Reverse proxy with apache2

Similar Messages

• IIS Reverse Proxy with URL rewrite.

  Hi all, hoping to leverage the wealth of knowledge contained here.
  Any assistance would be very welcome.
  I'm having an issue getting a reverse proxy and URL rewrite working in IIS 7.0.
  I need to redirect all requests with a specific virtual directory suffix only.
  ie; https://domain.test.com/outbound/Content/query_etc
  With /Outbound/ being the trigger.
  This should be redirected to http://10.10.10.10/inbound/Content/query_etc
  While at the same time, requests without the /outbound/ suffix should be handled locally.
  I have configured the reverse proxy as described in a few articles, and have had no luck.
  Here's a snippet from my (sanitized) web.config at the site level.
  <rewrite>
  <outboundRules>
  <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
  <match filterByTags="A" pattern="^http(s)?://10.10.10.10/inbound/(.*)" />
  <action type="Rewrite" value="https://domain.test.com/outbound/{R:2}" />
  </rule>
  <preConditions>
  <preCondition name="ResponseIsHtml1">
  <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
  </preCondition>
  </preConditions>
  </outboundRules>
  <rules>
  <rule name="ReverseProxyInboundRule1" stopProcessing="true">
  <match url="^outbound/(.*)" />
  <action type="Rewrite" url="http://10.10.10.10/inbound/{R:1}" appendQueryString="true" logRewrittenUrl="false" />
  </rule>
  </rules>
  </rewrite>
  To me, this looks correct, yet it doesn't work.
  With this, I get the normal 404 - Error Code 0x80070002, with the text indicating the local directory doesn't exist, so.... not being picked up by the filter for redirection.

  Hi Andrew,
  Looking at your requirements it appears you need Reverse Proxy To Another Site/Server.
  By using URL Rewrite Module together with
  Application Request Routing module you can have IIS 7 act as a
  reverse proxy.
  It seems like URL Rewrite can't re-route the request somewhere else out of the server.
  Even when you rewrite the url the actual connection remains with the server. Hence if your original server doesn't have /inbound/Content/query_etc  it will fail with 404.
  Hosting multiple domain names under a single account using URL Rewrite.
  It’s a common desire to have a single IIS website that handles multiple sites with different domain names.
  References:
  How to create a url alias using IIS URL Rewrite:
  http://blogs.technet.com/b/mspfe/archive/2013/11/27/how-to-create-a-url-alias-using-iis-url-rewrite.aspx
  Reverse Proxy with URL Rewrite v2 and Application Request Routing:
  http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing
  Regards,
  Satyajit
  Please“Vote As Helpful”
  if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

• Apache Reverse Proxy with Abap Web query

  Hi to all
    We are trying to configure apache 2 to work as a reverse proxy with web abap Netweaver installation.
  From inside the network the web query is fine.
  Running the query with the reverse proxy we have only the html code in the browser. All the scripts and css are not present.
  We checked some messages inside the forum and we have tried a lot of stuff without success.
  We use always linux (Fedora, Ubuntu with xampp or apache only) plus the html module or the publisher from http://apache.webthing.com.
  Our installation is like this the reverse proxy in the dmz and the netweaver to the inside off coarse, and we don't have the same domain name, i don't know if this is important.
  Any help/idea  is valuable.
  Thank you
  Yiannis

  Hi Olivier
  I have seen your solution in other messages but i didn't try it because i was trying to work with the html_proxy module.
  I read the documents you gave me plus some apache tutorials on the rewrite rule.
  In any case i have my installation working now.
  I did some extra changes in my config so now the rules are like that
  ProxyVia On
  ProxyBadHeader IsError
  ProxyRequests Off
  ProxyPreserveHost On
  ProxyPass /sap http://192.168.1.59:8001/sap
  ProxyPassReverse /sap http://192.168.1.59:8001/sap
  RewriteEngine On
  RewriteRule ^/(sap\(.*) http://192.168.1.59:8001/$1 [P,L]
  Thanks again for your help
  Yiannis

• CSM-S to Servers... Reverse proxy with authentication?

  Using a CSM-S with a number of web servers behind it, can the CSM-S be configured to act as a reverse proxy for the servers with no other equipment or licenses to buy?

  Reverse proxy with authentication.

• Reverse Proxy with Sun Web Server 7 update 4

  Hi All,
  I've just migrating to Sun Java System Web Server 7.0U4 B12/02/2008 from Sun Java System Web Server 7.0-Technology-Preview-3 B09/13/2006. I've have the two web servers running side by side on separate machines. Both have a VS configured as a reverse proxy pointing to the same apache tomcat web server.
  The Tech Preview 3 server works fine and has been doing since it was installed. However the Update 4 server doesn't. I can access the tomcat app via the U4 server in a browser, but not with the app on my mobile (sync ML). Snooping the traffic show me that the U4 server is sending a different response that the Tech Preview server. I'm thinking it may have to do with Transfer Encoding: chunked. I've looked around the web to see if I can turn this off in the U4 server, as I seem to recall having to do so at some point in my life, though I can't remember when and with what.
  Does anybody have any clues they can throw at me?? Or anybody know what has change in the reverse proxy part of the web server from Tech Preview 3 to U4??
  Both VS reverse proxies are congfigured exactly the same.
  Thanks,
  Stuart.

  well, technology preview is what the name says .. i am surprised that u decided to stick with a technology preview release all these days.. in any case, there should not have any feature change between technology preview build and U4. but , there has been lot of bug fixes - so, unless we know the exact problem - we can't easily narrow down the change between tp3 build with U4 and find out how it is affecting u.
  here is a related article on how to use chunked encoding within web server 7
  http://developers.sun.com/webtier/reference/techart/chunked_req.html
  now, to help you more appropriately, you need to provide us with errors (probably with log level set to finest within server.xml) and let us know with the error reported by web server when it is unable to send those requests to back end tomcat
  you can set log level to finest by running the following command
  /sun/webserver7/bin/wadm set-config-prop -user=admin --config=<hostname> log-level=finest
  /sun/webserver7/bin/wadm deploy-config --user=admin <hostname>
  http://docs.sun.com/app/docs/doc/820-4842/set-config-prop-1?a=view
  (once you have identified the problem, you might want to set log level to info as setting to finest will cause your logs to grow humongous and also hurt performance
  thanks
  sriram

• Apache Reverse proxy with SSL

  Hi,
  I'm trying to install Apache Reverse proxy which will support both HTTP and HTTPS request.
  <b>What do I need to activate to support the HTTPS requests?</b>
  I installed Apache 2.0.53 Released and trying to activate the mod_ssl.
  From Where can I get the mod_ssl.so?
  I saw that there are 2 projects:
  Apache Interface to OpenSSL (mod_ssl)
  Apache-SSL
  Do I need to use them in case I want to use HTTPs?
  Regards,
  Yael

  Get the latest oppenssl compile it. before you compile apache, execute ./configure --help in the apache directory. It will give you the commands that you need to use to activate and deactivate various things in apache.
  mine is as follows:
  ./configure --with-layout=GNU --enable-proxy --enable-ssl --with-ssl=/usr/lo
  cal/src/apachessl/openssl-0.9.7f/ --enable-vhost-alias --enable-rewrite --enable
  -so --enable-proxy-http --enable-proxy-connect --enable- headers
  then make and make install.
  hope it helps.
  Jai

• Reverse Proxy with Firewall on Portal R2

  We are trying to configure Oracle Portal R2 in the reverse proxy mode. We have a Sun Enterprise 250 used in a single machine configuration. (Infr. and Mid tier on same machine)
  The webcache server is listening on server.company.com:7781
  The portal server is listening on server.company.com:7782
  The login server is listening on server.company.com:7780
  The proxy server is listening on www.company.com:81
  According to the Oracle Portal Config Guide we have followed the steps to configure Apache (inclusion of the virtual hosts, etc) and run the ptlasst script to reconfigure portal. While portal responds correctly on www.company.com:81 when i try to log on using the login link I get redirected to server.company.com:7780/...
  Obviously everything seems to be ok from within the LAN since i can see server.company.com, but via internet it doesnt work.
  Here is how we run the script:
  ./ptlasst.csh -mode MIDTIER -host www.company.com -port 81 -chost server.company.com -cport_i 4007 -i custom -c server.company.com:1521:iasdb -pwd xxxxxx
  How can we correct this problem? Do we need to run any other script?

  Hi Suraj,
  The following is the problem.
  We have Sun Enterprise 450 on which Oracle 9iAS Release 2 installed and we are trying to use reverse proxy plugin with iplanet, being installed on windows machine. In the hosts file i have mentioned the following required parameters ie.,
  oproxy.serverlist=ias1
  oproxy.ias1.hostname=http://192.168.1.12 - where Oracle 9iAS is installed
  oproxy.ias1.port=7779
  oproxy.ias1.urlrule=/*
  oproxy.ias1.alias=http://myoracleportal.peesh.com
  oproxy.ias1.stripcontext=false
  and whenever i restart iplanet server after this, here is the following log information.
  06/26/2002 11:57:52 AM: [op_nsapi_plugin.c (296)]: op_init: log_file=e:/iPlanet/https-pncl-hcl028-053.pinnacle.com/logs/oproxy.log server_file=e:/iPlanet/https-pncl-hcl028-053.pinnacle.com/config/servers/oracleProxyPluginInfo.conf
  06/26/2002 11:57:52 AM: [op_uri_map.c (128)]: Into op_uri_map_t::uri_map_alloc
  06/26/2002 11:57:52 AM: [op_uri_map.c (162)]: Into op_uri_map_t::uri_map_open
  06/26/2002 11:57:52 AM: [op_worker_list.c (37)]: op_worker_list_init: propfile=e:/iPlanet/https-pncl-hcl028-053.pinnacle.com/config/servers/oracleProxyPluginInfo.conf p=0x00DC8828 l=0x00DBDA70
  06/26/2002 11:57:52 AM: [op_worker_list.c (45)]: op_worker_list_init: numservers=1
  06/26/2002 11:57:52 AM: [op_worker_list.c (57)]: op_worker_list_init: inside loop, serverlist[0]=ias1
  06/26/2002 11:57:52 AM: [op_worker_list.c (73)]: op_worker_list_init: hostname=http://192.168.1.12
  06/26/2002 11:57:52 AM: [op_worker_list.c (82)]: op_worker_list_init: port=7779
  06/26/2002 11:57:53 AM: [op_uri_map.c (192)]: op_uri_map_t::uri_map_open, rule map size is 0
  06/26/2002 11:57:53 AM: [op_uri_map.c (325)]: op_uri_map_t::uri_map_open, done
  06/26/2002 11:57:53 AM: [op_nsapi_plugin.c (304)]: op_init: exiting
  I have a feeling that "oracle_proxy_nes.dll" maintains all the .conf file information in a stack, whose size is 0.
  pls see interpret this log the way you see.
  thanks in advance,
  gupta

• Sophos Firewall\Reverse Proxy With Lync 2013

  We currently have Lync 2013 deployed internally and working like a champ for about 5 months now. We are in the process of trying to get this rolled out externally and running into issues.
  It seems we have the ports opened up properly but the MS remote connectivity analyzer comes back with certificate error "The certificate couldn't be validated because SSL negotiation wasn't successful.
  I'm pretty certain our certificates are correct for the external edge server and the external firewall\Reverse proxy. From the Lync planning tool we have been following it and so far successful until the certificates. The certificates tool shows we should
  have the following certs assigned: (keep in mind we have 2 separate certificates assigned)
  Edge Server External
  Subject name: lyncaccess.domain.com
  SAN:webcon.domain.com and sip.domain.com
  Reverse Proxy:
  rp0100.domain.com (reverse proxy FQDN does resolve)
  SAN: dialin.domain.com, meet.domain.com, and temwac.domain.com (office web apps server)
  We requested the certificates from Go daddy and have them installed and the SANs are in there correct. The connectivity analyzer is able to get to our server using autodiscover over port 443, we see the traffic come in through the firewall and nothing is
  blocked just the certificate could not be validated.
  Has anyone deployed Lync using the Sophos UTM as a reverse Proxy any other ideas as to what we are missing with these certificates?
  The certificate couldn't be validated because SSL negotiation wasn't successful.
  The certificate couldn't be validated because SSL negotiation wasn't successful.

  lyncdiscover.domain.com does not resolve. Discovery is working fine through the connectivity analyzer. We actually figured that part out about the SSL. It seems we had the firewall and Reverse proxy rules in place on the Sophos appliance but the firewall
  rules leaving the edge server were being blocked. It took us about 1.5 days to figure that part out.
  The connectivity analyzer now is able to authenticate the certificates successfully. Of course it wouldn't be a Lync roll out without the next issue coming up.
  The next issue we have is the connectivity analyzer reaching the AV service. Which we are going to assume is a routing issue as well and are currently troubleshooting it:
  Couldn't sign in. Error: Error Message: The endpoint was unable to register. See the ErrorCode for specific reason..
  Error Type: RegisterException.
  Deregister Reason: None.
  Response Code: 504.
  Response Text: Server time-out.
  http://social.technet.microsoft.com/Forums/lync/en-US/f95c47cc-f8eb-4646-bdac-6c7244b26ff1/couldnt-sign-in-error-error-message-the-endpoint-was-unable-to-register-new-deployment?forum=ocsplanningdeployment
  Wish me luck.

• Reverse Proxy with Coldfusion 8

  Has anyone set up Sun Java Web Server 7 to reverse proxy Coldfusion 8 (also running under SJWS7)? I can reverse proxy static HTML and SHTML content with SJWS7, but not Coldfusion content.
  Thanks in advance for any help, tips, etc.
  --Frank                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

  Thanks for replying, MV -- I've been out for a while -- sorry for the delay. Below are obj.conf and <vs> obj.conf:
  obj.conf
  # Copyright 2006 Sun Microsystems, Inc. All rights reserved.
  # Use is subject to license terms.
  # You can edit this file, but comments and formatting changes # might be lost when you use the administration GUI or CLI.
  <Object name="default">
  AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
  NameTrans fn="ntrans-j2ee" name="j2ee"
  NameTrans fn="pfx2dir" from="/mc-icons" dir="/opt/webserver7/lib/icons" name="es-internal"
  PathCheck fn="uri-clean"
  PathCheck fn="check-acl" acl="default"
  PathCheck fn="find-pathinfo"
  PathCheck fn="find-index-j2ee"
  PathCheck fn="find-index" index-names="index.html,home.html,index.jsp"
  ObjectType fn="type-j2ee"
  ObjectType fn="type-by-extension"
  ObjectType fn="force-type" type="text/plain"
  Service method="(GET|HEAD)" type="magnus-internal/directory" fn="index-common"
  Service method="(GET|HEAD|POST)" type="*~magnus-internal/*" fn="send-file"
  Service method="TRACE" fn="service-trace"
  Error fn="error-j2ee"
  AddLog fn="flex-log"
  </Object>
  <Object name="j2ee">
  Service fn="service-j2ee" method="*"
  </Object>
  <Object name="es-internal">
  PathCheck fn="check-acl" acl="es-internal"
  </Object>
  <Object name="cgi">
  ObjectType fn="force-type" type="magnus-internal/cgi"
  Service fn="send-cgi"
  </Object>
  <Object name="send-precompressed">
  PathCheck fn="find-compressed"
  </Object>
  <Object name="compress-on-demand">
  Output fn="insert-filter" filter="http-compression"
  </Object>
  wwwproxy-obj.conf
  # Copyright 2007 Sun Microsystems, Inc. All rights reserved.
  # Use is subject to license terms.
  # You can edit this file, but comments and formatting changes # might be lost when you use the administration GUI or CLI.
  <Object name="default">
  AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
  NameTrans fn="ntrans-j2ee" name="j2ee"
  NameTrans fn="pfx2dir" from="/mc-icons" dir="/opt/webserver7/lib/icons" name="es-internal"
  NameTrans fn="map" from="/" name="reverse-proxy-/" to="http:/"
  PathCheck fn="uri-clean"
  PathCheck fn="check-acl" acl="default"
  PathCheck fn="find-pathinfo"
  PathCheck fn="find-index-j2ee"
  PathCheck fn="find-index" index-names="index.html,home.html,index.jsp"
  ObjectType fn="type-j2ee"
  ObjectType fn="type-by-extension"
  ObjectType fn="force-type" type="text/plain"
  Service method="(GET|HEAD)" type="magnus-internal/directory" fn="index-common"
  Service method="(GET|HEAD|POST)" type="*~magnus-internal/*" fn="send-file"
  Service method="TRACE" fn="service-trace"
  Error fn="error-j2ee"
  AddLog fn="flex-log"
  </Object>
  <Object name="j2ee">
  Service fn="service-j2ee" method="*"
  </Object>
  <Object name="es-internal">
  PathCheck fn="check-acl" acl="es-internal"
  </Object>
  <Object name="cgi">
  ObjectType fn="force-type" type="magnus-internal/cgi"
  Service fn="send-cgi"
  </Object>
  <Object name="send-precompressed">
  PathCheck fn="find-compressed"
  </Object>
  <Object name="compress-on-demand">
  Output fn="insert-filter" filter="http-compression"
  </Object>
  <Object name="reverse-proxy-/">
  Route fn="set-origin-server" server="www.water.ca.gov"
  </Object>
  <Object ppath="http:*">
  Service fn="proxy-retrieve" method="*"
  </Object>

• RDS 2012 - Using a reverse proxy with the Gateway server on the internal LAN

  Hi there,
  I'm looking to introduce an RDS 2012 farm and would like to put the RDS Gateway server on the internal LAN (due to it's AD requirements etc).
  What are the best practise options for using a reverse proxy to forward traffic to the gateway server and is it better to do this than just forward 443 traffic from the DMZ through to the Gateway directly?
  Thanks,
  Paul.

  Hi Paul,
  It is generally considered more secure to have a reverse proxy in front of RDG.  I don't know of a proxy that will handle the RDG UDP traffic, so you will need to consider using direct server return for that or not having the benefit of UDP.  Whether
  or not it is acceptable to simply forward TCP 443/UDP 3391 directly to your internal RDG is up to your security policies.  Many companies are fine with it while many other companies think it is unacceptable and require a reverse proxy or other method
  to provide an extra layer of protection.
  -TP

• Sun One 6.1 reverse proxy with multiple certs

  We are using Sun One Web Server 6.1sp6 as a reverse proxy without the passthrough plugin. We also have multiple certs and not a global cert and what we are seeing is the data getting "staged" on the web server before moving on to the destination (which obviously halves throughput). Some research tells us that this staging is happening because it needs to re-encrypt the packets for the next cert.
  Is there any way besides having a global cert that we can get around this? Would using the passthrough plugin help?
  Thanks,
  Don

  The thing is that it apparently doesn't do it on the fly, which is why I was wondering if the passthrough plug in would help. In other words, if I am sending a 10mb file through to the destination server (there's a weblogic server on the back end with a different cert that I want to do the real processing), the web server waits until it gets all 10mb then resends it. Seems it should do the encrypt/decrypt on a packet level to me.
  As far as the config, I didn't set it up, I'm just trying to get it to work :)
  Here are the configs, if it would help. If there's something set up wrong here, please feel free to point it out!
  Thanks,
  Don
  magnus.conf
  # The NetsiteRoot, ServerName, and ServerID directives are DEPRECATED.
  # They will not be supported in future releases of the Web Server.
  NetsiteRoot /iplanet/servers
  ServerName rpserver.testdomain.com
  ServerID https-rpserver.testdomain.com
  RqThrottle 256
  DNS off
  Security on
  PidLog /iplanet/servers/https-rpserver.testdomain.com/logs/pid
  User iplanet1
  StackSize 131072
  TempDir /tmp/https-rpserver.testdomain.com-a9dd9515
  PostThreadsEarly off
  KernelThreads off
  ChunkedRequestBufferSize 0
  LogVerbose on
  LogVsId off
  AsyncDNS off
  KeepAliveTimeout 10
  UseNativePoll on
  Init fn="load-modules" funcs="wl_proxy,wl_init" shlib=/iplanet/servers/plugins/nsapi/wls923/libproxy128_61.so
  Init fn="wl_init"
  Init fn="load-modules" shlib="/iplanet/servers/bin/https/lib/libj2eeplugin.so" shlib_flags="(global|now)"
  Init fn="stats-init" profiling="on"
  obj.conf
  # The NetsiteRoot, ServerName, and ServerID directives are DEPRECATED.
  # They will not be supported in future releases of the Web Server.
  NetsiteRoot /iplanet/servers
  ServerName rpserver.testdomain.com
  ServerID https-rpserver.testdomain.com
  RqThrottle 256
  DNS off
  Security on
  PidLog /iplanet/servers/https-rpserver.testdomain.com/logs/pid
  User iplanet1
  StackSize 131072
  TempDir /tmp/https-rpserver.testdomain.com-a9dd9515
  PostThreadsEarly off
  KernelThreads off
  ChunkedRequestBufferSize 0
  LogVerbose on
  LogVsId off
  AsyncDNS off
  KeepAliveTimeout 10
  UseNativePoll on
  Init fn="load-modules" funcs="wl_proxy,wl_init" shlib=/iplanet/servers/plugins/nsapi/wls923/libproxy128_61.so
  Init fn="wl_init"
  Init fn="load-modules" shlib="/iplanet/servers/bin/https/lib/libj2eeplugin.so" shlib_flags="(global|now)"
  Init fn="stats-init" profiling="on"
  server.xml
  <?xml version="1.0" encoding="UTF-8"?>
  <!--
  Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved.
  Use is subject to license terms.
  -->
  <!DOCTYPE SERVER PUBLIC "-//Sun Microsystems Inc.//DTD Sun ONE Web Server 6.1//EN" "file:///iplanet/servers/bin/https/dtds/sun-web-server_6_1.dtd">
  <SERVER qosactive="false">
  <PROPERTY name="docroot" value="/iplanet/servers/docs"/>
  <PROPERTY name="accesslog" value="/iplanet/servers/https-rpserver.testdomain.com/logs/access"/>
  <PROPERTY name="user" value=""/>
  <PROPERTY name="group" value=""/>
  <PROPERTY name="chroot" value=""/>
  <PROPERTY name="dir" value=""/>
  <PROPERTY name="nice" value=""/>
  <LS id="ls1" port="443" servername="rpserver.testdomain.com" defaultvs="https-rpserver.testdomain.com" security="on" ip="any" blocking="false" acceptorthreads="2">
  <SSLPARAMS servercertnickname="Server-Cert" ssl2="off" ssl2ciphers="-rc4,-rc4export,-rc2,-rc2export,-desede3,-des" ssl3="on" tls="on" ssl3tlsciphers="-rsa_rc4_128_sha,+rsa_rc4_128_md5,-rsa_rc4_56_sha,-rsa_rc4_40_md5,+rsa_3des_sha,+rsa_des_sha,-rsa_des_56_sha,-rsa_rc2_40_md5,-rsa_null_md5,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,+fips_3des_sha,-fips_des_sha" tlsrollback="on" clientauth="off"/>
  </LS>
  <MIME id="mime1" file="mime.types"/>
  <ACLFILE id="acl1" file="/iplanet/servers/httpacl/generated.https-rpserver.testdomain.com.acl"/>
  <VSCLASS id="vsclass1" objectfile="obj.conf" rootobject="default" acceptlanguage="false">
  <VS id="https-rpserver.testdomain.com" connections="ls1" mime="mime1" aclids="acl1" urlhosts="rpserver.testdomain.com" state="on">
  <PROPERTY name="docroot" value="/iplanet/servers/docs"/>
  <USERDB id="default"/>
  <SEARCH>
  <WEBAPP uri="/search" path="/iplanet/servers/bin/https/webapps/search" enabled="true"/>
  </SEARCH>
  </VS>
  </VSCLASS>
  <JAVA javahome="/iplanet/servers/bin/https/jdk" serverclasspath="/iplanet/servers/bin/https/jar/webserv-rt.jar:${java.home}/lib/tools.jar:/iplanet/servers/bin/https/jar/webserv-ext.jar:/iplanet/servers/bin/https/jar/webserv-jstl.jar:/iplanet/servers/bin/https/jar/ktsearch.jar" classpathsuffix="" envclasspathignored="true" nativelibrarypathprefix="" debug="false" debugoptions="-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n" dynamicreloadinterval="-1">
  <JVMOPTIONS>-Djava.security.auth.login.config=/iplanet/servers/https-rpserver.testdomain.com/config/login.conf</JVMOPTIONS>
  <JVMOPTIONS>-Djava.util.logging.manager=com.iplanet.ias.server.logging.ServerLogManager</JVMOPTIONS>
  <JVMOPTIONS>-Xmx256m</JVMOPTIONS>
  <SECURITY defaultrealm="native" anonymousrole="ANYONE" audit="false">
  <AUTHREALM name="file" classname="com.iplanet.ias.security.auth.realm.file.FileRealm">
  <PROPERTY name="file" value="/iplanet/servers/https-rpserver.testdomain.com/config/keyfile"/>
  <PROPERTY name="jaas-context" value="fileRealm"/>
  </AUTHREALM>
  <AUTHREALM name="native" classname="com.iplanet.ias.security.auth.realm.webcore.NativeRealm">
  <PROPERTY name="jaas-context" value="nativeRealm"/>
  </AUTHREALM>
  <AUTHREALM name="ldap" classname="com.iplanet.ias.security.auth.realm.ldap.LDAPRealm">
  <PROPERTY name="directory" value="ldap://localhost:389"/>
  <PROPERTY name="base-dn" value="o=isp"/>
  <PROPERTY name="jaas-context" value="ldapRealm"/>
  </AUTHREALM>
  </SECURITY>
  <RESOURCES/>
  </JAVA>
  <LOG file="/iplanet/servers/https-rpserver.testdomain.com/logs/errors" loglevel="info" logtoconsole="true" usesyslog="false" createconsole="false" logstderr="true" logstdout="true" logvsid="false"/>
  </SERVER>

• Applet does not load using java 1.5 through reverse proxy with certific...

  Hi,
  we have the following problem:
  When using java 1.5 in our browser, our applet does not load. Using java 1.4.2 it works. It also works using java 1.5.0 using another reverse proxy.
  The differences between the 2 reverse proxies (one works, one works not) we use is that the one through which the applet does not load has a certificate installed that is not for its hostname. Can this be the reason the applet does not load? Where can I find information about the sandbox of java 1.5.0 concerning these issues. Are there any docs of the security restrictions imposed by java 1.5.0 sandbox?
  Greetings,
  Tim

  Ok,
  the solution to this specific problem was a misconfigured reverse dns lookup.
  Greets,
  Tim

• Border manager as reverse proxy with Sharepoint 2007

  hello
  need to implement an extranet based solution of Windows Sharepoint 2007, clients may need to traverse a BM reverse proxy server in order to hit the sharepoint environment. have a few questions
  1. does it work well? or at all?
  2. is the SSL session from the client terminated at the BM level
  3. will be using SSL, can i install certs at the BM level for the site?
  any other tips??

  Originally Posted by phxazcraig
  In article <[email protected]>, Gwelsh123 wrote:
  > 1. does it work well? or at all?
  Should work.
  > 2. is the SSL session from the client terminated at the BM level
  Yes, if you use proxy, sessions are always between client and proxy,
  and another session between proxy and origin server.
  > 3. will be using SSL, can i install certs at the BM level for the
  > site?
  I'm not quite sure what you mean. If you want to encrypt the data, I
  think you would be best off doing a generic tcp proxy for port 443, and
  have the cert on the endpoint (sharepoint) server, but perhaps that
  would give cert errors due to the addressing.
  Craig Johnson
  Novell Support Connection SysOp
  *** For a current patch list, tips, handy files and books on
  BorderManager, go to Craig Johnson Consulting - BorderManager, NetWare, and More ***
  Im sure when using ISA as the reverse proxy, you install the SSL certs on the ISA box, and then you can use an internally generated cert on the web servers.
  I also read somewhere that BM dosent support webdav?
  do novell provide any documentation on this sort of configuration
  we have a BM server already, there is an external firewall which forwards traffic to various websites to a specific port on the BM server, which then proxies the requests internall. it dosent seem particularly smart, more like a glorified port forwarder?

• DMZ with reverse proxy

  Hi All,
  I am trying to configure DMZ.
  But I am having only one node for apache.
  So I thought of configuring DMZ using Reverse Proxy with no External node.
  But I am bit confused with configuration of Reverse Proxy using the apache shipped with E-business
  My current archecture like:
  Node 1 : Apache ,Forms and MWA
  Node 2 : CM and DB
  OS : AIX 5.3
  Version : 11.5.10.2
  DB : 10.2.0.4
  1.Will there be 2 apache process running as applmgr on node1(one for external and other for internal)
  2.Will there be 2 context files in node1 (one for external and other for internale)
  3.How to configure 2 Server name for node1
  Thanks in advance

  Hi,
  Did you review (Note: 438744.1 - Case History: Implementing a Reverse Proxy Alone in a DMZ Configuration - 11i)?
  Regards,
  Hussein

• Cert auth with a SWS7 reverse-proxy in the way

  We are planning to try authenticating Access Manager 7.1 (Portal, Messaging Server) users with a certificate module so they don't have to enter usernames and passwords all the time.
  By architecture of the project, there are internal servers (actual AM, Portal, etc hosts in cluster config) in the internal LAN, and a Sun Web Server 7 in the DMZ acting as a load-balancer and reverse proxy which can filter some HTTP code if we need it to. This works okay for usual HTTP sessions.
  I have vague ideas how would this NOT break HTTPS sessions concerning the user cert auth module, but I have little to no practice with it.
  I would like to know whether we can offload SSL decoding to the Sun Web Server acting as a reverse proxy (with i.e. Niagara hardware for SSL acceleration) and pass/use the user's certificate information to an internal Access Manager host for user authentication, or are we stuck with TCP port-forwarding from internet straight to the internal hosts on the firewall or some hardware LB?
  Port-forwarding is not good because of security concerns, and in this case it seems we'd have to make several listening ports, one for each backend application, instead of publishing one standard 443 port on the rev-proxy...
  Perhaps there are ways to allow the Web Server to decode HTTPS handshake, determine the destination backend host, and pass the original HTTPS packets to it? Which server certificates would be in effect in such case, or should they be the same on front and backend hosts?
  Perhaps we should set up some AM component for the frontend hosts (I've seen keywords about Distributed Access Manager, but didn't research it yet)?
  Any other good ideas? :)

  Got the rever proxy to work.  Below are the field values in the reverse proxy setting that has worked:
  Reverse proxy name: <any name>
  Incoming http header host name: server1.domain..company.com (get it from the end-point in WSDL) 
  Incoming ICM port: port (get it from the end-point in WSDL)
  Substitute host name: server2.domain..company.com (has to be FQDN)
  Substitute http port: 80 (in my case)
  Substitute https port: (blank)
  Additional path prefix: (blank)
  Meta data protocol subsitution: http
  Endpoint protocol subsitution: http
  Status: active