Reverse Proxy preferred choice for PA
Hi,
we are guessing which is, from Sun experience point of view, the most reliable product to set an AM Policy Agent web container in front of Tomcat: we see various alternative: Sun Web Proxy Server in reverse mode, Sun Web Server in reverse proxy mode, Apache with mod_proxy, Apache with mod_jk, Apache with mod_ajp.
Is there any suggestion on which should be the preferred choice?
MTIA
Since there is a dedicated agent for Sun Proxy server with reverse proxy mode, so it is the preferred one.
-Subba
Similar Messages
-
Reverse proxy settings needed for exposing webservice to external world?
Hi guys,
Internal PI system have exposed a WebService endpoint URL. There is firewall point lets say it <EXT_POINT:EXT_PORT>, which is accessible from outside the company premises, with http://<EXT_POINT:EXT_PORT>/<SomeService>, then request is forwarded to the PI. However, I believe on PI system, the reverse proxy should be configured. What I shall do is to setup the HTTP mapping:
<EXT_POINT:EXT_PORT> TO <PI_SYSTEM:PI_HTTP_PORT>
and
<SomeService> TO XISOAPAdapter/MessageServlet?channel=<PARTY>:<SENDER_COMP>:<CHANNEL>
Or am I missing something in the whole picture ..?
Thanks,
LaloHi,
You don't need to setup rules for each partner or each interface. which requires lot of rule set up at reverse proxy server table. To avoid this, I would suggest to have a common rule for SOAP adapter and HTTP adapter which should be maintained in proxy server.
Let say, your webservice URL in SAP PI is something like this,
http://< PI host>:< PI port>/XISOAPAdapter/MessageServlet?channel=:<Service>:<channel name>
and reverser proxy server URL ( exposed to external world....URL should have Business servie, communication details as well)
http://< Reverse proxy server host>:< Reverse proxy server port>/XISOAPAdapter/MessageServlet?channel=:<Service>:<channel name>
then the rule should be set like,
whatever request coming from any application with http://< Reverse proxy server host>:< Reverse proxy server port>/XISOAPAdapter/ ** then route the request to http://< PI host>:< PI port>/XISOAPAdapter/**.
So the webservice request will be routed to respective interface.
The same way can be applied for HTTP.
Hope this helps.
Thanks
Rajesh
Edited by: Rajesh on Jun 23, 2010 9:52 PM -
Apache installation for reverse proxy in linux for portal
dear all,
can u please guide me where to download the openssl apache foe linux for the reverse proxy
regards
revanthGoogle is your friend...
It will take 15 seconds !
Regards,
Olivier -
Uwc behind a reverse proxy asks for internal urls
Hi,
I have an uwc on the msg store. I try to access it through a web reverse proxy, but after the login page which appeared allright, the url is transformed to a internal url which is invalid from the normal outside scope.
Is this setting a possible one, as advertised or not at all. And what would be the workaround, if any.
Thanks
Fran�oisDear Expert,
Can i know how do you config the reserve proxy to work with the uwc?
my network topology is:
machine A: uwc (https://port:443) and MEM (https://port 80) (both are running SSL)
machine B: Messaging Server (MTA and store)
machine C: ldap and Identity server
the login page is https://commexp/uwc , after login, it divide to two main session.
Mail tab - https://commexp:80
Other tab - https://commexp/uwc
How can i set the reverse proxy for this configuration?
And which proxy are you using?
Thanks a lot!
Regards,
Angus
had the same problem, fix was -
>
>
in Uwcauth.properties changes
uwcauth.identity.login.url=http://bason.blah.com:81/am
server/UI/Login
AMconfig.properties changes
com.sun.identity.server.fqdnMap[bason.blah.com]=bason.
blah.com
with the hostname (bason.blah.com) being the *uwc
server* with reverse proxy on it
for some fun have a look at the url you are directed
too - in particular the parameters on the url...
can anyone say "SECURITY HOLE"? -
Reverse Proxy More than one webgui?
To: Nick and all who use reverse proxy clients
Thanks for the hints so far.
I am stuck when trying reverse proxy more then one backend webgui. We have
a portal that takes an iview and sends all the request for backend webgui to
the reverse proxy address. This fulfills the requirement to only open up one domain address and support and manage on SSL key later on.
The /sap Rewrite tag works great for this and we pointed successfully to the EB system.
The sticky point:
How do we distinguish from one webgui server EB from another i.e BW.
We need to distinguish one incoming /sap from another.
We started with leveraging the SICF and the external URL alias that would serve up the /sap URL as /sapebd. Unfortunately the /sapebd external alias did work some but the contents of the generated page continues to reference the /sap instead of /sapebd. (Manually change it to /sapebd from a browser and the gif,.css.js etc will be served up) .
Looking for some good suggestions. (Below included sample statements)
Thanks,
Mich
</VirtualHost>
#This host is used for the meta refresh redirect page.
<VirtualHost my.domain.com:80>
ReWriteEngine On
ServerName my.domain.com:80
ProxyPreserveHost on
DocumentRoot "/var/www/html/qaroot"
DirectoryIndex index.php index.html index.htm index.shtml
ErrorLog logs/qaroot-error_log
TransferLog logs/qaroot-access_log
Portal proxy statements - one proxy all works fine
ProxyPass /irj http://portal.domain.com:50000/irj
ProxyPassReverse /irj http://portal.domain.com:50000/irj
ProxyPass /webdynpro http://portal.domain.com:50000/webdynpro
ProxyPassReverse /webdynpro http://portal.domain.com:50000/webdynpro
ProxyPass /useradmin http://portal.domain.com:50000/useradmin
ProxyPassReverse /useradmin http://portal.domain.com:50000/useradmin
ProxyPass /logon http://portal.domain.com:50000/logon
ProxyPassReverse /logon http://portal.domain.com:50000/logon
#EBD proxy statements
Try number 1 leaving it at sap and it works well to one back end system
#RewriteRule ^/sap(.*) http://ebd.domain.com:8000/sapebd/$1 [P,L,NE,QSA,R]
#ProxyPassReverse /sap http://ebd.domain.com:8000/sap
Try number 2 defined an external alias using SCIF - works a litlle
but then the webgui responds with the a lot of "/sap" references
RewriteRule ^/sapebd(.*) http://ebd.domain.com:8000/sapebd/$1 [P,L,NE,QSA,R]
ProxyPassReverse /sapebd http://ebd.domain.com:8000/sapebd
</VirtualHost>
Message was edited by: Mich Wilhelmihi,
>I know that is not possible to connect two different XI system to the same R/3; so, how can I manage this situation without affect the other XI?
this is not true...
there is way to use SPROXSET table for that reason
but it has to be done in a very carefull way
Regards,
Michal Krawczyk
http://mypigenie.com XI/PI FAQ -
Logging Client-IP on IWC behind a reverse proxy
I've a Convergence 2 configuration where IWC is contacted through a reverse proxy. The reverse proxy sets Client-IP header.
I'ld like to log that Client-IP information in IWC log.
Is this possible?
Regards.Dear Expert,
Can i know how do you config the reserve proxy to work with the uwc?
my network topology is:
machine A: uwc (https://port:443) and MEM (https://port 80) (both are running SSL)
machine B: Messaging Server (MTA and store)
machine C: ldap and Identity server
the login page is https://commexp/uwc , after login, it divide to two main session.
Mail tab - https://commexp:80
Other tab - https://commexp/uwc
How can i set the reverse proxy for this configuration?
And which proxy are you using?
Thanks a lot!
Regards,
Angus
had the same problem, fix was -
>
>
in Uwcauth.properties changes
uwcauth.identity.login.url=http://bason.blah.com:81/am
server/UI/Login
AMconfig.properties changes
com.sun.identity.server.fqdnMap[bason.blah.com]=bason.
blah.com
with the hostname (bason.blah.com) being the *uwc
server* with reverse proxy on it
for some fun have a look at the url you are directed
too - in particular the parameters on the url...
can anyone say "SECURITY HOLE"? -
ISP redundancy and reverse proxy
Greetings, community!
We have two EDGE TMG servers and two INTERNAL TMG servers.
We have two providers with two dedicated external IP addresses each.
I configure ISP Redundancy for each EDGE TMG servers with parameters:
Each EDGE TMG server has two External NIC and one Internal NIC.
EDGE 1: Provider1_IP1 and Provider2_IP1
EDGE 2: Provider1_IP2 and Provider2_IP2
ISP Connections:
Provider1 and Provider2
So, the trouble:
We have some published Web-Services, like OWA, ActiveSync, TerminalGatewayServers and others.
Also we made 4 external DNS records for each Web-Service.
For example:
mail.domain.com Provider1_IP1
mail.domain.com Provider1_IP2
mail.domain.com Provider2_IP1
mail.domain.com Provider2_IP2
If we try to connect from external to any published Web-Services, we have big delay (~ 30 sec), and then it connected.
After some tests we find that ONLY ONE EDGE TMG server is used for reverce proxy. IP Addresses from EDGE 1 is unavailable from external access. But it still works as Web-Proxy from Internal connections. Reverse-Proxy works only for EDGE 2 IP Addresses.
If we shutdown EDGE 2 TMG server, then Reverse-Proxy for EDGE 1 IP addresses are works correctly.
Why all 4 my external IP addresses are not works for reverse-proxy? Only 2 from one of my EDGE servers.So, I still try to solve my problem...
When I try to connect from External to one of my EDGE1 IP addresses, I got these logs:
LOGS on DMZ server (EDGE1):
Failed Connection Attempt DMZ-TMG-01 21.07.2014 11:27:40
Log type: Firewall service
Status: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Rule: Publish TMGBE HTTP
Source: External (77.73.111.194:3427)
Destination: Internal (172.16.0.100:80)
Protocol: HTTP Server
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 21000ms Original Client IP: 77.73.111.194
LOGS on INTERNAL server:
Initiated Connection BLK-TMG-02 21.07.2014 11:27:20
Log type: Firewall service
Status: The operation completed successfully.
Source: External (77.73.111.194:3427)
Destination: Local Host (172.16.0.100:80)
Protocol: HTTP
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: 77.73.111.194
Closed Connection BLK-TMG-02 21.07.2014 11:27:40
Log type: Firewall service
Status: A connection was abortively closed after one of the peers sent an RST packet.
Source: External (77.73.111.194:3427)
Destination: Local Host (172.16.0.100:80)
Protocol: HTTP
Additional information
Number of bytes sent: 304 Number of bytes received: 192
Processing time: 20281ms Original Client IP: 77.73.111.194
When I try to connect my EDGE2 server external IP addresses, then:
LOGS on DMZ server (EDGE2):
Initiated Connection DMZ-TMG-02 21.07.2014 11:57:17
Log type: Firewall service
Status: The operation completed successfully.
Rule: Publish TMGBE HTTP
Source: External (77.73.111.194:3429)
Destination: Internal (172.16.0.100:80)
Protocol: HTTP Server
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: 77.73.111.194
Closed Connection DMZ-TMG-02 21.07.2014 11:57:17
Log type: Firewall service
Status: A connection was gracefully closed in an orderly shutdown process with a three-way FIN-initiated handshake.
Rule: Publish TMGBE HTTP
Source: External (77.73.111.194:3429)
Destination: Internal (172.16.0.100:80)
Protocol: HTTP Server
Additional information
Number of bytes sent: 534 Number of bytes received: 146
Processing time: 203ms Original Client IP: 77.73.111.194
Then traffic was redirected to HTTPS:
Initiated Connection DMZ-TMG-02 21.07.2014 11:57:17
Log type: Firewall service
Status: The operation completed successfully.
Rule: Publish TMGBE HTTPS
Source: External (77.73.111.194:3430)
Destination: Internal (172.16.0.100:443)
Protocol: HTTPS Server
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: 77.73.111.194
LOGS on INTERNAL server:
Failed Connection Attempt BLK-TMG-02 21.07.2014 11:57:17
Log type: Web Proxy (Reverse)
Status: 12311 The page must be viewed over a secure channel (Secure Sockets Layer (SSL)). Contact the server administrator.
Rule: Publish OWA
Source: External (77.73.111.194:3429)
Destination: Local Host (172.16.0.100:80)
Request: GET http://mail.domain.com/
Filter information: Req ID: 0a314138; Compression: client=Yes, server=No, compress rate=0% decompress rate=0%
Protocol: http
User: anonymous
Additional information
Client agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Object source: (No source information is available.)
Cache info: 0x0
Processing time: 1 MIME type:
It's OK, because IIS require SSL. Then:
Initiated Connection BLK-TMG-02 21.07.2014 11:57:18
Log type: Firewall service
Status: The operation completed successfully.
Source: External (77.73.111.194:3429)
Destination: Local Host (172.16.0.100:80)
Protocol: HTTP
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: 77.73.111.194
Closed Connection BLK-TMG-02 21.07.2014 11:57:18
Log type: Firewall service
Status: A connection was gracefully closed in an orderly shutdown process with a three-way FIN-initiated handshake.
Source: External (77.73.111.194:3429)
Destination: Local Host (172.16.0.100:80)
Protocol: HTTP
Additional information
Number of bytes sent: 786 Number of bytes received: 318
Processing time: 15ms Original Client IP: 77.73.111.194
And HTTPS:
Allowed Connection BLK-TMG-02 21.07.2014 11:57:17
Log type: Web Proxy (Reverse)
Status: 302 Moved Temporarily
Rule: Publish OWA
Source: External (77.73.111.194:3430)
Destination: Local Host (10.1.200.129:443)
Request: GET http://mail.domain.com/
Filter information: Req ID: 0a31413a; Compression: client=Yes, server=No, compress rate=0% decompress rate=0%
Protocol: https
User: anonymous
Additional information
Client agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Object source: Internet (Source is the Internet. Object was added to the cache.)
Cache info: 0x40000000 (Response should not be cached.)
Processing time: 1 MIME type: text/html; charset=UTF-8
I can't understand the difference between there servers. If I shutdown EDGE2, the Publishing will work fine through EDGE1. -
TMG is dead, now which Reverse Proxy?
Hi, now that Forefront TMG is discontinued, what is the Microsoft recommended reverse proxy to use for Lync 2010 and 2013?
Is MS going to create a guide for this?Hi,
There is no hard requirement to use TMG or ISA for Lync. Any reverse proxy that can meet the requirements for publishing the necessary resource locations can be used. TMG just as one of the possible options.
Kent Huang
TechNet Community Support -
Reverse Proxy Settings.
Hi Friends,
We have setup our DMZ using 238276.1 this note for iRecruitment.
We are now thinking to use Reverse Proxy.
Below was the step which we skipped in note related to configuration of reverse proxy.
5.5.1: Update Oracle E-Business Suite Applications Context File
On the external Oracle E-Business Suite web node, run the AutoConfig Context Editor as documented in the Oracle MetaLink Note 165195.1
"Using AutoConfig to Manage System Configurations with Oracle Applications 11i". In the Context Detail screen, set the following
configuration values:
l set the webentry point, s_webentryhost, to the reverse proxy server.
l set the webentry domain, s_webentrydomain, to the domain name of the reverse proxy server.
l set the active webport, s_active_webport, to the port where the reverse proxy server listen for client requests. For example port 80 for
HTTP or 443 for HTTPS.
l set the webentry protocol, s_webentryurlprotocol, to the protocol value the clients use to access the reverse proxy server.
l set the login page, s_login_page, to <webentry protocol>://<webentry point>.<webentry domain>:<active webport>. Replace
<webentry protocol>, <webentry point>, <webentry domain>, and <active webport> with their respective values.
My doubt is, Our unix admin directly can configure one external web site like
https://irecrutment.xcompnay.com which can directly re-route to our external web server in DMZ for iRecruit Page.
Then what is the significant of these settings ? Can we not achieve this thing without
setting these things ?
Regards,
Jagjeet SinghYes it sounds like a reverse proxy would help you out, however Apple no longer provide a (built-in) means to set one up in Server.app, you might be able to manually set one up in Apache but a better option would be to install a copy of Nginx and use that instead for your reverse-proxy server.
-
Configure reverse proxy using Apache 2.2.15
Dear Experts,
I am in the process of configuring reverse proxy for my portal so that ppl outside the network can access my servers.
We are on SUSE Linux 10 SP2, installed Apache 2.2.15 and started apache successfully.
When i run command ps -ef | grep httpd, i get list of processes that are running.
But when i open mozilla on the server where i installed apache and type http://myhost.domian.com:8080 it doesnt display any screen.
I still assume that my apache is running. Please correct me on the above.
Now i have configured my httpd.conf based on help.sap.com and various threads on sdn and it looks something like below
====================================================================================================
ProxyPass /irj http://myhost.mydomian.com:50100/irj/
ProxyPassReverse /irj http://myhost.mydomian.com:50100/irj/
ProxyPreserveHost On
#####################################r Reverse Proxy
ProxyRequests off
ProxyPreserveHost On
<VirtualHost 172.XXX.XX.XX:80>
#DocumentRoot Webserver doc root, eg "C:/.../htdocs"
#ServerName <http:// Domain Name eg www.domainA.com >
#ErrorLog logs/Domain.com-error_log
#CustomLog logs/Domain.com-access_log common
(Commented the above lines as i did not understand what i need them for.. please help on the above)
RewriteEngine On
RewriteLog logs/myhost_unsecured_rewrite.log
RewriteLogLevel 9
<Directory />
Options None
AllowOverride None
</Directory>
RewriteRule ^/(.*)$ http://myhost.mydomian.com:50100/$irj1/ NC,P
ProxyPassReverse /irj http://myhost.mydomian.com:50100/
</VirtualHost>
With the above configuration will i be able to acheive my goal of using this server as my reverse proxy and also for redirecting the host name.
Please help me on the above
Thanks and regards
HunkyIf you search for "reverse proxy apache" you'll find quite lots of resources (blogs, articles) here on the SDN.
You may start with
FEATURED EVENTS
Markus -
I have an Oracle Portal installation behind a reverse proxy with Portal on 1 server, SSO/OID on another server, and the database on a 3rd server.
Portal works fine, but Omniportlet and Webclipping are using the server name and port for the Portal server and not the reverse proxy URL. The Portal server name and port are, of course, not accessible to users.
There is no proxy between the Portal and the database.Originally Posted by ghuertae
Hi.. I have one server with one IP internal 10.x.x.x with reverse proxy to one ip public 159.x.x.x why ?? because we need that server can be used for public and internal users.
For example user external had a server 200.x.x.x and they need connect to my server 159.x.x.x to diferente ports like 8020, 8000 and the port 22 (ssh)
With the port 8000 and 8020 no problem they can connect.. but with 22 port
I did the next filter in my border manager 3.8 (novell 6.0)
Src Interface : ALL
Dest Interface : ALL
Packet Type: ssh (default 22)
Src Port: ALL
Protocol: TCP
Dest Port: 22
Src Add Type: Host
Src IP Add: 200.X.X.X
Dest Add Type: Host
Dest IP Add: 159.X.X.X
and
Src Interface : ALL
Dest Interface : ALL
Packet Type: ssh2 (default 22)
Src Port: 22
Protocol: TCP
Dest Port: ALL
Src Add Type: Host
Src IP Add: 159.X.X.X
Dest Add Type: Host
Dest IP Add: 200.X.X.X
In the server BorderManager setup "Aceleration -> Http Aceleration" I put WeB server port 22 / Named IP Address ip internal and in Proxy IP Addr the ip Public.
If i did a Tel 159.X.X.X 22 I can connect, but if use a program putty �
ssh 159.X.X.X commad i can not connect..!!!
Is there an error in my filter? o is there something else that i have to do ?
thanks a lot.
ok the solution that i find is... use the reverse proxy and Nat for the same ip and it works fine.
I can access to ssh without problem..! -
Doubts regarding reverse proxy in DMZ
Hi,
We are going to implement DMZ in a test environment following the metalink note:287176.1.
We have two sun servers so we have chosen Section 2.2(Fig 4) of 287176.1 as our deployment architecture.
The steps we are going to follow are:
1.Install Oracle Applications 11.5.10.2 in internal server.
2.Clone the application to external server.
3.Open the following ports:
80,443 in the external firewall and 1521 in the data firewall.
4.Follow steps from section 5.1,5.2,5.3,5.4 of 287176.1.
5.Configure the URL firewal specific to the product that we want to expose for external use.
Can someone please validate the above steps.
Also please clarify the following doubts:
1.Do we need a seperate external URL and domain to access the application from internet??
If yes then this domain and URL mapping is done in which configuration file??
2.Do we need to set up a reverse proxy server also for this architecture?If yes then is it necessary to deploy another reverse proxy server in front of external web server?
Cant we configure the external web tier itself as reverse proxy??
If yes then,how do we do it using 9iAS shipped with EBS...as we dont want to use standalone Apache for this and the document 287176.1 describes the steps to use a standalone Apache in section.(.Appendix D)..
Please help...
We have been given a time frame and limited resources to implement this POC.So a response is highly appreciated..
Thanks
ex:External URL:We have two sun servers so we have chosen Section 2.2(Fig 4) of 287176.1 as our deployment architecture.If you chose the above configuration there is no reverse proxy setup.
1.Do we need a seperate external URL and domain to access the application >>from internet?? If yes then this domain and URL mapping is done in which >>configuration file??The changes are done on the external web tier in the application context file. (s_webentryhost - set to DMZ host name
s_webentrydomain - domain name of DMZ host
s_active_webport - port where the host will listen to requests
s_webentyurlprotocol - http or https according to your configuration
s_login_page - http(s)://webentypoint:webentrydomain:activewebport )
2.Do we need to set up a reverse proxy server also for this architecture?Again section 2.2 does not require a reverse proxy only external webhost
Please remember that the external host in DMZ runs only webtier. All the other services should be disabled.
If yes then,how do we do it using 9iAS shipped with EBSClone the AppsTier to external host. Edit the context file and disable all the processes except
<oa_process_status oa_var="s_apcstatus">enabled</oa_process_status>
Then you have a webtier running without standalone Apache.
I have recently finished configuring this setup.
Message was edited by:
bhetaal -
Reverse proxy redirecting not proxying
I'm having trouble getting a reverse proxy to work as I expected it to.
Scenario;
Webserver 7 u 3 installed on host1.domain.com, instance listening on 8080
Reverse proxy point configured for /agentsample -> http://host2.otherdomain.com:8080
Now when I go to http://host1.domain.com:8080/agentsample two redirects occur, first is back to itself, then a second redirect to http://host2.otherdimain.com:8080/agentsample. This is where I have a problem, why am I being redirected, and not proxied?
Furthermore, if I set the webserver7 up to be on port 80, crate a proxy for /agentsampe -> http://host2.otherdomain.com:8080 and then browse to http://host1.domain.com/agentsample I get redirected to http://host2.otherdomain.com/agentsample (which won't connect).
So, does anyone know why this isn't working? I have other proxy points configed on host2.domain.com /idm -> http://host3.otherdomain.com:8202 for example, it works as expected, browsing to http://host2.domain.com:8080/idm gives me the page contect from host2.otherdomain.com but with the host2.domain.com URL - true proxying, no redirects.
Any assistance appreciated.hi there,
i'm getting the same redirecting behaviour with web server 7, update 3.
the obj.conf says:
<Object name="default">
AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
NameTrans fn="ntrans-j2ee" name="j2ee"
NameTrans fn="pfx2dir" from="/mc-icons" dir="/opt/sun/webserver7/lib/icons" name="es-internal"
PathCheck fn="uri-clean"
PathCheck fn="check-acl" acl="default"
PathCheck fn="find-pathinfo"
PathCheck fn="find-index-j2ee"
PathCheck fn="find-index" index-names="index.html,home.html,index.jsp"
PathCheck fn=validate_session_policy
ObjectType fn="type-j2ee"
ObjectType fn="type-by-extension"
ObjectType fn="force-type" type="text/plain"
Service method="(GET|HEAD)" type="magnus-internal/directory" fn="index-common"
Service method="(GET|HEAD|POST)" type="*~magnus-internal/*" fn="send-file"
Service method="TRACE" fn="service-trace"
Error fn="error-j2ee"
AddLog fn="flex-log"
</Object>
<Object name="j2ee">
Service fn="service-j2ee" method="*"
</Object>
<Object name="es-internal">
PathCheck fn="check-acl" acl="es-internal"
</Object>
<Object name="cgi">
ObjectType fn="force-type" type="magnus-internal/cgi"
Service fn="send-cgi"
</Object>
<Object name="send-precompressed">
PathCheck fn="find-compressed"
</Object>
<Object name="compress-on-demand">
Output fn="insert-filter" filter="http-compression"
</Object>and the instance specific obj.conf says: ( with additions from the opensso web agent )
<Object name="default">
AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
NameTrans fn="ntrans-j2ee" name="j2ee"
NameTrans fn="pfx2dir" from="/mc-icons" dir="/opt/sun/webserver7/lib/icons" name="es-internal"
NameTrans fn="map" from="/testapp" name="reverse-proxy-/testapp" to="http:/testapp"
PathCheck fn="uri-clean"
PathCheck fn="check-acl" acl="default"
PathCheck fn="find-pathinfo"
PathCheck fn="find-index-j2ee"
PathCheck fn="find-index" index-names="index.html,home.html,index.jsp"
PathCheck fn="validate_session_policy"
ObjectType fn="type-j2ee"
ObjectType fn="type-by-extension"
ObjectType fn="force-type" type="text/plain"
Service method="(GET|HEAD)" type="magnus-internal/directory" fn="index-common"
Service method="(GET|HEAD|POST)" type="*~magnus-internal/*" fn="send-file"
Service method="TRACE" fn="service-trace"
Error fn="error-j2ee"
AddLog fn="flex-log"
</Object>
<Object name="j2ee">
Service fn="service-j2ee" method="*"
</Object>
<Object name="es-internal">
PathCheck fn="check-acl" acl="es-internal"
</Object>
<Object name="cgi">
ObjectType fn="force-type" type="magnus-internal/cgi"
Service fn="send-cgi"
</Object>
<Object name="send-precompressed">
PathCheck fn="find-compressed"
</Object>
<Object name="compress-on-demand">
Output fn="insert-filter" filter="http-compression"
</Object>
<Object ppath="http:*">
Service fn="proxy-retrieve" method="*"
</Object>
<Object ppath="*/UpdateAgentCacheServlet*">
Service type="text/*" method="(POST)" fn="process_notification"
</Object>
<Object ppath="*/dummypost/sunpostpreserve*">
Service type="text/*" method="(GET)" fn="append_post_data"
</Object>
<Object name="reverse-proxy-/testapp">
Route fn="set-origin-server" server="sunagent.mydomain.com:8080"
</Object>the behaviour can be observed thusly in the http headers ( thank you livehttpheaders firefox plugin..)
http://sunproxy.mydomain.com/testapp/index.html
GET /testapp/index.html HTTP/1.1
Host: sunproxy.mydomain.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc9 Firefox/3.0.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
HTTP/1.x 302 Moved Temporarily
Server: Sun-Java-System-Web-Server/7.0
Date: Wed, 26 Nov 2008 06:49:09 GMT
Location: http://sunsso.mydomain.com:80/opensso/UI/Login?goto=http%3A%2F%2Fsunproxy.mydomain.com%3A80%2Ftestapp%2Findex.html
Content-Length: 0
http://sunsso.mydomain.com/opensso/UI/Login?goto=http%3A%2F%2Fsunproxy.mydomain.com%3A80%2Ftestapp%2Findex.html
GET /opensso/UI/Login?goto=http%3A%2F%2Fsunproxy.mydomain.com%3A80%2Ftestapp%2Findex.html HTTP/1.1
Host: sunsso.mydomain.com:80
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc9 Firefox/3.0.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
HTTP/1.x 200 OK
Date: Wed, 26 Nov 2008 06:53:00 GMT
Cache-Control: private
Pragma: no-cache
Expires: 0
X-DSAMEVersion: 8.0 (2008-July-21 07:32)
AM_CLIENT_TYPE: genericHTML
Set-Cookie: AMAuthCookie=AQIC5wM2LY4SfcyANye01dpdxmpwm4JviJusoORmambL5kU%3D%40AAJTSQACMDE%3D%23; Domain=.mydomain.com; Path=/
Set-Cookie: amlbcookie=01; Domain=.mydomain.com; Path=/
Set-Cookie: JSESSIONID=D33E12C33D3B30A0905FFCA1A4D77561; Path=/opensso
Content-Type: text/html;charset=UTF-8
Connection: close
Transfer-Encoding: chunked
http://sunsso.mydomain.com/opensso/UI/Login?AMAuthCookie=AQIC5wM2LY4SfcyANye01dpdxmpwm4JviJusoORmambL5kU%3D%40AAJTSQACMDE%3D%23
POST /opensso/UI/Login?AMAuthCookie=AQIC5wM2LY4SfcyANye01dpdxmpwm4JviJusoORmambL5kU%3D%40AAJTSQACMDE%3D%23 HTTP/1.1
Host: sunsso.mydomain.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc9 Firefox/3.0.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://sunsso.mydomain.com/opensso/UI/Login?goto=http%3A%2F%2Fsunproxy.mydomain.com%3A80%2Ftestapp%2Findex.html
Cookie: JSESSIONID=D33E12C33D3B30A0905FFCA1A4D77561; AMAuthCookie=AQIC5wM2LY4SfcyANye01dpdxmpwm4JviJusoORmambL5kU%3D%40AAJTSQACMDE%3D%23; amlbcookie=01
Content-Type: application/x-www-form-urlencoded
Content-Length: 193
IDToken0=&IDToken1=amp_business_manager&IDToken2=amp_business_manager&IDButton=Log+In&goto=aHR0cDovL3N1bnByb3h5LnRob3VnaHR3b3Jrcy5jb206ODAvdGVzdGFwcC9pbmRleC5odG1s&encoded=true&gx_charset=UTF-8
HTTP/1.x 302 Moved Temporarily
Date: Wed, 26 Nov 2008 06:53:13 GMT
Cache-Control: private
Pragma: no-cache
Expires: 0
X-DSAMEVersion: 8.0 (2008-July-21 07:32)
AM_CLIENT_TYPE: genericHTML
X-AuthErrorCode: 0
Set-Cookie: iPlanetDirectoryPro=AQIC5wM2LY4SfcyANye01dpdxmpwm4JviJusoORmambL5kU%3D%40AAJTSQACMDE%3D%23; Domain=.mydomain.com; Path=/
Set-Cookie: AMAuthCookie=LOGOUT; Domain=.mydomain.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Location: http://sunproxy.mydomain.com:80/testapp/index.html
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8
http://sunproxy.mydomain.com/testapp/index.html
GET /testapp/index.html HTTP/1.1
Host: sunproxy.mydomain.com:80
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc9 Firefox/3.0.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://sunsso.mydomain.com/opensso/UI/Login?goto=http%3A%2F%2Fsunproxy.mydomain.com%3A80%2Ftestapp%2Findex.html
Cookie: amlbcookie=01; iPlanetDirectoryPro=AQIC5wM2LY4SfcyANye01dpdxmpwm4JviJusoORmambL5kU%3D%40AAJTSQACMDE%3D%23
HTTP/1.x 302 Moved Temporarily
Server: Sun-Java-System-Web-Server/7.0
Date: Wed, 26 Nov 2008 06:49:22 GMT
Location: http://sunagent.mydomain.com:80/testapp/index.html
Content-Length: 0
Via: 1.1 https-sunproxy.mydomain.com
Proxy-agent: Sun-Java-System-Web-Server/7.0
http://sunagent.mydomain.com/testapp/index.html
GET /testapp/index.html HTTP/1.1
Host: sunagent.mydomain.com:80
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc9 Firefox/3.0.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://sunsso.mydomain.com/opensso/UI/Login?goto=http%3A%2F%2Fsunproxy.mydomain.com%3A80%2Ftestapp%2Findex.html
Cookie: amlbcookie=01; iPlanetDirectoryPro=AQIC5wM2LY4SfcyANye01dpdxmpwm4JviJusoORmambL5kU%3D%40AAJTSQACMDE%3D%23
HTTP/1.x 200 OK
Date: Wed, 26 Nov 2008 06:53:44 GMT
Set-Cookie: JSESSIONID=68F78AD040184A4F9368D636243B2C70; Path=/testapp
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 3687
Connection: close
http://sunagent.mydomain.com/testapp/images/banner.jpg;jsessionid=68F78AD040184A4F9368D636243B2C70
GET /testapp/images/banner.jpg;jsessionid=68F78AD040184A4F9368D636243B2C70 HTTP/1.1
Host: sunagent.mydomain.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc9 Firefox/3.0.4
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://sunagent.mydomain.com/testapp/index.html
Cookie: JSESSIONID=68F78AD040184A4F9368D636243B2C70; amlbcookie=01; iPlanetDirectoryPro=AQIC5wM2LY4SfcyANye01dpdxmpwm4JviJusoORmambL5kU%3D%40AAJTSQACMDE%3D%23
HTTP/1.x 200 OK
Date: Wed, 26 Nov 2008 06:53:45 GMT
Etag: W/"49462-1226285588000"
Last-Modified: Mon, 10 Nov 2008 02:53:08 GMT
Content-Type: image/jpeg
Content-Length: 49462
Connection: close
http://sunagent.mydomain.com/favicon.ico
GET /favicon.ico HTTP/1.1
Host: sunagent.mydomain.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc9 Firefox/3.0.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: amlbcookie=01; iPlanetDirectoryPro=AQIC5wM2LY4SfcyANye01dpdxmpwm4JviJusoORmambL5kU%3D%40AAJTSQACMDE%3D%23
HTTP/1.x 404 Not Found
Date: Wed, 26 Nov 2008 06:53:48 GMT
Set-Cookie: JSESSIONID=1A8BE19023EF620D6822C0DABCEEF838; Path=/
Content-Type: text/html;charset=utf-8
Content-Length: 988
Connection: close
---------------------------------------------------------- -
Performing reverse proxy re-directs and re-writes depending on case of url
Hi,
I have a front-end v6.1 SP6 web server running on Windows that hosts a public facing web site as well as re-directs specific folder urls to back-end applications hosted on Linux based application servers.
I need to perform proxy re-directs and / or url re-writes depending on the case-sensitivity of the url requested from the Windows hosted web server.
i.e. There is a back-end application with the internal url http://abc.internal.com/ABC, which importantly will not serve pages from http://abc.internal.com/abc
So what I need is:
www.external.com/ABC -- proxy redirect --> abc.internal.com/ABCwhereas
www.exernal.com/abc -- rewrite --> www.external.com/ABC -- proxy redirect --> abc.internal.com/ABCWhat I have so far will provide the reverse proxy re-write for /ABC:
<Object name="default">
NameTrans fn="assign-name" from="/ABC(|/*)" name="abc.internal.com"
</Object>
<Object name="abc.internal.com" 2=">">
ObjectType fn="force-type" type="magnus-internal/passthrough"
Service fn="service-passthrough" servers="http://191.168.1.10:80"
</Object>However, this will also reverse proxy requests for /abc which will return an error from the internal app server. So, is it possible to perform a case-sensitive dependent re-write / redirection on v6.1 on Windows?
N.b. I realise that the back-end application could be modified to handle both upper and lower case requests but that is not an option here.
Thanks for your help.I can't think of an easy way to do what you want. On Windows, Web Server treats URIs and paths as case insensitive, so there's no obvious way to treat /ABC differently than /abc.
I do see a few options. Unfortunately, they're all relatively complicated:
a) Write an NSAPI plugin
b) Write a Servlet filter
c) Use Sun Java System Web Server 7.0
If you switch to 7.0, you can use case-sensitive regular expressions:<If $uri =~ '^/ABC/?'>
NameTrans fn="assign-name" name="abc.internal.com"
</If> -
CSM, Reverse Proxy, and Sticky
First, here is a diagram of my setup:
CSM w/VIP for Front-End Web Servers (acting as Authorization and Reverse Proxy)
|
SSL Module for termination of HTTPS traffic
|
Front-End Web Servers
|
CSM w/VIP for Back-end Web Servers
|
Back-end Web Servers
What I need a way to do is to ensure that users gets to the same Back-end Web Server for their entire session. The Front-End Web Servers act as a Reverse Proxy for all requests going to the Back-End Web Servers and are configured to send requests to the VIP for the Back-End Web Servers.Gilles,
Thanks for the response. This is https traffic for the user, but from the Front-End to the Back-End it's just http. Unfortunately it's SAP so it's not a normal HTTP Back-end that can generate cookies. Currently I am only running 3.1(7). What is the status of the 4.1 train? Being new I am concerned about utilizing this level. What has been the experience of customers on this code level in the field?
Maybe you are looking for
-
What's the simplest way to export a single frame from an animated gif as gif?
i have an animated gif and wish to save a single frame as a non-animated gif. in the past i've been achieving this by deleting all the frames i don't wish to export and deleting them before exerting, this seems very clumsy though so i figure there's
-
Using ITunes Store with Windows Vista
I seem to be having a problem with downloading my songs. I keep receiving an error message (err. 3259) and I have already paid for my downloads. Now what?
-
Exporting Data from Essbase to Excel
Hi All, We are using classic planning application developed in Hyperion 11.1.2.2. Is there any way that we can export data from Essbase to Excel (Please note that i don't want to do it on server machine where essbase is installed, instead i want it o
-
Blue boxes with question marks, Need help
In safari i am constantly getting blue boxes with question marks in them, replacing images. These boxes are showing up on tumblr, forums, facebook and other places. I need help fixing it please.
-
1mb L3 not regonized on 733mHz CPU
I decided to upgrade my mac for really cheap. I went from a 533mHz CPU to a 733mHz, both out of Digital Audio G4s. I installed the new CPU and the L3 showed up, but it then froze when I was benchmarking it and I had to reboot. Then the Mac would boot