Reverse Proxy Problem

Similar Messages

• Forms with reverse-proxy problem

  Hi:
  How can I use a reverse-proxy (apache) to correctly run Oracle Forms and Oracle Reports Standalone (JINIT or Sun JVM).
  Do I need to configure formsweb.cfg? default.env? Can anyone help me ?
  I've setup Apache reverse-proxy... and it runs... but i got frm-92101
  Thanks
  Joao

  Hi:
  I've set this on httpd.conf
  ProxyPass /forms http://10.0.0.1:7778/forms
  ProxyPassReverse /forms http://10.0.0.1:7778/forms
  My Apache port number is the standard 80
  Did you used these Apache directives to setup the reverse proxy? Are you using forms standalone or with sso ? This test case I've setup is used with Forms&Reports Standalone.
  It always happens this problem.
  EDITED:
  I found the problem... the problem is the database... 11G!!! With 10G it works ok!
  Thanks
  Joao

• Problem with Apache reverse proxy after applying SP13 NW

  Hello,
  we have a NW04 EP Portal and a Apache reverse proxy in the DMZ. After applying SP 13 for the portal we get the following error from the reverse proxy:
  Proxy Error
  The proxy server received an invalid response from an upstream server.
  The proxy server could not handle the request GET /irj/.
  Reason: Error reading from remote server
  Apache/2.0.52 (Win32) mod_ssl/2.0.52 OpenSSL/0.9.7e Server at servername.company.de Port 443
  Is is it possible, that there is a problem with sp13?
  Best regards
  Daniel Holstein

  Hi Daniel,
  ok I`ll try to find a solution in parallel and keep you up to date.
  In the following my settings in case I missed something:
  <VirtualHost test.firma.de:443>
  SSLEngine on
  SSLProxyEngine on
  SSLCertificateFile /apache/keys/pac_ssl_qep_dmz_server.crt
  SSLCertificateKeyFile /apache/keys/pac_ssl_qep_dmz_server.key
  ServerName test.firma.de:443
  ServerAdmin [email protected]
  LogLevel debug
  ErrorLog logs/ssl_443_error
  CustomLog logs/ssl_443_access_log common
  ProxyVia Off
  ProxyPreserveHost On
  ReWriteEngine on
  ReWriteLogLevel 0
  ReWriteLog logs//ssl_443_rewrite_http.log
  ProxyPass / https://backend.firma.de:50001/
  ProxyPassReverse / https://backend.firma.de:50001/
  </VirtualHost>
  Regards, Jens

• Apache Reverse Proxy: Domain problem

  Hi,
  I have a problem with Apache Reverse Proxy (Apache 2.2) and SAP Enterprise Portal 6.0.
  I configured Apache as a Reverse Proxy Server (with SSL)so that the portal is accessible through the internet. Everything is working fine but the OWA integration doesn't work over the Reverse Proxy.
  If I log on to <u>http://portalsrv.mydomain.xx:12345/irj</u> the OWA integration works fine with SSO and there is no problem with session management.
  If I log on to <u>https://revproxy.mydomain.zz:1234/irj</u> and want to open Outlook I get the message that Session management doesn't work. However the other components like ESS work fine. Deactivating the DSM Logger is not a solution to this problem.
  The Log tells me:
  1.
  Application domain 'mydomain.xx' differs from Portal domain 'mydomain.zz'.
  Session Management will not work for Application 'abc.mydomain.xx'
  2.
  Application schema 'http' differs from Portal schema 'https'.
  Session Management will not work for Application 'abc.mydomain.xx'
  Is there a possibility to write a Rewrite-Rule in the Apache-Conf?
  For instance:
  https://abc.mydomain.xx --> http://abc.mydomain.zz
  Does anybody made such a rule?
  I hope anybody can help me with the problem.
  Thank you

  Hi Daniel,
  ok I`ll try to find a solution in parallel and keep you up to date.
  In the following my settings in case I missed something:
  <VirtualHost test.firma.de:443>
  SSLEngine on
  SSLProxyEngine on
  SSLCertificateFile /apache/keys/pac_ssl_qep_dmz_server.crt
  SSLCertificateKeyFile /apache/keys/pac_ssl_qep_dmz_server.key
  ServerName test.firma.de:443
  ServerAdmin [email protected]
  LogLevel debug
  ErrorLog logs/ssl_443_error
  CustomLog logs/ssl_443_access_log common
  ProxyVia Off
  ProxyPreserveHost On
  ReWriteEngine on
  ReWriteLogLevel 0
  ReWriteLog logs//ssl_443_rewrite_http.log
  ProxyPass / https://backend.firma.de:50001/
  ProxyPassReverse / https://backend.firma.de:50001/
  </VirtualHost>
  Regards, Jens

• Reverse proxy setup problems

  I am trying to setup a reverse proxy using iPlanet Web Proxy Server 3.6. I have followed the instructions in the manual which seems pretty straight forward but nothing is happening. I am getting no traffic at all between any of the boxes involved. I have been using apache before without any problems but wanted to move to something more scaleable as I would like to have multiple reverse proxys. Can anyone give any suggestions as to what might be wrong. Thanks.

  Have you tried thius technote ===>
  http://knowledgebase.iplanet.com/ikb/kb/articles/1173.html
  The reverse proxy setup requires regular mappings and reverse mappings. Regular mappings re-map the requested URL to the actual origin
  server. The reverse mappings re-map Location: headers coming back in 3xx redirections.
  In some cases, customers have sent technical support obj.conf files with the mapping entries in the wrong order. All of the
  "reverse-map" functions should be placed before the "map" functions.
  There maybe two causes:
  1.Hand editing of the obj.conf files
  Use the admin interface to create reverse proxy map entires.
  2.Old versions of Admin Server
  There may have been problems with creating reverse proxy maps in Proxy 2.x, which used Admin Server 2.x. This problem doee not
  occur with Admin 3.5.
  Example:
  NameTrans fn="reverse-map" from="http://www.news.com"
  to="http://kwikimart.mcom.com:8080/news"
  NameTrans fn="map" from="http://kwikimart.mcom.com:8080/news"
  to="http://www.news.com"
  NameTrans fn="map" from="/news" to="http://www.news.com"
  Note the "reverse-map" function appears before the "map" functions.

• CSS Reverse Proxy Rule problem if caches suspended breaks web site

  Hi
  Another perplexing problem we've had tonight:
  2 x CSS11000 with 2 x CE560's providing Reverse Proxy Cache to a front end web server. During testing we had both CE services "suspended" but not the RCP content rule. So in my theory this rule couldn't work because it's services were not available. However, the CSS continued to hit this content rule and hence broke the web side. We then suspended the RPC rule, all traffic was forced to use the directtoserver rule and things worked again.
  The question this poses, and we will be testing this on Monday is....if the caches are "down" rather than "suspended" does the same thing happen....and is this a bug (because I cant help thinking thats not what ithe CSS should be doing) or something else.
  Anyone come across this ?
  Thanks
  Simon

  Simon,
  I think the answer to your question comes down to whether the content rule is considered "down" or not. When the caches are down, what does a "show rule" show as a status of the content rule. If the rule is down, the CSS should not even respond to the clients request via the vip unless there is another content rule containing the same vip (L3, L4 etc..)
  Maybe the keepalive types need to be changed. For example, using icmp for a keepalive type and shutting down port 80 on a webserver will NOT signify to the CSS that the services is down.
  If the rule is down and still increasing hit counts, then this would be some type of bug.
  Regards
  Pete Knoops
  Cisco Systems

• Reverse Proxy Redirection Problem

  Hi all
  recently I installed sun one app server 8.1 sp2 as back end server and sun one web server 6.1 sp5 as the front end.
  I also installed the reverse proxy plugin (provided by sun) correctly. the infrastructure is something like this:
  web = http://aaa.com/mypath
  app = http://bbb.com/mypath
  client => web => app server
  so when client type http://aaa.com/mypath, it will eventually executed http://bbb.com/mypath, but in the client browser still maintain http://aaa.com/mypath
  so far so good.
  but when the client executed http://aaa.com/mypath/myredirect.html (where myredirect.html is javascript redirection to certain html in my app server), the web server will execute http://bbb.com/mypath/myredirect.html, which eventually the html will be redirected to http://bbb.com/mypath/myfinalresult.html.
  the problem is now on the client browser the url becomes http://bbb.com/mypath/myfinalresult.html. all i want is the url to be pointing to web server, that is http://aaa.com/mypath/myfinalresult.html
  how to solve this problem? is it possible to do reverse mapping with passthrough library? any help is greatly appreciated! Thx !!
  Cheers,
  kami

  Hi All,
  Good Morning. Please calrify the below issue about reverse proxy. ( The redirection is not happening from WebServer to AppServer)
  - I have installed the one WebServer with below configuration.
  - Installed Sun ONE Web Server 6.1SP6 with Sun ONE Web Server 6.1SP3 Reverse Proxy Plugin.
  - This is my obj.conf file:
  NameTrans fn="assign-name" from="/wps" name="passthrough1"
  <Object name="passthrough1">
  Service type="magnus-internal/passthrough"
  fn="service-passthrough"
  servers="http://<AppServer>:9081/wps/"
  </Object>
  - This is magnus.conf file:
  Init fn=flex-init access="$accesslog" format.access="%Ses->client.ip% - %Req->vars.auth-user% [%SYSDATE%] \"%Req->reqpb.clf-request%\" %Req->srvhdrs.clf-status% %Req->srvhdrs.content-length%"
  Init fn="load-modules" shlib="/opt/SUNWwbsvr/bin/https/lib/libj2eeplugin.so" shlib_flags="(global|now)"
  Init fn="load-modules" shlib="/opt/SUNWwbsvr/plugins/passthrough/libpassthrough.so"
  When I am trying to access the WebServer URL http://<WebServer>:<port>/wps/ is not redirting to AppServer URL i.e (http://<AppServer>:9081/wps/).
  - Please find the log file as below :-
  [26/Nov/2006:10:52:11] warning ( 5727): for host 172.16.5.63 trying to GET /wps/, send-file reports: HTTP4142: can't find /opt/SUNWwbsvr/docs/wps/ (File not found)
  - I am confusing it searching the "wps" directory under the doc root directory.
  Kindly help to suggest me to resolve the issue.
  Thanks a lot in advance.
  Best Regards
  Elayaraja.K

• OHS to Weblogic Reverse Proxy configuration Problem

  Hi,
  Pls go through the following points and suggest.
  1. I have an Access Manager in place and I need to integrate it with Webcenter and Oracle Identity Manager.
  2. I have only one webserver in place which is reverse proxied for both the application servers(OIM as well as Webcenter) and only one webgate installed.
  Can I achieve SSO with this architecture? My doubt is while specifying the challenge parameter in Access Manager,how can i specify it?

  Thanks for the reply. Let me detail you regarding my configuration.
  1. One webserver configured as reverse proxy for two app serrvers(weblogic1 for webcenter and weblogic2 for Identity manager)
  2. My reverse proxy config in httpd.conf file are as follows
  ProxyPass /webcenter http://app1:8888/webcenter
  ProxyPassReverse /webcenter http://app1:8888/webcenter
  ProxyPass /xlWebApp http://app2:7001/xlWebApp
  ProxyPassReverse /xlWebApp http://app2:7001/xlWebApp
  3. Created two policy domains for /webcenter and /xlWebApp and Iam using form based authentication scheme.
  My Challenge parameters as follows:
  form: /am_login/login.html (am_login.war is deployed on both app1 and app2)
  creds:userid password
  action:/dummy.cgi
  Now the problem is whenever http://webserverhost:7777/webcenter is accessed,it should redirect to http://webserverhost:7777/am_login/login.html. But its not happening so reason being,after hitting the url it is not able to find the am_login.war in /webcenter on the appserver.Instead its deployed on the root "/" not inside "/webcenter".
  Samething is happening for /xlWebApp too. Can you suggest some configuration which would make my things work?

• Problem on Setting up a Reverse Proxy on Web Proxy Server 4.0.1

  After you setup a reverse proxy using Web Proxy Server 4.0.1, if you get the following error --
  Proxy denies fulfilling the request
  Your client is not allowed to access the requested object.You probably forget to add a regular mapping from: / to: http://http.site.com/. The information provided in 4.0.1 Administration guide is misleading. You will have to add it NOW manually. (Note: in 3.6 it will be added automaticly)
  You will have to do the following step manually, what provided in the manual is misleading --
  Sun Java� System Web Proxy Server 4 .0.1 Administration Guide 2005Q4
  Chapter 14 Using a Reverse Proxy
  "Setting up a Reverse Proxy"
  5. To make the change, click OK.
  Once you click the OK button, the proxy server adds one or more additional
  mappings. To see the mappings, click the link called View/Edit Mappings.
  Additional mappings would be in the following format:
  from: /
  to: http://http.site.com/

  thanks, will verify and update the docs.
  rahul.

• Problems with apex and anychart (using reverse proxy)

  Hi,
  Im using 2 Servers. The first with Apache2 and the /i/ directory and the second with a Oracle XE Database.
  The imagedirectory is at the first server.
  Heres my Apache Setup:
  <Location /apex>
  Options None
  Order allow,deny
  allow from all
  ProxyPass http://..(remote_ip)..:8080/apex
  ProxyPassReverse http://..(remote_ip)..:8080/apex
  </Location>
  Alias /i/ /var/i/
  <Directory "/var/i/">
  Options None
  AllowOverride None
  Order allow,deny
  Allow from all
  </Directory>
  if I open a page with a anychart chart I get this error:
  "Flash Security Error
  Anychart can not be launched due to Flash Security Settings violation.
  Please refer to Security error Article in Anychart Documentation..."
  http://www.anychart.com/products/anychart/docs/users-guide/index.html?security-error.html
  I think I have to place a crossdomain.xml
  Placing the crossdomain.xml in example.com/ root-directory doesn't work?
  thanks for any help

  Hi Christoph,
  Yes, the APEX Listener works with Oracle XE. The APEX Listener is currently an Early Adopters release, and is available for download from here: http://www.oracle.com/technology/products/database/application_express/html/apex_listener_download.html. I would recommend reviewing the accompanying Installation Guide before proceeding. There's an 'APEX Listener Feedback' thread - APEX Listener Feedback - which may also proof useful to you. There's also another related thread on this topic: Re: #HOST# Substituin incorrect for charts via Reverse Proxy which discusses the replacement of the #HOST# substitution string.
  Regards,
  Hilary

• Problem with Mobile clients - Reverse proxy

  Hi Guys,
  I have an issue that is driving me batty. I've set up a reverse proxy and am putting my mobile clients through it. I've used the Lync connectivity analyzer which is telling me that everything is good. However I am getting an error in my mobile clients to
  the effect "Please check your account info and try again"
  It looks like my IIS logs are showing 401 errors on the webticketservice.svc
  2014-05-30 00:48:01 192.168.0.58 GET / sipuri=sip:[email protected]&X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=0b8473bc-76f4-48e6-b29d-1028dad0dc2f 443 - 24.114.103.233 ACOMO - 200 0 0 93
  2014-05-30 00:48:01 192.168.0.58 GET / - 80 - 24.114.103.233 ACOMO - 406 0 0 62
  2014-05-30 00:48:01 192.168.0.58 GET /autodiscover/autodiscoverservice.svc/root/user originaldomain=openjive.com&X-ARR-LOG-ID=624d5656-03de-4d23-b7be-ef1d86f986ea 443 OPENJIVE\bryan 24.114.103.233 ACOMO - 401 0 0 72
  2014-05-30 00:48:01 192.168.0.58 GET /autodiscover/autodiscoverservice.svc/root/user originaldomain=openjive.com&X-ARR-LOG-ID=989d376d-f93d-4a61-a2e8-75e44a2f630e 443 OPENJIVE\bryan 24.114.103.233 ACOMO - 401 0 0 62
  2014-05-30 00:48:01 192.168.0.58 POST /webticket/webticketservice.svc/mex X-ARR-LOG-ID=96ab4698-b8bc-4ff6-829f-60bdd7e9d64e 443 OPENJIVE\bryan 24.114.103.233 ACOMO - 200 0 0 209
  2014-05-30 00:48:01 192.168.0.58 POST /webticket/webticketservice.svc X-ARR-LOG-ID=6884e7ec-01fa-4014-96ec-1e891fbb1c7e 443 OPENJIVE\bryan 24.114.103.233 ACOMO - 401 0 0 116
  2014-05-30 00:48:03 192.168.0.58 POST /webticket/webticketservice.svc X-ARR-LOG-ID=c4f2790c-983a-4d4f-b647-dc0c30d2335d 443 OPENJIVE\bryan 24.114.103.233 ACOMO - 401 0 0 84
  Any ideas would be appreciated. I am running windows 2012 R2 across the board. The reverse proxy is IIS 8.5 with ARR 3.

  Here is the connectivity analyzer results.
  Sending HTTP request to
  https://lyncdiscover.openjive.com/[email protected]
  Logging test parameters:
  SIP Uri: [email protected]
  User Name: openjive\bryan
  Discovery Type: Automatic Discovery
  Network access: NetworkAccessExternal
  Selected client: ApplicationLyncMobile2013
  Starting Lync server autodiscovery
  Please wait; this test may take several minutes to complete...
  Starting automatic discovery for secure (HTTPS) internal channel
  lyncdiscoverinternal.openjive.com can't be resolved by the DNS server. Skipping internal discovery.
  Starting automatic discovery for secure (HTTPS) external channel
  Cookie  found in autodiscover response: StatusCode: 200, ReasonPhrase: 'OK', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
    Pragma: no-cache
    X-MS-Server-Fqdn: banff.openjive.local
    X-Content-Type-Options: nosniff
    Cache-Control: no-cache
    Server: Microsoft-IIS/8.5
    X-AspNet-Version: 4.0.30319
    X-Powered-By: ASP.NET
    X-Powered-By: ARR/2.5
    X-Powered-By: ASP.NET
    Date: Fri, 30 May 2014 00:49:45 GMT
    Content-Length: 1049
    Content-Type: application/vnd.microsoft.rtc.autodiscover+xml; v=1
    Expires: -1
  Parsing the response for URL
  https://lyncdiscover.openjive.com/[email protected].  Full response: <?xml version="1.0" encoding="utf-8"?><AutodiscoverResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  AccessLocation="External"><Root><Link token="Domain" href="https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/domain?originalDomain=openjive.com"
  /><Link token="User" href="https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=openjive.com"
  /><Link token="Self" href="https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root?originalDomain=openjive.com" /><Link
  token="OAuth" href="https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/oauth/user?originalDomain=openjive.com" /><Link
  token="External/XFrame" href="https://lyncweb.openjive.com/Autodiscover/XFrame/XFrame.html" /><Link token="Internal/XFrame" href="https://banff.openjive.local/Autodiscover/XFrame/XFrame.html"
  /><Link token="XFrame" href="https://lyncweb.openjive.com/Autodiscover/XFrame/XFrame.html" /></Root></AutodiscoverResponse>
  Autodiscover URL
  https://lyncdiscover.openjive.com/[email protected] redirected to
  https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=openjive.com
  Sending HTTP request to
  https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/[email protected]
  Cookie  found in autodiscover response: StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
    X-MS-WebTicketURL:
  https://lyncweb.openjive.com/WebTicket/WebTicketService.svc
    X-MS-WebTicketSupported: cwt,saml
    X-MS-Server-Fqdn: banff.openjive.local
    X-Content-Type-Options: nosniff
    Cache-Control: no-cache
    Server: Microsoft-IIS/8.5
    X-Powered-By: ASP.NET
    X-Powered-By: ARR/2.5
    X-Powered-By: ASP.NET
    WWW-Authenticate: Negotiate
    WWW-Authenticate: NTLM
    Date: Fri, 30 May 2014 00:49:45 GMT
    Content-Length: 1293
    Content-Type: text/html
  Authorization required for
  https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/[email protected]
  Obtaining WebTicket from
  https://lyncweb.openjive.com/WebTicket/WebTicketService.svc
  On-premises WebTicket server:
  https://lyncweb.openjive.com/WebTicket/WebTicketService.svc/Auth
  AcquireTicketAsync succeeded for
  https://lyncweb.openjive.com/WebTicket/WebTicketService.svc/Auth
  WebTicket: <saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="SamlSecurityToken-bf1eeeeb-c7b5-4d50-87df-929bf90bd370" Issuer="https://banff.openjive.local:4443/f0ca8325-b055-5552-be4f-fb4088f97387"
  IssueInstant="2014-05-30T00:52:05.151Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"><saml:Conditions NotBefore="2014-05-30T00:52:05.151Z" NotOnOrAfter="2014-05-30T08:49:30.151Z"><saml:AudienceRestrictionCondition><saml:Audience>https://lyncweb.openjive.com/</saml:Audience></saml:AudienceRestrictionCondition></saml:Conditions><saml:AuthenticationStatement
  AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified" AuthenticationInstant="2014-05-30T00:52:05.151Z"><saml:Subject><saml:NameIdentifier Format="sip:[email protected]</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod><KeyInfo">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/uri">sip:[email protected]</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod><KeyInfo
  xmlns="<e:EncryptedKey">http://www.w3.org/2000/09/xmldsig#"><e:EncryptedKey xmlns:e="<e:EncryptionMethod">http://www.w3.org/2001/04/xmlenc#"><e:EncryptionMethod
  Algorithm="</e:EncryptionMethod><KeyInfo><KeyName>f0ca8325-b055-5552-be4f-fb4088f97387:8d149b659ca1d29</KeyName></KeyInfo><e:CipherData><e:CipherValue>kE4cKJAJbZL3GFCEx3/XxiBO/nhVPZJ15xEIQk96DjkxRNgzgxlh+w==</e:CipherValue></e:CipherData></e:EncryptedKey></KeyInfo></saml:SubjectConfirmation></saml:Subject></saml:AuthenticationStatement><Signature">http://www.w3.org/2001/04/xmlenc#kw-aes256"></e:EncryptionMethod><KeyInfo><KeyName>f0ca8325-b055-5552-be4f-fb4088f97387:8d149b659ca1d29</KeyName></KeyInfo><e:CipherData><e:CipherValue>kE4cKJAJbZL3GFCEx3/XxiBO/nhVPZJ15xEIQk96DjkxRNgzgxlh+w==</e:CipherValue></e:CipherData></e:EncryptedKey></KeyInfo></saml:SubjectConfirmation></saml:Subject></saml:AuthenticationStatement><Signature
  xmlns="<SignedInfo><CanonicalizationMethod">http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="</CanonicalizationMethod><SignatureMethod">http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod><SignatureMethod
  Algorithm="</SignatureMethod><Reference">http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod><Reference URI="#SamlSecurityToken-bf1eeeeb-c7b5-4d50-87df-929bf90bd370"><Transforms><Transform
  Algorithm="</Transform><Transform">http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform><Transform Algorithm="</Transform></Transforms><DigestMethod">http://www.w3.org/2001/10/xml-exc-c14n#"></Transform></Transforms><DigestMethod
  Algorithm="</DigestMethod><DigestValue>krqtSvw6JUlsbBsxdbXSsHyIgFzUD1G7DOKZ635AC4Q=</DigestValue></Reference></SignedInfo><SignatureValue>qo+GkTNnjyl250pQVkSSTCI707At83dn2zu1ZOSLoSlPF74FuzRgCysD5UPrgMvY5SYi+pi2igwEV7zt7ALtWFuAJWPU3e0mNT701xyO86+f11YtHXC/NhQDudJvq7DO3uWRGgZGdBodt82OyZlXKifplMgEE352y0+S4jy0GmKCpvHTbytUthInMSxSAp7UWcU+6ourkAj4NpLbSywgm4su6byHEZmZyJ1/6eZ6/xO3a395dxhlBoMbIs+Gk9zcQ75KL/VAy7WTcBq+kJ/16yfd9q73VzYO5NBSEgrOHW/xZuRUYusLyhSZ0AJTVaUUJuBi6XdG44kaP0Nsz9UTrw==</SignatureValue><KeyInfo><o:SecurityTokenReference">http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod><DigestValue>krqtSvw6JUlsbBsxdbXSsHyIgFzUD1G7DOKZ635AC4Q=</DigestValue></Reference></SignedInfo><SignatureValue>qo+GkTNnjyl250pQVkSSTCI707At83dn2zu1ZOSLoSlPF74FuzRgCysD5UPrgMvY5SYi+pi2igwEV7zt7ALtWFuAJWPU3e0mNT701xyO86+f11YtHXC/NhQDudJvq7DO3uWRGgZGdBodt82OyZlXKifplMgEE352y0+S4jy0GmKCpvHTbytUthInMSxSAp7UWcU+6ourkAj4NpLbSywgm4su6byHEZmZyJ1/6eZ6/xO3a395dxhlBoMbIs+Gk9zcQ75KL/VAy7WTcBq+kJ/16yfd9q73VzYO5NBSEgrOHW/xZuRUYusLyhSZ0AJTVaUUJuBi6XdG44kaP0Nsz9UTrw==</SignatureValue><KeyInfo><o:SecurityTokenReference
  xmlns:o="<o:KeyIdentifier">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><o:KeyIdentifier ValueType="AhJJ0tEVWf4IRNbKNKfDMD1Qyvg=</o:KeyIdentifier></o:SecurityTokenReference></KeyInfo></Signature></saml:Assertion">http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">AhJJ0tEVWf4IRNbKNKfDMD1Qyvg=</o:KeyIdentifier></o:SecurityTokenReference></KeyInfo></Signature></saml:Assertion>
  Sending HTTP request to
  https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/[email protected]
  Cookie  found in autodiscover response: StatusCode: 200, ReasonPhrase: 'OK', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
    Pragma: no-cache
    X-MS-Server-Fqdn: banff.openjive.local
    X-Content-Type-Options: nosniff
    Cache-Control: no-cache
    Server: Microsoft-IIS/8.5
    X-AspNet-Version: 4.0.30319
    X-Powered-By: ASP.NET
    X-Powered-By: ARR/2.5
    X-Powered-By: ASP.NET
    Date: Fri, 30 May 2014 00:49:45 GMT
    Content-Length: 2111
    Content-Type: application/vnd.microsoft.rtc.autodiscover+xml; v=1
    Expires: -1
  Parsing the response for URL
  https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/[email protected].  Full response: <?xml version="1.0" encoding="utf-8"?><AutodiscoverResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" AccessLocation="External"><User><SipServerInternalAccess fqdn="banff.openjive.local" port="5061" /><SipClientInternalAccess fqdn="banff.openjive.local"
  port="5061" /><SipServerExternalAccess fqdn="lyncedge.openjive.com" port="5061" /><SipClientExternalAccess fqdn="lyncedge.openjive.com" port="5061" /><Link token="Internal/Autodiscover" href="https://banff.openjive.local/Autodiscover/AutodiscoverService.svc/root"
  /><Link token="Internal/AuthBroker" href="https://banff.openjive.local/Reach/sip.svc" /><Link token="Internal/WebScheduler" href="https://banff.openjive.local/Scheduler"
  /><Link token="Internal/CertProvisioning" href="https://banff.openjive.local/CertProv/CertProvisioningService.svc" /><Link token="External/Autodiscover" href="https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root"
  /><Link token="External/AuthBroker" href="https://lyncweb.openjive.com/Reach/sip.svc" /><Link token="External/WebScheduler" href="https://lyncweb.openjive.com/Scheduler"
  /><Link token="External/CertProvisioning" href="https://lyncweb.openjive.com/CertProv/CertProvisioningService.svc" /><Link token="Internal/Mcx" href="https://lyncweb.openjive.com/Mcx/McxService.svc"
  /><Link token="External/Mcx" href="https://lyncweb.openjive.com/Mcx/McxService.svc" /><Link token="Ucwa" href="https://lyncweb.openjive.com/ucwa/v1/applications"
  /><Link token="Internal/Ucwa" href="https://banff.openjive.local/ucwa/v1/applications" /><Link token="External/Ucwa" href="https://lyncweb.openjive.com/ucwa/v1/applications"
  /><Link token="External/XFrame" href="https://lyncweb.openjive.com/Autodiscover/XFrame/XFrame.html" /><Link token="Internal/XFrame" href="https://banff.openjive.local/Autodiscover/XFrame/XFrame.html"
  /><Link token="XFrame" href="https://lyncweb.openjive.com/Autodiscover/XFrame/XFrame.html" /><Link token="Self" href="https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/user"
  /></User></AutodiscoverResponse>
  Server discovery has completed for https://lyncdiscover.openjive.com/.
  Autodiscover full response for URL https://lyncdiscover.openjive.com/ is <?xml version="1.0" encoding="utf-8"?><AutodiscoverResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" AccessLocation="External"><User><SipServerInternalAccess fqdn="banff.openjive.local" port="5061" /><SipClientInternalAccess fqdn="banff.openjive.local"
  port="5061" /><SipServerExternalAccess fqdn="lyncedge.openjive.com" port="5061" /><SipClientExternalAccess fqdn="lyncedge.openjive.com" port="5061" /><Link token="Internal/Autodiscover" href="https://banff.openjive.local/Autodiscover/AutodiscoverService.svc/root"
  /><Link token="Internal/AuthBroker" href="https://banff.openjive.local/Reach/sip.svc" /><Link token="Internal/WebScheduler" href="https://banff.openjive.local/Scheduler"
  /><Link token="Internal/CertProvisioning" href="https://banff.openjive.local/CertProv/CertProvisioningService.svc" /><Link token="External/Autodiscover" href="https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root"
  /><Link token="External/AuthBroker" href="https://lyncweb.openjive.com/Reach/sip.svc" /><Link token="External/WebScheduler" href="https://lyncweb.openjive.com/Scheduler"
  /><Link token="External/CertProvisioning" href="https://lyncweb.openjive.com/CertProv/CertProvisioningService.svc" /><Link token="Internal/Mcx" href="https://lyncweb.openjive.com/Mcx/McxService.svc"
  /><Link token="External/Mcx" href="https://lyncweb.openjive.com/Mcx/McxService.svc" /><Link token="Ucwa" href="https://lyncweb.openjive.com/ucwa/v1/applications"
  /><Link token="Internal/Ucwa" href="https://banff.openjive.local/ucwa/v1/applications" /><Link token="External/Ucwa" href="https://lyncweb.openjive.com/ucwa/v1/applications"
  /><Link token="External/XFrame" href="https://lyncweb.openjive.com/Autodiscover/XFrame/XFrame.html" /><Link token="Internal/XFrame" href="https://banff.openjive.local/Autodiscover/XFrame/XFrame.html"
  /><Link token="XFrame" href="https://lyncweb.openjive.com/Autodiscover/XFrame/XFrame.html" /><Link token="Self" href="https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/user"
  /></User></AutodiscoverResponse>
  SendRequest failed for
  https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root/[email protected]
  Automatic discovery results for https://lyncdiscover.openjive.com/
  Access Location                          : External
  SIP Server Internal Access               : banff.openjive.local
  SIP Server External Access               : lyncedge.openjive.com
  SIP Client Internal Access               : banff.openjive.local
  SIP Client External Access               : lyncedge.openjive.com
  Internal Auth broker service             :
  https://banff.openjive.local/Reach/sip.svc
  External Auth broker service             :
  https://lyncweb.openjive.com/Reach/sip.svc
  Internal Auto discover service           :
  https://banff.openjive.local/Autodiscover/AutodiscoverService.svc/root
  External Auto discover service           :
  https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root
  Internal MCX service                     :
  https://lyncweb.openjive.com/Mcx/McxService.svc
  External MCX service                     :
  https://lyncweb.openjive.com/Mcx/McxService.svc
  Internal UCWA service                    :
  https://banff.openjive.local/ucwa/v1/applications
  External UCWA service                    :
  https://lyncweb.openjive.com/ucwa/v1/applications
  Internal Webscheduler service            :
  https://banff.openjive.local/Scheduler
  External Webscheduler service            :
  https://lyncweb.openjive.com/Scheduler
  Total server discovery time: 1.1 seconds
  Server discovery succeeded for secure (HTTPS) external channel against URL
  https://lyncdiscover.openjive.com/
  Starting automatic discovery for unsecure (HTTP) external channel
  Sending HTTP request to
  http://lyncdiscover.openjive.com/[email protected]
  Cookie  found in autodiscover response: StatusCode: 406, ReasonPhrase: 'Not Acceptable', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
    Date: Fri, 30 May 2014 00:49:45 GMT
    Server: Microsoft-IIS/8.5
    X-Powered-By: ASP.NET
    Content-Length: 1346
    Content-Type: text/html
  Autodiscover: SendRequest(): the URL
  http://lyncdiscover.openjive.com/[email protected] couldn't be connected.  Complete HTTP headers:\r\n Date: Fri, 30 May 2014 00:49:45 GMT
  Server: Microsoft-IIS/8.5
  X-Powered-By: ASP.NET
  Couldn't connect to URL
  http://lyncdiscover.openjive.com/[email protected] (HTTP status code NotAcceptable)
  System.Exception: Couldn't connect to URL
  http://lyncdiscover.openjive.com/[email protected] (HTTP status code NotAcceptable)
     at Microsoft.LyncServer.WebServices.AutoDiscoverManager.TerminateAD(String mesg)
     at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<SendRequest>d__d.MoveNext()
  --- End of stack trace from previous location where exception was thrown ---
     at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
     at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
     at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
     at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<TryNextUrl>d__3.MoveNext()
  --- End of stack trace from previous location where exception was thrown ---
     at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
     at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
     at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<StartDiscoveryJourney>d__0.MoveNext()
  --- End of stack trace from previous location where exception was thrown ---
     at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
     at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
     at LyncConnectivityAnalyzerCore.Utilities.<RetrieveUserLocation>d__3e.MoveNext()
  Server discovery failed for unsecured external channel against
  http://lyncdiscover.openjive.com/
  None, AutoInternalDNSFail, AutoInternalSecureD, AutoInternalUnsecureD, AutoExternalUnsecureD, ManualDNSFail, ManualSecureD, ManualUnsecureD, AuthBrokerInternalLMXCheckGET, AuthBrokerInternalLMXCheckPOST, AuthBrokerExternalLMXCheckGET, AuthBrokerExternalLMXCheckPOST,
  MobilityMCXInternalLMXCheckGET, MobilityMCXInternalLMXCheckPOST, MobilityMCXExternalLMXCheckGET, MobilityMCXExternalLMXCheckPOST, LMXSIPServerInternalDNS, LMXSIPServerExternalDNS, MobilityUCWAInternalCheckPOST, MobilityUCWAExternalCheckPOST
  Starting the requirement tests for Lync Mobile 2013 App
  Please wait; this test may take several minutes to complete...
  Testing the app requirements using the following discovery response:
  Access Location                          : External
  SIP Server Internal Access               : banff.openjive.local
  SIP Server External Access               : lyncedge.openjive.com
  SIP Client Internal Access               : banff.openjive.local
  SIP Client External Access               : lyncedge.openjive.com
  Internal Auth broker service             :
  https://banff.openjive.local/Reach/sip.svc
  External Auth broker service             :
  https://lyncweb.openjive.com/Reach/sip.svc
  Internal Auto discover service           :
  https://banff.openjive.local/Autodiscover/AutodiscoverService.svc/root
  External Auto discover service           :
  https://lyncweb.openjive.com/Autodiscover/AutodiscoverService.svc/root
  Internal MCX service                     :
  https://lyncweb.openjive.com/Mcx/McxService.svc
  External MCX service                     :
  https://lyncweb.openjive.com/Mcx/McxService.svc
  Internal UCWA service                    :
  https://banff.openjive.local/ucwa/v1/applications
  External UCWA service                    :
  https://lyncweb.openjive.com/ucwa/v1/applications
  Internal Webscheduler service            :
  https://banff.openjive.local/Scheduler
  External Webscheduler service            :
  https://lyncweb.openjive.com/Scheduler
  Starting tests for Mobility (UCWA) service
  UCWA user agent string: <input xmlns="<property">http://schemas.microsoft.com/rtc/2012/03/ucwa"><property name="culture">en-US</property><property name="endpointId">44:D8:84:3C:68:68</property><property
  name="type">Phone</property><property name="userAgent">LyncConnectivityAnalyzer/5.0.8308.582 (Windows OS 6.0)</property></input>
  Verifying external Ucwa service:
  https://lyncweb.openjive.com/ucwa/v1/applications
  On-premises WebTicket server:
  https://lyncweb.openjive.com/WebTicket/WebTicketService.svc/Auth
  AcquireTicketAsync succeeded for
  https://lyncweb.openjive.com/WebTicket/WebTicketService.svc/Auth
  WebTicket: <saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="SamlSecurityToken-cda8f5c3-dc31-46d1-b9ba-51fa49cffcd3" Issuer="https://banff.openjive.local:4443/f0ca8325-b055-5552-be4f-fb4088f97387"
  IssueInstant="2014-05-30T00:52:06.062Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"><saml:Conditions NotBefore="2014-05-30T00:52:06.062Z" NotOnOrAfter="2014-05-30T08:44:42.062Z"><saml:AudienceRestrictionCondition><saml:Audience>https://lyncweb.openjive.com/</saml:Audience></saml:AudienceRestrictionCondition></saml:Conditions><saml:AuthenticationStatement
  AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified" AuthenticationInstant="2014-05-30T00:52:06.062Z"><saml:Subject><saml:NameIdentifier Format="sip:[email protected]</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod><KeyInfo">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/uri">sip:[email protected]</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod><KeyInfo
  xmlns="<e:EncryptedKey">http://www.w3.org/2000/09/xmldsig#"><e:EncryptedKey xmlns:e="<e:EncryptionMethod">http://www.w3.org/2001/04/xmlenc#"><e:EncryptionMethod
  Algorithm="</e:EncryptionMethod><KeyInfo><KeyName>f0ca8325-b055-5552-be4f-fb4088f97387:8d149b659ca1d29</KeyName></KeyInfo><e:CipherData><e:CipherValue>HiaWvrXQLacT+brihMO3w2xV0JCWsOj2hQNAkbGkl1yuavEW5U2+yA==</e:CipherValue></e:CipherData></e:EncryptedKey></KeyInfo></saml:SubjectConfirmation></saml:Subject></saml:AuthenticationStatement><Signature">http://www.w3.org/2001/04/xmlenc#kw-aes256"></e:EncryptionMethod><KeyInfo><KeyName>f0ca8325-b055-5552-be4f-fb4088f97387:8d149b659ca1d29</KeyName></KeyInfo><e:CipherData><e:CipherValue>HiaWvrXQLacT+brihMO3w2xV0JCWsOj2hQNAkbGkl1yuavEW5U2+yA==</e:CipherValue></e:CipherData></e:EncryptedKey></KeyInfo></saml:SubjectConfirmation></saml:Subject></saml:AuthenticationStatement><Signature
  xmlns="<SignedInfo><CanonicalizationMethod">http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="</CanonicalizationMethod><SignatureMethod">http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod><SignatureMethod
  Algorithm="</SignatureMethod><Reference">http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod><Reference URI="#SamlSecurityToken-cda8f5c3-dc31-46d1-b9ba-51fa49cffcd3"><Transforms><Transform
  Algorithm="</Transform><Transform">http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform><Transform Algorithm="</Transform></Transforms><DigestMethod">http://www.w3.org/2001/10/xml-exc-c14n#"></Transform></Transforms><DigestMethod
  Algorithm="</DigestMethod><DigestValue>9aGUpr6tQkHD1fj+o1gDZSFMpPp1HwnNjO9BmmGjA+Y=</DigestValue></Reference></SignedInfo><SignatureValue>jfleXw8Do6pavetwKPAGEEIezTJlJhF2UlnuNh04dK4FlCJMRowZbxHUyqUjTsCbjIdvVMhljsPrufsPwPd4v1ksvf8apfeVJ2zZZSyIqLLCjKW3Vus7X6DlBqZ+YB8rP1dGKleuH5E7kuk4asAc5XpzjoB3xvLf5cXp2hVvKuhwlDhqQp3dCIFnNCGPQLbqY+hek55uNcmyspJno13YbQ/fje/1CJxfwiN3M0o2dPskIMvOt1oqHlxn1zIeWm1lWkKd/ZDjchoWzmqiO67cbXuJpe7IrqwCx4WT7vHMkyHZznXB6D55pgPen94+h0Vwq75mWZeYBMIeXOM3t+7HnA==</SignatureValue><KeyInfo><o:SecurityTokenReference">http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod><DigestValue>9aGUpr6tQkHD1fj+o1gDZSFMpPp1HwnNjO9BmmGjA+Y=</DigestValue></Reference></SignedInfo><SignatureValue>jfleXw8Do6pavetwKPAGEEIezTJlJhF2UlnuNh04dK4FlCJMRowZbxHUyqUjTsCbjIdvVMhljsPrufsPwPd4v1ksvf8apfeVJ2zZZSyIqLLCjKW3Vus7X6DlBqZ+YB8rP1dGKleuH5E7kuk4asAc5XpzjoB3xvLf5cXp2hVvKuhwlDhqQp3dCIFnNCGPQLbqY+hek55uNcmyspJno13YbQ/fje/1CJxfwiN3M0o2dPskIMvOt1oqHlxn1zIeWm1lWkKd/ZDjchoWzmqiO67cbXuJpe7IrqwCx4WT7vHMkyHZznXB6D55pgPen94+h0Vwq75mWZeYBMIeXOM3t+7HnA==</SignatureValue><KeyInfo><o:SecurityTokenReference
  xmlns:o="<o:KeyIdentifier">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><o:KeyIdentifier ValueType="AhJJ0tEVWf4IRNbKNKfDMD1Qyvg=</o:KeyIdentifier></o:SecurityTokenReference></KeyInfo></Signature></saml:Assertion">http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">AhJJ0tEVWf4IRNbKNKfDMD1Qyvg=</o:KeyIdentifier></o:SecurityTokenReference></KeyInfo></Signature></saml:Assertion>
  Successfully created the UCWA service
  Completed tests for Mobility (UCWA) service
  None, AutoInternalDNSFail, AutoInternalSecureD, AutoInternalUnsecureD, AutoExternalUnsecureD, ManualDNSFail, ManualSecureD, ManualUnsecureD, AuthBrokerInternalLMXCheckGET, AuthBrokerInternalLMXCheckPOST, AuthBrokerExternalLMXCheckGET, AuthBrokerExternalLMXCheckPOST,
  MobilityMCXInternalLMXCheckGET, MobilityMCXInternalLMXCheckPOST, MobilityMCXExternalLMXCheckGET, MobilityMCXExternalLMXCheckPOST, LMXSIPServerInternalDNS, LMXSIPServerExternalDNS, MobilityUCWAInternalCheckPOST
  Your deployment meets the minimum requirements for Lync Mobile 2013 App.

• How do I use Sun Web Server 7.0u1 reverse proxy to change public URLs?

  Some of our installations use the Sun Web Server 7.0 (update 1, usually)
  for hosting some of the public resource and reverse-proxying other parts
  of the URI namespace from other backend servers (content, application
  and other types of servers).
  So far every type of backend server served a unique part of the namespace
  and there was no collision of names, and the backend resources were
  published in a one-to-one manner. That is, a backend resource like, say,
  http://appserver:8080/content/page.html would be published in the internet
  as http://www.publicsite.com/content/page.html
  I was recently asked to research whether we can rename some parts of
  the public URI namespace, to publish some or all resources as, say,
  http://www.publicsite.com/data/page.html while using the same backend
  resources.
  Another quest, possibly related in solution, was to make a tidy url for the
  first page the user opens of the site. That is, in the current solution when
  a visitor types the url "www.publicsite.com" in his or her browser, our web
  server returns an HTTP-302 redirect to the actual first page URL, so the
  browser sends a second request (and changes the URL in its location bar).
  One customer said that it is not "tidy". They don't want the URL to change
  right upon first rendering the page. They want the root page to be rendered
  instantly i the first HTTP request.
  So far I found that I can't solve these problems. I believe these problems
  share a solution because it relies on ability to control the actual URI strings
  requested by Sun Web Server from backend servers.
  Some details follow, now:
  It seems that the reverse proxy (Service fn="service-passthrough") takes
  only the $uri value which was originally requested by the browser. I didn't
  yet manage to override this value while processing a request, not even if
  I "restart" a request. Turning the error log up to "finest" I see that even
  when making the "service-passthrough" operation, the Sun Web Server
  still remembers that the request was for "/test" (in my test case below);
  it does indeed ask the backend server for an URI "/test" and that fails.
  [04/Mar/2009:21:45:34] finest (25095) www.publicsite.com: for host xx.xx.xx.83
  trying to GET /content/MainPage.html while trying to GET /test, func_exec reports:
  fn="service-passthrough" rewrite-host="true" rewrite-location="true"
  servers="http://10.16.2.127:8080" Directive="Service" DaemonPool="2b1348"
  returned 0 (REQ_PROCEED)My obj.conf file currently has simple clauses like this:
  # this causes /content/* to be taken from another (backend) server
  NameTrans fn="assign-name" from="/content" name="content-test" nostat="/content"
  # this causes requests to site root to be HTTP-redirected to a certain page URI
  <If $uri =~ '^/$'>
      NameTrans fn="redirect"
          url="http://www.publicsite.com/content/MainPage.html"
  </If>
  <Object name="content-test">
  ### This maps http://public/content/* to http://10.16.2.127:8080/content/*
  ### Somehow the desired solution should instead map http://public/data/* to http://10.16.2.127:8080/content/*
      Service fn="service-passthrough" rewrite-host="true" rewrite-location="true" servers="http://10.16.2.127:8080"
      Service fn="set-variable" set-srvhdrs="host=www.publicsite.com:80"
  </Object>
  I have also tried "restart"ing the request like this:
      NameTrans fn="restart" uri="/data"or desperately trying to set the new request uri like this:
      Service fn="set-variable"  uri="/magnoliaPublic/Main.html"Thanks for any ideas (including a statement whether this can be done at all
  in some version of Sun Web Server 7.0 or its opensourced siblings) ;)
  //Jim

  Some of our installations use the Sun Web Server 7.0 (update 1, usually)please plan on installing the latest service pack - 7.0 Update 4. these updates addresses potentially critical bug fixes.
  I was recently asked to research whether we can rename some parts of
  the public URI namespace, to publish some or all resources as, say,
  http://www.publicsite.com/data/page.html while using the same backend
  resources.> now, if all the resources are under say /data, then how will you know which pages need to be sent to which back end resources. i guess, you probably meant to check for /data/page.html should go to <back-end>/content/page.html
  yes, you could do something like
  - edit your corresponding obj.conf (<hostname>-obj.conf or obj.conf depending on your configuration)
  <Object name=¨default¨>
  <If $uri = ¨/page/¨>
  #move this nametrans SAF (for map directive - which is for reverse proxy within <if> clause)
  NameTrans.. fn=map
  </If
  </Object>
  and you could do https-<hostname>/bin/reconfig (dynamic reconfiguration) to check out if this is what you wanted. also, you might want to move config/server.xml <log-level> to finest and do your configuration . this way, you would get enough information on what is going on within your server logs.
  finally,when you are satisfied, you might have to run the following command to make your manual change into admin config repository.
  <install-root>/bin/wadm pull-config user=admin config=<hostname> <hostname>
  <install-root>/bin/wadm deploy-config --user=admin <hostname>
  you might want to check out this for more info on how you could use <if> else condition to handle your requirement.
  http://docs.sun.com/app/docs/doc/820-6599/gdaer?a=view
  finally, you might want to refer to this doc - which explains on ws7 request processing overview. this should provide you with some pointers as to what these different directives mean
  http://docs.sun.com/app/docs/doc/820-6599/gbysz?a=view
  >
  One customer said that it is not "tidy". They don't want the URL to change
  right upon first rendering the page. They want the root page to be rendered
  instantly i the first HTTP request.
  please check out the rewrite / restart SAF. this should help you.
  http://docs.sun.com/app/docs/doc/820-6599/gdada?a=view
  pl. understand that - like with more web servers - ordering of directives is very important within obj.conf. so, you might want to make sure that you verify the obj.conf directive ordering is what you want it to do..
  It seems that the reverse proxy (Service fn="service-passthrough") takes
  only the $uri value which was originally requested by the browser. I didn't
  yet manage to override this value while processing a request, not even if
  I "restart" a request. Turning the error log up to "finest" I see that even
  when making the "service-passthrough" operation, the Sun Web Server
  still remembers that the request was for "/test" (in my test case below);
  it does indeed ask the backend server for an URI "/test" and that fails.
  now, you are in the totally wrong direction. web server 7 includes a highly integrated reverse proxy solution compared to 6.1. unlike 6.1, you don´t have to download a separate plugin . however, you will need to manually migrate your 6.1 based reverse proxy settings into 7.0. please check out this blog link on how to set up a reverse proxy
  http://blogs.sun.com/amit/entry/setting_up_a_reverse_proxy
  feel free to post to us if you need any futher help
  you are probably better off - starting fresh
  - install ws7u4
  - use gui or CLI to create a reverse proxy and map one on one - say content
  http://docs.sun.com/app/docs/doc/820-6601/create-reverse-proxy-1?a=view
  if you don´t plan on using ws7 integrated web container (ability to process jsp/servlet), then you could disable java support as well. this should reduce your server memory footprint
  <install-root>/bin/wadm disable-java user=admin config=<hostname>
  <install-root>/bin/wadm create-reverse-proxy user=admin uri-prefix=/content server=<http://your back end server/ config=<hostname> --vs=<hostname>
  <install-root>/bin/wadm deploy-config --user=admin <hostname>
  now, you can check out the regular express processing and <if> syntax from our docs and try it out within <https-<hostname>/config/<hostname>-obj.conf> file and restart the server. pl. note that once you disable java, ws7 admin server creates <vs>-obj.conf and you need to edit this file and not default obj.conf for your changes to be read by server.
  >
  I have also tried "restart"ing the request like this:
  NameTrans fn="restart" uri="/data"
  ordering is very important here... you need to do this some thing like
  <Object name=default>
  <If not $restarted>
  NameTrans fn=restart uri from=/¨ uri=/foo.
  </If>

• Reverse proxy to applications on a server by just domain names possible?

  Hi All
  I am looking for a solution to set up a single server, that hosts four J2EE web applications running on a Glassfish application server with just only one IP address.
  When a user wants to use an application, he/she can just type URL without specifing port and path, and the corresponding web application will be displayed accordingly as shown below
  http://sub1.domain1.com -- > webapp1 at port 9100
  https://sub2.domain1.com -- > webapp2 at port 9200
  http://sub1.domain2.com -- > webapp3 at port 9300
  https://sub2.domain2.com -- > webapp4 at port 9400
  I am wandering whether I could use reverse proxy of Sun Java System Web Server 7 to route the traffic from the domain names to their own application on Glassfish as shown above? I tried by creating two HTTP listeners to listen at port 80, and 443 respectively, but I could not access different applications based on domain names without specifying specifix path or port.
  Is there any recommended resources or example of the mapping, or any other suggested solution?

  Thank you for your reply nsegura. I created 4 different virtual servers as you suggested and it worked :)
  However, I have a problem in reverse proxy base on path.
  The scenario is below
  I have an J2EE application that needs to be deployed in three different environment (production, training, testing). It
  is the same application for three environments, so I want them to have the same context-root. I want to use Sun Web Server 7.0 to reverse proxy to the application in each environment based on path, not URL redirect. Example of URL are shown below
  https://sub.domain3.com/app -- > http://localhost:9500 (with context-root /app)
  https://sub.domain3.com/training/app -- > http://localhost:9600 (with context-root /app)
  https://sub.domain3.com/testing/app -- > http://localhost:9700 (with context-root /app)
  So far, it works if I set context-root of the application in each environment differently
  https://sub.domain3.com/app -- > http://localhost:9500 (with context-root /app)
  https://sub.domain3.com/training/app -- > http://localhost:9600 (with context-root /training/app)
  https://sub.domain3.com/testing/app -- > http://localhost:9700 (with context-root /testing/app)
  I am wandering whether there is a solution with Sun Web Server 7 that I can use to achieve reverse proxy of the same application in different environments without having to modifying context-root for each environment and use URL redirect?
  I was thinking about using rewriting path with reverse proxy, but I did not see this function under reverse proxy tab.
  Any ideas?

• Reverse Proxy with Sun Web Server 7 update 4

  Hi All,
  I've just migrating to Sun Java System Web Server 7.0U4 B12/02/2008 from Sun Java System Web Server 7.0-Technology-Preview-3 B09/13/2006. I've have the two web servers running side by side on separate machines. Both have a VS configured as a reverse proxy pointing to the same apache tomcat web server.
  The Tech Preview 3 server works fine and has been doing since it was installed. However the Update 4 server doesn't. I can access the tomcat app via the U4 server in a browser, but not with the app on my mobile (sync ML). Snooping the traffic show me that the U4 server is sending a different response that the Tech Preview server. I'm thinking it may have to do with Transfer Encoding: chunked. I've looked around the web to see if I can turn this off in the U4 server, as I seem to recall having to do so at some point in my life, though I can't remember when and with what.
  Does anybody have any clues they can throw at me?? Or anybody know what has change in the reverse proxy part of the web server from Tech Preview 3 to U4??
  Both VS reverse proxies are congfigured exactly the same.
  Thanks,
  Stuart.

  well, technology preview is what the name says .. i am surprised that u decided to stick with a technology preview release all these days.. in any case, there should not have any feature change between technology preview build and U4. but , there has been lot of bug fixes - so, unless we know the exact problem - we can't easily narrow down the change between tp3 build with U4 and find out how it is affecting u.
  here is a related article on how to use chunked encoding within web server 7
  http://developers.sun.com/webtier/reference/techart/chunked_req.html
  now, to help you more appropriately, you need to provide us with errors (probably with log level set to finest within server.xml) and let us know with the error reported by web server when it is unable to send those requests to back end tomcat
  you can set log level to finest by running the following command
  /sun/webserver7/bin/wadm set-config-prop -user=admin --config=<hostname> log-level=finest
  /sun/webserver7/bin/wadm deploy-config --user=admin <hostname>
  http://docs.sun.com/app/docs/doc/820-4842/set-config-prop-1?a=view
  (once you have identified the problem, you might want to set log level to info as setting to finest will cause your logs to grow humongous and also hurt performance
  thanks
  sriram

• Sun Web server 7  - Reverse proxy to different

  Hi All,
  I have following scenario:
  I have deploy my application into 2 dedicated weblogic servers, http://host1:7001/myapp and http://host2:7001/myapp. How can I configure the reverse proxy so whenever user enter the URL, webserver will forward different app server like below;
  #1 - http://abc.com >> web server will forward to http://host1:7001/myapp
  #2 - http://abc.com/controller>> web server will forward to http://host2:7001/myapp
  I follow tutorial from this link >> http://blogs.sun.com/amit/entry/setting_up_a_reverse_proxy
  For requirement #1 it work perfectly since i put URI = /myapp and Server URL = http://host1:7001.
  But for #2, it doesnt work since I put the URI=/controller.
  We wanted to be like http://abc.com/controller, so it will forward to second app server which difference application.
  Is it possible? or any other to do like that?
  Thanks!

  Hi Sriram,
  I'm having similar problem with atehac, the only difference is that the web server
  #1 http://domain.com/web1 >> forwarded to http://local-pc1.com:8080/
  #2 http://domain.com/web2 >> forwarded to http://local-pc2.com:8080/
  This is the setting that I've made in <vs>obj.conf :
  NameTrans fn="map" from="/web1" name="reverse-proxy-/web1" to="http:/"
  NameTrans fn="map" from="/" name="reverse-proxy-/web1" to="http:/"
  NameTrans fn="map" from="/web2" name="reverse-proxy-/web2" to="http:/"
  NameTrans fn="map" from="/" name="reverse-proxy-/web2" to="http:/"
  <Object name="reverse-proxy-/web1">
  Route fn="set-origin-server" server="http://local-pc1.com:8080"
  </Object>
  <Object name="reverse-proxy-/web2">
  Route fn="set-origin-server" server="http://local-pc2.com:8080"
  </Object>
  But the problem is local-pc2 won't be able to be accessed, while for local-pc1 will be mapped, but it omit /web1
  So it will be like http://domain.com/web1 at the beginning, but after I press enter it became like http://domain.com
  What I wish is something like http://domain.com/web1 all the way.
  Do you have any idea Sriram?
  Regards,
  Berry