email protected]

Setting up of Proxy & Reverse Proxy

hi,
I read some pdf files available in SDN for setting up of proxy and reverse proxy. I installed Apache 2.0.54, as per the apache documentation I enabled proxy and it is working fine (forward proxy)
I used the following doc as a guide line to setup reverse proxy https://websmp105.sap-ag.de/~sapidb/012006153200000364562005E/APACHE_J2EE_V14.pdf
(Page 9 of the doc refers to 2.0.31 & above)
Instead of /b2b/ I kept /irj/portal
And Sec 5.(URL Rewriting) is totally confusing. I couldn't able to find AddModule, so I added the line 'AddModule mod_proxy.c' and 'AddModule mod_rewrite.c' in httpd.conf. And I don't know where to add 'RewriteEngine On'...
After making the above changes, my apache is not starting.
Please let me know how to configure proxy/reverse proxy. If you have a screen shot please send it to hpriyag @ yahoo (dot) com.
We are using NW'04 on win2003 server and planning to use Apache. We are ok with IIS too.
Haripriya

Praveen,
I have the following configuration in my httpd.conf
For Reverse Proxy
ProxyRequests off
ProxyPreserveHost On
<VirtualHost [IP:Port]>
    DocumentRoot [ Webserver doc root, eg "C:/.../htdocs" ]
    ServerName [ Domain Name eg www.domainA.com ]
    ErrorLog logs/[Domain].com-error_log
    CustomLog logs/[Domain].com-access_log common
    RewriteEngine On
          RewriteLog logs/[Host]_unsecured_rewrite.log
          RewriteLogLevel 9 [9 is verbose for prod I prefer 1]
          <Directory />
               Options None
               AllowOverride None
          </Directory>
          RewriteRule ^/(.*)$ http://[EP Host]:[Port]/$1/ [NC,P]
          ProxyPassReverse /irj http://[EP Host]:[Port]/
</VirtualHost>
I used Apache 2.0.54 on Win2K3.
Let me know if the above config doesn't work.
Cheers,
Chandra Ganne.

Reverse Proxy More than one webgui?

To: Nick and all who use reverse proxy clients
Thanks for the hints so far.
I am stuck when trying reverse proxy more then one backend webgui. We have
a portal that takes an iview and sends all the request for backend webgui to
the reverse proxy address. This fulfills the requirement to only open up one domain address and support and manage on SSL key later on.
The /sap Rewrite tag works great for this and we pointed successfully to the EB system.
The sticky point:
How do we distinguish from one webgui server EB from another i.e BW.
We need to distinguish one incoming /sap from another.
We started with leveraging the SICF and the external URL alias that would serve up the /sap URL as /sapebd. Unfortunately the /sapebd external alias did work some but the contents of the generated page continues to reference the /sap instead of /sapebd. (Manually change it to /sapebd from a browser and the gif,.css.js etc will be served up) .
Looking for some good suggestions. (Below included sample statements)
Thanks,
Mich
</VirtualHost>
#This host is used for the meta refresh redirect page.
<VirtualHost my.domain.com:80>
ReWriteEngine On
ServerName my.domain.com:80
ProxyPreserveHost on
DocumentRoot "/var/www/html/qaroot"
DirectoryIndex index.php index.html index.htm index.shtml
ErrorLog logs/qaroot-error_log
TransferLog logs/qaroot-access_log
Portal proxy statements - one proxy all works fine
ProxyPass /irj http://portal.domain.com:50000/irj
ProxyPassReverse /irj http://portal.domain.com:50000/irj
ProxyPass /webdynpro http://portal.domain.com:50000/webdynpro
ProxyPassReverse /webdynpro http://portal.domain.com:50000/webdynpro
ProxyPass /useradmin http://portal.domain.com:50000/useradmin
ProxyPassReverse /useradmin http://portal.domain.com:50000/useradmin
ProxyPass /logon http://portal.domain.com:50000/logon
ProxyPassReverse /logon http://portal.domain.com:50000/logon
#EBD proxy statements
Try number 1 leaving it at sap and it works well to one back end system
#RewriteRule ^/sap(.*) http://ebd.domain.com:8000/sapebd/$1 [P,L,NE,QSA,R]
#ProxyPassReverse /sap http://ebd.domain.com:8000/sap
Try number 2 defined an external alias using SCIF - works a litlle
but then the webgui responds with the a lot of "/sap" references
RewriteRule ^/sapebd(.*) http://ebd.domain.com:8000/sapebd/$1 [P,L,NE,QSA,R]
ProxyPassReverse /sapebd http://ebd.domain.com:8000/sapebd
</VirtualHost>
Message was edited by: Mich Wilhelmi

hi,
>I know that is not possible to connect two different XI system to the same R/3; so, how can I manage this situation without affect the other XI?
this is not true...
there is way to use SPROXSET table for that reason
but it has to be done in a very carefull way
Regards,
Michal Krawczyk
http://mypigenie.com XI/PI FAQ

Reverse Proxy Pbm Rewriting Location

Similar Messages

Maybe you are looking for