Reverse Proxy preferred choice for PA

Similar Messages

• Reverse proxy settings needed for exposing webservice to external world?

  Hi guys,
  Internal PI system have exposed a WebService endpoint URL. There is firewall point lets say it <EXT_POINT:EXT_PORT>, which is accessible from outside the company premises, with http://<EXT_POINT:EXT_PORT>/<SomeService>, then request is forwarded to the PI. However, I believe on PI system, the reverse proxy should be configured. What I shall do is to setup the HTTP mapping:
  <EXT_POINT:EXT_PORT> TO <PI_SYSTEM:PI_HTTP_PORT>
  and
  <SomeService> TO XISOAPAdapter/MessageServlet?channel=<PARTY>:<SENDER_COMP>:<CHANNEL>
  Or am I missing something in the whole picture ..?
  Thanks,
  Lalo

  Hi,
  You don't need to setup rules for each partner or each interface. which requires lot of rule set up at reverse proxy server table. To avoid this, I would suggest to have a common rule for SOAP adapter and HTTP adapter which should be maintained in proxy server.
  Let say, your webservice URL in SAP PI is something like this,
  http://< PI host>:< PI port>/XISOAPAdapter/MessageServlet?channel=:<Service>:<channel name>
  and reverser proxy server URL ( exposed to external world....URL should have Business servie, communication details as well)
  http://< Reverse proxy server host>:< Reverse proxy server port>/XISOAPAdapter/MessageServlet?channel=:<Service>:<channel name>
  then the rule  should be set like,
  whatever request coming from any application with  http://< Reverse proxy server host>:< Reverse proxy server port>/XISOAPAdapter/ ** then route the request to http://< PI host>:< PI port>/XISOAPAdapter/**.
  So the webservice request will be routed to respective interface.
  The same way can be applied for HTTP.
  Hope this helps.
  Thanks
  Rajesh
  Edited by: Rajesh on Jun 23, 2010 9:52 PM

• Apache installation for reverse proxy in linux for portal

  dear all,
  can u please guide me where to download the openssl apache foe linux for the reverse proxy
  regards
  revanth

  Google is your friend...
  It will take 15 seconds !
  Regards,
  Olivier

• Uwc behind a reverse proxy asks for internal urls

  Hi,
  I have an uwc on the msg store. I try to access it through a web reverse proxy, but after the login page which appeared allright, the url is transformed to a internal url which is invalid from the normal outside scope.
  Is this setting a possible one, as advertised or not at all. And what would be the workaround, if any.
  Thanks
  Fran�ois

  Dear Expert,
  Can i know how do you config the reserve proxy to work with the uwc?
  my network topology is:
  machine A: uwc (https://port:443) and MEM (https://port 80) (both are running SSL)
  machine B: Messaging Server (MTA and store)
  machine C: ldap and Identity server
  the login page is https://commexp/uwc , after login, it divide to two main session.
  Mail tab - https://commexp:80
  Other tab - https://commexp/uwc
  How can i set the reverse proxy for this configuration?
  And which proxy are you using?
  Thanks a lot!
  Regards,
  Angus
  had the same problem, fix was -
  >
  >
  in Uwcauth.properties changes
  uwcauth.identity.login.url=http://bason.blah.com:81/am
  server/UI/Login
  AMconfig.properties changes
  com.sun.identity.server.fqdnMap[bason.blah.com]=bason.
  blah.com
  with the hostname (bason.blah.com) being the *uwc
  server* with reverse proxy on it
  for some fun have a look at the url you are directed
  too - in particular the parameters on the url...
  can anyone say "SECURITY HOLE"?

• Reverse Proxy More than one webgui?

  To: Nick and all who use reverse proxy clients
  Thanks for the hints so far.
  I am stuck when trying reverse proxy more then one backend webgui. We have
  a portal that takes an iview and sends all the request for backend webgui to
  the reverse proxy address. This fulfills the requirement to only open up one domain address and support and manage on SSL key later on.
  The /sap Rewrite tag works great for this and we pointed successfully to the EB system.
  The sticky point:
  How do we distinguish from one webgui server EB from another i.e BW.
  We need to distinguish one incoming /sap from another.
  We started with leveraging the SICF and the external URL alias that would serve up the /sap URL as /sapebd. Unfortunately the /sapebd external alias did work some but the contents of the generated page continues to reference the /sap instead of /sapebd. (Manually change it to /sapebd from a browser and the gif,.css.js etc will be served up) .
  Looking for some good suggestions. (Below included sample statements)
  Thanks,
  Mich
  </VirtualHost>
  #This host is used for the meta refresh redirect page.
  <VirtualHost my.domain.com:80>
  ReWriteEngine On
  ServerName my.domain.com:80
  ProxyPreserveHost on
  DocumentRoot "/var/www/html/qaroot"
  DirectoryIndex index.php index.html index.htm index.shtml
  ErrorLog logs/qaroot-error_log
  TransferLog logs/qaroot-access_log
  Portal proxy statements - one proxy all works fine
  ProxyPass /irj http://portal.domain.com:50000/irj
  ProxyPassReverse /irj http://portal.domain.com:50000/irj
  ProxyPass /webdynpro http://portal.domain.com:50000/webdynpro
  ProxyPassReverse /webdynpro http://portal.domain.com:50000/webdynpro
  ProxyPass /useradmin http://portal.domain.com:50000/useradmin
  ProxyPassReverse /useradmin http://portal.domain.com:50000/useradmin
  ProxyPass /logon http://portal.domain.com:50000/logon
  ProxyPassReverse /logon http://portal.domain.com:50000/logon
  #EBD proxy statements
  Try number 1 leaving it at sap and it works well to one back end system
  #RewriteRule ^/sap(.*) http://ebd.domain.com:8000/sapebd/$1 [P,L,NE,QSA,R]
  #ProxyPassReverse /sap http://ebd.domain.com:8000/sap
  Try number 2 defined an external alias using SCIF - works a litlle
  but then the webgui responds with the a lot of "/sap" references
  RewriteRule ^/sapebd(.*) http://ebd.domain.com:8000/sapebd/$1 [P,L,NE,QSA,R]
  ProxyPassReverse /sapebd http://ebd.domain.com:8000/sapebd
  </VirtualHost>
  Message was edited by: Mich Wilhelmi

  hi,
  >I know that is not possible to connect two different XI system to the same R/3; so, how can I manage this situation without affect the other XI?
  this is not true...
  there is way to use SPROXSET table for that reason
  but it has to be done in a very carefull way
  Regards,
  Michal Krawczyk
  http://mypigenie.com XI/PI FAQ

• Logging Client-IP on IWC behind a reverse proxy

  I've a Convergence 2 configuration where IWC is contacted through a reverse proxy. The reverse proxy sets Client-IP header.
  I'ld like to log that Client-IP information in IWC log.
  Is this possible?
  Regards.

  Dear Expert,
  Can i know how do you config the reserve proxy to work with the uwc?
  my network topology is:
  machine A: uwc (https://port:443) and MEM (https://port 80) (both are running SSL)
  machine B: Messaging Server (MTA and store)
  machine C: ldap and Identity server
  the login page is https://commexp/uwc , after login, it divide to two main session.
  Mail tab - https://commexp:80
  Other tab - https://commexp/uwc
  How can i set the reverse proxy for this configuration?
  And which proxy are you using?
  Thanks a lot!
  Regards,
  Angus
  had the same problem, fix was -
  >
  >
  in Uwcauth.properties changes
  uwcauth.identity.login.url=http://bason.blah.com:81/am
  server/UI/Login
  AMconfig.properties changes
  com.sun.identity.server.fqdnMap[bason.blah.com]=bason.
  blah.com
  with the hostname (bason.blah.com) being the *uwc
  server* with reverse proxy on it
  for some fun have a look at the url you are directed
  too - in particular the parameters on the url...
  can anyone say "SECURITY HOLE"?

• ISP redundancy and reverse proxy

  Greetings, community!
  We have two EDGE TMG servers and two INTERNAL TMG servers.
  We have two providers with two dedicated external IP addresses each.
  I configure ISP Redundancy for each EDGE TMG servers with parameters:
  Each EDGE TMG server has two External NIC and one Internal NIC. 
  EDGE 1: Provider1_IP1 and Provider2_IP1
  EDGE 2: Provider1_IP2 and Provider2_IP2
  ISP Connections:
  Provider1 and Provider2
  So, the trouble:
  We have some published Web-Services, like OWA, ActiveSync, TerminalGatewayServers and others.
  Also we made 4 external DNS records for each Web-Service.
  For example:
  mail.domain.com Provider1_IP1
  mail.domain.com Provider1_IP2
  mail.domain.com Provider2_IP1
  mail.domain.com Provider2_IP2
  If we try to connect from external to any published Web-Services, we have big delay (~ 30 sec), and then it connected.
  After some tests we find that ONLY ONE EDGE TMG server is used for reverce proxy. IP Addresses from EDGE 1 is unavailable from external access. But it still works as Web-Proxy from Internal connections. Reverse-Proxy works only for EDGE 2 IP Addresses.
  If we shutdown EDGE 2 TMG server, then Reverse-Proxy for EDGE 1 IP addresses are works correctly.
  Why all 4 my external IP addresses are not works for reverse-proxy? Only 2 from one of my EDGE servers.

  So, I still try to solve my problem...
  When I try to connect from External to one of my EDGE1 IP addresses, I got these logs:
  LOGS on DMZ server (EDGE1):
  Failed Connection Attempt DMZ-TMG-01 21.07.2014 11:27:40 
  Log type: Firewall service 
  Status: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.  
  Rule: Publish TMGBE HTTP 
  Source: External (77.73.111.194:3427) 
  Destination: Internal (172.16.0.100:80) 
  Protocol: HTTP Server 
  Additional information 
  Number of bytes sent: 0 Number of bytes received: 0
  Processing time: 21000ms Original Client IP: 77.73.111.194 
  LOGS on INTERNAL server:
  Initiated Connection BLK-TMG-02 21.07.2014 11:27:20 
  Log type: Firewall service 
  Status: The operation completed successfully.  
  Source: External (77.73.111.194:3427) 
  Destination: Local Host (172.16.0.100:80) 
  Protocol: HTTP 
  Additional information 
  Number of bytes sent: 0 Number of bytes received: 0
  Processing time: 0ms Original Client IP: 77.73.111.194
  Closed Connection BLK-TMG-02 21.07.2014 11:27:40 
  Log type: Firewall service 
  Status: A connection was abortively closed after one of the peers sent an RST packet.  
  Source: External (77.73.111.194:3427) 
  Destination: Local Host (172.16.0.100:80) 
  Protocol: HTTP 
  Additional information 
  Number of bytes sent: 304 Number of bytes received: 192
  Processing time: 20281ms Original Client IP: 77.73.111.194
  When I try to connect my EDGE2 server external IP addresses, then:
  LOGS on DMZ server (EDGE2):
  Initiated Connection DMZ-TMG-02 21.07.2014 11:57:17 
  Log type: Firewall service 
  Status: The operation completed successfully.  
  Rule: Publish TMGBE HTTP 
  Source: External (77.73.111.194:3429) 
  Destination: Internal (172.16.0.100:80) 
  Protocol: HTTP Server 
  Additional information 
  Number of bytes sent: 0 Number of bytes received: 0
  Processing time: 0ms Original Client IP: 77.73.111.194
  Closed Connection DMZ-TMG-02 21.07.2014 11:57:17 
  Log type: Firewall service 
  Status: A connection was gracefully closed in an orderly shutdown process with a three-way FIN-initiated handshake.  
  Rule: Publish TMGBE HTTP 
  Source: External (77.73.111.194:3429) 
  Destination: Internal (172.16.0.100:80) 
  Protocol: HTTP Server 
  Additional information 
  Number of bytes sent: 534 Number of bytes received: 146
  Processing time: 203ms Original Client IP: 77.73.111.194
  Then traffic was redirected to HTTPS:
  Initiated Connection DMZ-TMG-02 21.07.2014 11:57:17 
  Log type: Firewall service 
  Status: The operation completed successfully.  
  Rule: Publish TMGBE HTTPS 
  Source: External (77.73.111.194:3430) 
  Destination: Internal (172.16.0.100:443) 
  Protocol: HTTPS Server 
  Additional information 
  Number of bytes sent: 0 Number of bytes received: 0
  Processing time: 0ms Original Client IP: 77.73.111.194
  LOGS on INTERNAL server:
  Failed Connection Attempt BLK-TMG-02 21.07.2014 11:57:17 
  Log type: Web Proxy (Reverse) 
  Status: 12311 The page must be viewed over a secure channel (Secure Sockets Layer (SSL)). Contact the server administrator.  
  Rule: Publish OWA 
  Source: External (77.73.111.194:3429) 
  Destination: Local Host (172.16.0.100:80) 
  Request: GET http://mail.domain.com/ 
  Filter information: Req ID: 0a314138; Compression: client=Yes, server=No, compress rate=0% decompress rate=0% 
  Protocol: http 
  User: anonymous 
  Additional information 
  Client agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
  Object source: (No source information is available.)
  Cache info: 0x0
  Processing time: 1 MIME type:  
  It's OK, because IIS require SSL. Then:
  Initiated Connection BLK-TMG-02 21.07.2014 11:57:18 
  Log type: Firewall service 
  Status: The operation completed successfully.  
  Source: External (77.73.111.194:3429) 
  Destination: Local Host (172.16.0.100:80) 
  Protocol: HTTP 
  Additional information 
  Number of bytes sent: 0 Number of bytes received: 0
  Processing time: 0ms Original Client IP: 77.73.111.194 
  Closed Connection BLK-TMG-02 21.07.2014 11:57:18 
  Log type: Firewall service 
  Status: A connection was gracefully closed in an orderly shutdown process with a three-way FIN-initiated handshake.  
  Source: External (77.73.111.194:3429) 
  Destination: Local Host (172.16.0.100:80) 
  Protocol: HTTP 
  Additional information 
  Number of bytes sent: 786 Number of bytes received: 318
  Processing time: 15ms Original Client IP: 77.73.111.194
  And HTTPS:
  Allowed Connection BLK-TMG-02 21.07.2014 11:57:17 
  Log type: Web Proxy (Reverse) 
  Status: 302 Moved Temporarily 
  Rule: Publish OWA 
  Source: External (77.73.111.194:3430) 
  Destination: Local Host (10.1.200.129:443) 
  Request: GET http://mail.domain.com/ 
  Filter information: Req ID: 0a31413a; Compression: client=Yes, server=No, compress rate=0% decompress rate=0% 
  Protocol: https 
  User: anonymous 
  Additional information 
  Client agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
  Object source: Internet (Source is the Internet. Object was added to the cache.)
  Cache info: 0x40000000 (Response should not be cached.)
  Processing time: 1 MIME type: text/html; charset=UTF-8 
  I can't understand the difference between there servers. If I shutdown EDGE2, the Publishing will work fine through EDGE1.

• TMG is dead, now which Reverse Proxy?

  Hi, now that Forefront TMG is discontinued, what is the Microsoft recommended reverse proxy to use for Lync 2010 and 2013?
  Is MS going to create a guide for this?

  Hi,
  There is no hard requirement to use TMG or ISA for Lync. Any reverse proxy that can meet the requirements for publishing the necessary resource locations can be used. TMG just as one of the possible options.
  Kent Huang
  TechNet Community Support

• Reverse Proxy Settings.

  Hi Friends,
  We have setup our DMZ using 238276.1 this note for iRecruitment.
  We are now thinking to use Reverse Proxy.
  Below was the step which we skipped in note related to configuration of reverse proxy.
  5.5.1: Update Oracle E-Business Suite Applications Context File
  On the external Oracle E-Business Suite web node, run the AutoConfig Context Editor as documented in the Oracle MetaLink Note 165195.1
  "Using AutoConfig to Manage System Configurations with Oracle Applications 11i". In the Context Detail screen, set the following
  configuration values:
  l set the webentry point, s_webentryhost, to the reverse proxy server.
  l set the webentry domain, s_webentrydomain, to the domain name of the reverse proxy server.
  l set the active webport, s_active_webport, to the port where the reverse proxy server listen for client requests. For example port 80 for
  HTTP or 443 for HTTPS.
  l set the webentry protocol, s_webentryurlprotocol, to the protocol value the clients use to access the reverse proxy server.
  l set the login page, s_login_page, to <webentry protocol>://<webentry point>.<webentry domain>:<active webport>. Replace
  <webentry protocol>, <webentry point>, <webentry domain>, and <active webport> with their respective values.
  My doubt is, Our unix admin directly can configure one external web site like
  https://irecrutment.xcompnay.com which can directly re-route to our external web server in DMZ for iRecruit Page.
  Then what is the significant of these settings ? Can we not achieve this thing without
  setting these things ?
  Regards,
  Jagjeet Singh

  Yes it sounds like a reverse proxy would help you out, however Apple no longer provide a (built-in) means to set one up in Server.app, you might be able to manually set one up in Apache but a better option would be to install a copy of Nginx and use that instead for your reverse-proxy server.

• Configure reverse proxy using Apache 2.2.15

  Dear Experts,
  I am in the process of configuring reverse proxy for my portal so that ppl outside the network can access my servers.
  We are on SUSE Linux 10 SP2, installed Apache 2.2.15 and started apache successfully.
  When i run command ps -ef | grep httpd, i get list of processes that are running.
  But when i open mozilla on the server where i installed apache and type http://myhost.domian.com:8080 it doesnt display any screen.
  I still assume that my apache is running. Please correct me on the above.
  Now i have configured my httpd.conf based on help.sap.com and various threads on sdn and it looks something like below
  ====================================================================================================
  ProxyPass /irj http://myhost.mydomian.com:50100/irj/
  ProxyPassReverse /irj http://myhost.mydomian.com:50100/irj/
  ProxyPreserveHost On
  #####################################r Reverse Proxy
  ProxyRequests off
  ProxyPreserveHost On
  <VirtualHost 172.XXX.XX.XX:80>
  #DocumentRoot Webserver doc root, eg "C:/.../htdocs"
  #ServerName <http:// Domain Name eg www.domainA.com >
  #ErrorLog logs/Domain.com-error_log
  #CustomLog logs/Domain.com-access_log common
  (Commented the above lines as i did not understand what i need them for.. please help on the above)
  RewriteEngine On
  RewriteLog logs/myhost_unsecured_rewrite.log
  RewriteLogLevel 9
  <Directory />
  Options None
  AllowOverride None
  </Directory>
  RewriteRule ^/(.*)$ http://myhost.mydomian.com:50100/$irj1/ NC,P
  ProxyPassReverse /irj http://myhost.mydomian.com:50100/
  </VirtualHost>
  With the above configuration will i be able to acheive my goal of using this server as my reverse proxy and also for redirecting the host name.
  Please help me on the above
  Thanks and regards
  Hunky

  If you search for "reverse proxy apache" you'll find quite lots of resources (blogs, articles) here on the SDN.
  You may start with
  FEATURED EVENTS
  Markus

• Omniportlet and reverse proxy

  I have an Oracle Portal installation behind a reverse proxy with Portal on 1 server, SSO/OID on another server, and the database on a 3rd server.
  Portal works fine, but Omniportlet and Webclipping are using the server name and port for the Portal server and not the reverse proxy URL. The Portal server name and port are, of course, not accessible to users.
  There is no proxy between the Portal and the database.

  Originally Posted by ghuertae
  Hi.. I have one server with one IP internal 10.x.x.x with reverse proxy to one ip public 159.x.x.x why ?? because we need that server can be used for public and internal users.
  For example user external had a server 200.x.x.x and they need connect to my server 159.x.x.x to diferente ports like 8020, 8000 and the port 22 (ssh)
  With the port 8000 and 8020 no problem they can connect.. but with 22 port
  I did the next filter in my border manager 3.8 (novell 6.0)
  Src Interface : ALL
  Dest Interface : ALL
  Packet Type: ssh (default 22)
  Src Port: ALL
  Protocol: TCP
  Dest Port: 22
  Src Add Type: Host
  Src IP Add: 200.X.X.X
  Dest Add Type: Host
  Dest IP Add: 159.X.X.X
  and
  Src Interface : ALL
  Dest Interface : ALL
  Packet Type: ssh2 (default 22)
  Src Port: 22
  Protocol: TCP
  Dest Port: ALL
  Src Add Type: Host
  Src IP Add: 159.X.X.X
  Dest Add Type: Host
  Dest IP Add: 200.X.X.X
  In the server BorderManager setup "Aceleration -> Http Aceleration" I put WeB server port 22 / Named IP Address ip internal and in Proxy IP Addr the ip Public.
  If i did a Tel 159.X.X.X 22 I can connect, but if use a program putty �
  ssh 159.X.X.X commad i can not connect..!!!
  Is there an error in my filter? o is there something else that i have to do ?
  thanks a lot.
  ok the solution that i find is... use the reverse proxy and Nat for the same ip and it works fine.
  I can access to ssh without problem..!

• Doubts regarding reverse proxy in DMZ

  Hi,
  We are going to implement DMZ in a test environment following the metalink note:287176.1.
  We have two sun servers so we have chosen Section 2.2(Fig 4) of 287176.1 as our deployment architecture.
  The steps we are going to follow are:
  1.Install Oracle Applications 11.5.10.2 in internal server.
  2.Clone the application to external server.
  3.Open the following ports:
  80,443 in the external firewall and 1521 in the data firewall.
  4.Follow steps from section 5.1,5.2,5.3,5.4 of 287176.1.
  5.Configure the URL firewal specific to the product that we want to expose for external use.
  Can someone please validate the above steps.
  Also please clarify the following doubts:
  1.Do we need a seperate external URL and domain to access the application from internet??
  If yes then this domain and URL mapping is done in which configuration file??
  2.Do we need to set up a reverse proxy server also for this architecture?If yes then is it necessary to deploy another reverse proxy server in front of external web server?
  Cant we configure the external web tier itself as reverse proxy??
  If yes then,how do we do it using 9iAS shipped with EBS...as we dont want to use standalone Apache for this and the document 287176.1 describes the steps to use a standalone Apache in section.(.Appendix D)..
  Please help...
  We have been given a time frame and limited resources to implement this POC.So a response is highly appreciated..
  Thanks
  ex:External URL:

  We have two sun servers so we have chosen Section 2.2(Fig 4) of 287176.1 as our deployment architecture.If you chose the above configuration there is no reverse proxy setup.
  1.Do we need a seperate external URL and domain to access the application >>from internet?? If yes then this domain and URL mapping is done in which >>configuration file??The changes are done on the external web tier in the application context file. (s_webentryhost - set to DMZ host name
  s_webentrydomain - domain name of DMZ host
  s_active_webport - port where the host will listen to requests
  s_webentyurlprotocol - http or https according to your configuration
  s_login_page - http(s)://webentypoint:webentrydomain:activewebport )
  2.Do we need to set up a reverse proxy server also for this architecture?Again section 2.2 does not require a reverse proxy only external webhost
  Please remember that the external host in DMZ runs only webtier. All the other services should be disabled.
  If yes then,how do we do it using 9iAS shipped with EBSClone the AppsTier to external host. Edit the context file and disable all the processes except
  <oa_process_status oa_var="s_apcstatus">enabled</oa_process_status>
  Then you have a webtier running without standalone Apache.
  I have recently finished configuring this setup.
  Message was edited by:
  bhetaal

• Reverse proxy redirecting not proxying

  I'm having trouble getting a reverse proxy to work as I expected it to.
  Scenario;
  Webserver 7 u 3 installed on host1.domain.com, instance listening on 8080
  Reverse proxy point configured for /agentsample -> http://host2.otherdomain.com:8080
  Now when I go to http://host1.domain.com:8080/agentsample two redirects occur, first is back to itself, then a second redirect to http://host2.otherdimain.com:8080/agentsample. This is where I have a problem, why am I being redirected, and not proxied?
  Furthermore, if I set the webserver7 up to be on port 80, crate a proxy for /agentsampe -> http://host2.otherdomain.com:8080 and then browse to http://host1.domain.com/agentsample I get redirected to http://host2.otherdomain.com/agentsample (which won't connect).
  So, does anyone know why this isn't working? I have other proxy points configed on host2.domain.com /idm -> http://host3.otherdomain.com:8202 for example, it works as expected, browsing to http://host2.domain.com:8080/idm gives me the page contect from host2.otherdomain.com but with the host2.domain.com URL - true proxying, no redirects.
  Any assistance appreciated.

  hi there,
  i'm getting the same redirecting behaviour with web server 7, update 3.
  the obj.conf says:
  <Object name="default">
  AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
  NameTrans fn="ntrans-j2ee" name="j2ee"
  NameTrans fn="pfx2dir" from="/mc-icons" dir="/opt/sun/webserver7/lib/icons" name="es-internal"
  PathCheck fn="uri-clean"
  PathCheck fn="check-acl" acl="default"
  PathCheck fn="find-pathinfo"
  PathCheck fn="find-index-j2ee"
  PathCheck fn="find-index" index-names="index.html,home.html,index.jsp"
  PathCheck fn=validate_session_policy
  ObjectType fn="type-j2ee"
  ObjectType fn="type-by-extension"
  ObjectType fn="force-type" type="text/plain"
  Service method="(GET|HEAD)" type="magnus-internal/directory" fn="index-common"
  Service method="(GET|HEAD|POST)" type="*~magnus-internal/*" fn="send-file"
  Service method="TRACE" fn="service-trace"
  Error fn="error-j2ee"
  AddLog fn="flex-log"
  </Object>
  <Object name="j2ee">
  Service fn="service-j2ee" method="*"
  </Object>
  <Object name="es-internal">
  PathCheck fn="check-acl" acl="es-internal"
  </Object>
  <Object name="cgi">
  ObjectType fn="force-type" type="magnus-internal/cgi"
  Service fn="send-cgi"
  </Object>
  <Object name="send-precompressed">
  PathCheck fn="find-compressed"
  </Object>
  <Object name="compress-on-demand">
  Output fn="insert-filter" filter="http-compression"
  </Object>and the instance specific obj.conf says: ( with additions from the opensso web agent )
  <Object name="default">
  AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
  NameTrans fn="ntrans-j2ee" name="j2ee"
  NameTrans fn="pfx2dir" from="/mc-icons" dir="/opt/sun/webserver7/lib/icons" name="es-internal"
  NameTrans fn="map" from="/testapp" name="reverse-proxy-/testapp" to="http:/testapp"
  PathCheck fn="uri-clean"
  PathCheck fn="check-acl" acl="default"
  PathCheck fn="find-pathinfo"
  PathCheck fn="find-index-j2ee"
  PathCheck fn="find-index" index-names="index.html,home.html,index.jsp"
  PathCheck fn="validate_session_policy"
  ObjectType fn="type-j2ee"
  ObjectType fn="type-by-extension"
  ObjectType fn="force-type" type="text/plain"
  Service method="(GET|HEAD)" type="magnus-internal/directory" fn="index-common"
  Service method="(GET|HEAD|POST)" type="*~magnus-internal/*" fn="send-file"
  Service method="TRACE" fn="service-trace"
  Error fn="error-j2ee"
  AddLog fn="flex-log"
  </Object>
  <Object name="j2ee">
  Service fn="service-j2ee" method="*"
  </Object>
  <Object name="es-internal">
  PathCheck fn="check-acl" acl="es-internal"
  </Object>
  <Object name="cgi">
  ObjectType fn="force-type" type="magnus-internal/cgi"
  Service fn="send-cgi"
  </Object>
  <Object name="send-precompressed">
  PathCheck fn="find-compressed"
  </Object>
  <Object name="compress-on-demand">
  Output fn="insert-filter" filter="http-compression"
  </Object>
  <Object ppath="http:*">
  Service fn="proxy-retrieve" method="*"
  </Object>
  <Object ppath="*/UpdateAgentCacheServlet*">
  Service type="text/*" method="(POST)" fn="process_notification"
  </Object>
  <Object ppath="*/dummypost/sunpostpreserve*">
  Service type="text/*" method="(GET)" fn="append_post_data"
  </Object>
  <Object name="reverse-proxy-/testapp">
  Route fn="set-origin-server" server="sunagent.mydomain.com:8080"
  </Object>the behaviour can be observed thusly in the http headers ( thank you livehttpheaders firefox plugin..)
  http://sunproxy.mydomain.com/testapp/index.html
  GET /testapp/index.html HTTP/1.1
  Host: sunproxy.mydomain.com
  User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc9 Firefox/3.0.4
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  Accept-Language: en-us,en;q=0.5
  Accept-Encoding: gzip,deflate
  Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
  Keep-Alive: 300
  Connection: keep-alive
  HTTP/1.x 302 Moved Temporarily
  Server: Sun-Java-System-Web-Server/7.0
  Date: Wed, 26 Nov 2008 06:49:09 GMT
  Location: http://sunsso.mydomain.com:80/opensso/UI/Login?goto=http%3A%2F%2Fsunproxy.mydomain.com%3A80%2Ftestapp%2Findex.html
  Content-Length: 0
  http://sunsso.mydomain.com/opensso/UI/Login?goto=http%3A%2F%2Fsunproxy.mydomain.com%3A80%2Ftestapp%2Findex.html
  GET /opensso/UI/Login?goto=http%3A%2F%2Fsunproxy.mydomain.com%3A80%2Ftestapp%2Findex.html HTTP/1.1
  Host: sunsso.mydomain.com:80
  User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc9 Firefox/3.0.4
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  Accept-Language: en-us,en;q=0.5
  Accept-Encoding: gzip,deflate
  Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
  Keep-Alive: 300
  Connection: keep-alive
  HTTP/1.x 200 OK
  Date: Wed, 26 Nov 2008 06:53:00 GMT
  Cache-Control: private
  Pragma: no-cache
  Expires: 0
  X-DSAMEVersion: 8.0 (2008-July-21 07:32)
  AM_CLIENT_TYPE: genericHTML
  Set-Cookie: AMAuthCookie=AQIC5wM2LY4SfcyANye01dpdxmpwm4JviJusoORmambL5kU%3D%40AAJTSQACMDE%3D%23; Domain=.mydomain.com; Path=/
  Set-Cookie: amlbcookie=01; Domain=.mydomain.com; Path=/
  Set-Cookie: JSESSIONID=D33E12C33D3B30A0905FFCA1A4D77561; Path=/opensso
  Content-Type: text/html;charset=UTF-8
  Connection: close
  Transfer-Encoding: chunked
  http://sunsso.mydomain.com/opensso/UI/Login?AMAuthCookie=AQIC5wM2LY4SfcyANye01dpdxmpwm4JviJusoORmambL5kU%3D%40AAJTSQACMDE%3D%23
  POST /opensso/UI/Login?AMAuthCookie=AQIC5wM2LY4SfcyANye01dpdxmpwm4JviJusoORmambL5kU%3D%40AAJTSQACMDE%3D%23 HTTP/1.1
  Host: sunsso.mydomain.com
  User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc9 Firefox/3.0.4
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  Accept-Language: en-us,en;q=0.5
  Accept-Encoding: gzip,deflate
  Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
  Keep-Alive: 300
  Connection: keep-alive
  Referer: http://sunsso.mydomain.com/opensso/UI/Login?goto=http%3A%2F%2Fsunproxy.mydomain.com%3A80%2Ftestapp%2Findex.html
  Cookie: JSESSIONID=D33E12C33D3B30A0905FFCA1A4D77561; AMAuthCookie=AQIC5wM2LY4SfcyANye01dpdxmpwm4JviJusoORmambL5kU%3D%40AAJTSQACMDE%3D%23; amlbcookie=01
  Content-Type: application/x-www-form-urlencoded
  Content-Length: 193
  IDToken0=&IDToken1=amp_business_manager&IDToken2=amp_business_manager&IDButton=Log+In&goto=aHR0cDovL3N1bnByb3h5LnRob3VnaHR3b3Jrcy5jb206ODAvdGVzdGFwcC9pbmRleC5odG1s&encoded=true&gx_charset=UTF-8
  HTTP/1.x 302 Moved Temporarily
  Date: Wed, 26 Nov 2008 06:53:13 GMT
  Cache-Control: private
  Pragma: no-cache
  Expires: 0
  X-DSAMEVersion: 8.0 (2008-July-21 07:32)
  AM_CLIENT_TYPE: genericHTML
  X-AuthErrorCode: 0
  Set-Cookie: iPlanetDirectoryPro=AQIC5wM2LY4SfcyANye01dpdxmpwm4JviJusoORmambL5kU%3D%40AAJTSQACMDE%3D%23; Domain=.mydomain.com; Path=/
  Set-Cookie: AMAuthCookie=LOGOUT; Domain=.mydomain.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
  Location: http://sunproxy.mydomain.com:80/testapp/index.html
  Content-Length: 0
  Connection: close
  Content-Type: text/plain; charset=UTF-8
  http://sunproxy.mydomain.com/testapp/index.html
  GET /testapp/index.html HTTP/1.1
  Host: sunproxy.mydomain.com:80
  User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc9 Firefox/3.0.4
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  Accept-Language: en-us,en;q=0.5
  Accept-Encoding: gzip,deflate
  Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
  Keep-Alive: 300
  Connection: keep-alive
  Referer: http://sunsso.mydomain.com/opensso/UI/Login?goto=http%3A%2F%2Fsunproxy.mydomain.com%3A80%2Ftestapp%2Findex.html
  Cookie: amlbcookie=01; iPlanetDirectoryPro=AQIC5wM2LY4SfcyANye01dpdxmpwm4JviJusoORmambL5kU%3D%40AAJTSQACMDE%3D%23
  HTTP/1.x 302 Moved Temporarily
  Server: Sun-Java-System-Web-Server/7.0
  Date: Wed, 26 Nov 2008 06:49:22 GMT
  Location: http://sunagent.mydomain.com:80/testapp/index.html
  Content-Length: 0
  Via: 1.1 https-sunproxy.mydomain.com
  Proxy-agent: Sun-Java-System-Web-Server/7.0
  http://sunagent.mydomain.com/testapp/index.html
  GET /testapp/index.html HTTP/1.1
  Host: sunagent.mydomain.com:80
  User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc9 Firefox/3.0.4
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  Accept-Language: en-us,en;q=0.5
  Accept-Encoding: gzip,deflate
  Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
  Keep-Alive: 300
  Connection: keep-alive
  Referer: http://sunsso.mydomain.com/opensso/UI/Login?goto=http%3A%2F%2Fsunproxy.mydomain.com%3A80%2Ftestapp%2Findex.html
  Cookie: amlbcookie=01; iPlanetDirectoryPro=AQIC5wM2LY4SfcyANye01dpdxmpwm4JviJusoORmambL5kU%3D%40AAJTSQACMDE%3D%23
  HTTP/1.x 200 OK
  Date: Wed, 26 Nov 2008 06:53:44 GMT
  Set-Cookie: JSESSIONID=68F78AD040184A4F9368D636243B2C70; Path=/testapp
  Content-Type: text/html;charset=ISO-8859-1
  Content-Language: en-US
  Content-Length: 3687
  Connection: close
  http://sunagent.mydomain.com/testapp/images/banner.jpg;jsessionid=68F78AD040184A4F9368D636243B2C70
  GET /testapp/images/banner.jpg;jsessionid=68F78AD040184A4F9368D636243B2C70 HTTP/1.1
  Host: sunagent.mydomain.com
  User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc9 Firefox/3.0.4
  Accept: image/png,image/*;q=0.8,*/*;q=0.5
  Accept-Language: en-us,en;q=0.5
  Accept-Encoding: gzip,deflate
  Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
  Keep-Alive: 300
  Connection: keep-alive
  Referer: http://sunagent.mydomain.com/testapp/index.html
  Cookie: JSESSIONID=68F78AD040184A4F9368D636243B2C70; amlbcookie=01; iPlanetDirectoryPro=AQIC5wM2LY4SfcyANye01dpdxmpwm4JviJusoORmambL5kU%3D%40AAJTSQACMDE%3D%23
  HTTP/1.x 200 OK
  Date: Wed, 26 Nov 2008 06:53:45 GMT
  Etag: W/"49462-1226285588000"
  Last-Modified: Mon, 10 Nov 2008 02:53:08 GMT
  Content-Type: image/jpeg
  Content-Length: 49462
  Connection: close
  http://sunagent.mydomain.com/favicon.ico
  GET /favicon.ico HTTP/1.1
  Host: sunagent.mydomain.com
  User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc9 Firefox/3.0.4
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  Accept-Language: en-us,en;q=0.5
  Accept-Encoding: gzip,deflate
  Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
  Keep-Alive: 300
  Connection: keep-alive
  Cookie: amlbcookie=01; iPlanetDirectoryPro=AQIC5wM2LY4SfcyANye01dpdxmpwm4JviJusoORmambL5kU%3D%40AAJTSQACMDE%3D%23
  HTTP/1.x 404 Not Found
  Date: Wed, 26 Nov 2008 06:53:48 GMT
  Set-Cookie: JSESSIONID=1A8BE19023EF620D6822C0DABCEEF838; Path=/
  Content-Type: text/html;charset=utf-8
  Content-Length: 988
  Connection: close
  ----------------------------------------------------------

• Performing reverse proxy re-directs and re-writes depending on case of url

  Hi,
  I have a front-end v6.1 SP6 web server running on Windows that hosts a public facing web site as well as re-directs specific folder urls to back-end applications hosted on Linux based application servers.
  I need to perform proxy re-directs and / or url re-writes depending on the case-sensitivity of the url requested from the Windows hosted web server.
  i.e. There is a back-end application with the internal url http://abc.internal.com/ABC, which importantly will not serve pages from http://abc.internal.com/abc
  So what I need is:
  www.external.com/ABC  -- proxy redirect -->  abc.internal.com/ABCwhereas
  www.exernal.com/abc  -- rewrite -->  www.external.com/ABC  -- proxy redirect -->  abc.internal.com/ABCWhat I have so far will provide the reverse proxy re-write for /ABC:
  <Object name="default">
  NameTrans fn="assign-name" from="/ABC(|/*)" name="abc.internal.com"
  </Object>
  <Object name="abc.internal.com" 2=">">
  ObjectType fn="force-type" type="magnus-internal/passthrough"
  Service fn="service-passthrough" servers="http://191.168.1.10:80"
  </Object>However, this will also reverse proxy requests for /abc which will return an error from the internal app server. So, is it possible to perform a case-sensitive dependent re-write / redirection on v6.1 on Windows?
  N.b. I realise that the back-end application could be modified to handle both upper and lower case requests but that is not an option here.
  Thanks for your help.

  I can't think of an easy way to do what you want. On Windows, Web Server treats URIs and paths as case insensitive, so there's no obvious way to treat /ABC differently than /abc.
  I do see a few options. Unfortunately, they're all relatively complicated:
  a) Write an NSAPI plugin
  b) Write a Servlet filter
  c) Use Sun Java System Web Server 7.0
  If you switch to 7.0, you can use case-sensitive regular expressions:<If $uri =~ '^/ABC/?'>
  NameTrans fn="assign-name" name="abc.internal.com"
  </If>

• CSM, Reverse Proxy, and Sticky

  First, here is a diagram of my setup:
  CSM w/VIP for Front-End Web Servers (acting as Authorization and Reverse Proxy)
  |
  SSL Module for termination of HTTPS traffic
  |
  Front-End Web Servers
  |
  CSM w/VIP for Back-end Web Servers
  |
  Back-end Web Servers
  What I need a way to do is to ensure that users gets to the same Back-end Web Server for their entire session. The Front-End Web Servers act as a Reverse Proxy for all requests going to the Back-End Web Servers and are configured to send requests to the VIP for the Back-End Web Servers.

  Gilles,
  Thanks for the response. This is https traffic for the user, but from the Front-End to the Back-End it's just http. Unfortunately it's SAP so it's not a normal HTTP Back-end that can generate cookies. Currently I am only running 3.1(7). What is the status of the 4.1 train? Being new I am concerned about utilizing this level. What has been the experience of customers on this code level in the field?