Secured connections for reverse proxy 4.0 possible?

Similar Messages

• SSL for Reverse Proxy, webdispatcher and EP?

  We have a setup like:
  Reverse Proxy->webdispatcher->EP
  Do we need SSL for Reverse Proxy, webdispatcher and EP?
  If so, how to do it?
  Thanks!

  You don't need SSL because of the middleware architecture. It is recommended for the obvious security reasons (protect user credentials, protect sensitive content while in transmission, etc.).
  For performance reasons, I prefer not to have SSL encryption on the EP server, but instead offload it to other hardware. Ideally that's a network appliance, but you can use the Web Dispatcher instead.
  On the other hand, you have a reverse proxy as well. In some cases the reverse proxy is configured decrypting SSL traffic as well (e.g., to do packet inspection). If that is the case, there isn't much point in re-encrypting it before relaying to the Web Dispatcher, so that it can only decrypt it again. But if you reverse proxy is doing a "pass-through", the Web Dispatcher should decrypt it (in my opinion) to offload the EP server.

• How to have Secure Connection for File Adapter.Pls help

  Hi All,
  For File to File Scenario
  How to have Secure Connection for File Adapter.
  Pls send links/blogs explaining this scenario.
  Regards

  hi rich
  go through these links
  FTPs connection failed - error ".. certificate rejected by ChainVerifier"
  Re: What is SFTP, FTI channels
  http://help.sap.com/saphelp_erp2005/helpdata/en/e3/94007075cae04f930cc4c034e411e1/frameset.htm
  http://help.sap.com/saphelp_erp2005/helpdata/en/bc/bb79d6061007419a081e58cbeaaf28/frameset.htm
  FTPS implementation question.
  http://help.sap.com/saphelp_nw04s/helpdata/en/43/0e16bfd7b021aee10000000a1553f6/frameset.htm
  Server certificate rejected by ChainVerifier:FTPS server(Points Guaranteed)
  /people/krishna.moorthyp/blog/2007/07/31/sftp-vs-ftps-in-sap-pi
  File adapter
  thanks
  Kunaal

• Cannot connect to Reverse Proxy

  Hi- I have what I think is a basic Lync setup, but it's basica-ally driving me crazy! What I have is:
  1 Standard Edition Server
  1 Edge Server
  1 Reverse Proxy (IIS with ARR)
  1 Office Web Apps Server
  I've followed some of the numerous how-tos to set up these boxes. My internal setup works great with no issues.
  I've worked with my security admin to get the firewall rules set up.. We have SSL certs  (with SANs) installed and assigned on RP and Edge. I've set up persistent routes on RP and Edge to FE server.  I can telnet from Reverse Proxy to Edge and
  back. I've ran netstat to ensure both are listening on 443. But when I run the Microsoft Connectivity Analyzer (online) results show that connection to port 443 on the server failed and says that the port is either blocked or not listening.
  Using the Lync Connectivity Analyzer (in house) shows that a connection to "Lyncdiscover.domain.com" failed.
  Any insight is greatly appreciated.
  Thanx

  Public DNS records verified. (Although I do see some posts that say to create CNAME records instead of A records (we created A records) and other posts that say it doesn't matter.
  Rewrite rules in IIS ARR verified.
  I've triple-checked the certificate (issued by Digicert) and the simple URLs are all listed in the SAN:
  sip.domain.com, meet.domain.com, dialin.domain.com, lyncdiscover.domain.com, and officewebapps.domain.com
  Here's the error generated by the LCA:
  An error occurred while sending the request.
  Unable to connect to the remote server
  A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond [xx.xxx.xxx.xxx]:443
  If I try to open the Default Web Site from the server, I'm first presented with "There is a problem with this website's security certificate. The security certificate presented by this website was issued for a different website's address" message.
  Clicking on "continue to this website" I get a "403-Forbidden" error. I read in another post that this message was as expected.
  Trying to connect to lyncdiscover.domain.com from a browser on the RP returns a "Server not found". [This leads me to believe that the request is not getting through the firewall]. Attempts to access the simple URLs returns a "This page cannot
  be displayed"
  All services work internally...
  More telnet testing: As previously posted, I CAN telnet between RP and Edge (external IPs) but CANNOT telnet to public IP of RP on 443
  A similar issue with the Edge Server: netstat shows 0.0.0.0:443 listening but cannot connect via telnet to public IP on 443
  RELATED QUESTION: Do I need the SANs included on my internal cert, too?
  Thanx
  SteveSmo
  "Never, ever doubt what nobody is sure about." -Willy Wonka

• Securing a WCCP reverse-proxy Content Engine

  I have been implementing a reverse-proxy solution for a client using WCCP and a CE500 series.
  Testing all went fine. Days before going live we experienced a problem :- The CE was an open proxy that were allowing parties on the internet to proxy through it - effectively destroying our Internet link.
  I had to use a combination of ACLs on our routers etc... to stop the attempts and have now configured regex rules to only permit the domain and the ip addresses hosted by this reverse proxy. This seems to work somewhat, but I still see some connections in the logs to sites not protected by the CE.
  Anyone got any ideas/guidelines or have any information on securely implementing a CE?

  Hi,
  I'm using software version 2.51, this is the newest software supported by Cache Engine 505.
  My firewall is permited any traffic between the router and the Cache.
  It's very strange, because the Router discover the Cache using WCCP, at the command "show ip wccp web-cache" for example, the "redirect" packets counter is incrementing, but it doesn't working.

• Need in depth knowledge about Certficate request and install for Reverse proxy and CAS role

  Hi,
  I have few confusions about Exchange 2010/13 certificate request and install. As per my understanding best practise is to assign public CA certificate to Reverse proxy and Local CA certificate to CAS servers but need to know that what should be the format
  of certificate request? Do we need to order public certificate just for mail.domain.com and add SAN for other web services URLs and is it required to add CAS array and server names to this certificate ? In what case we will add server names and what will happen
  if we don't add in it ? How the outlook clients connecting from internet will be using this certificate? I have very limited knowledge in certificates and it always pisses me off. Please help me with explanations and articles. I tried to google and gone through
  many articles but didn't get a fair idea. Thanks in advacnce. :) 

  Hi,
  Here are my answers you can refer to:
  1. Use the New-ExchangeCertificate cmdlet to generate a new certificate request:
  New-Exchangecertificate -domainname mail.domain.com, autodiscover.domain.com -generaterequest:$true -keysize 1024 -path "c:\Certificates\xxxx.req” -privatekeyexportable:$true –subjectname "c=US o=domain.com, CN=server.domain.com"
  2. CAS array name doesn’t need to be added in the certificate:
  http://blogs.technet.com/b/exchange/archive/2012/03/23/demystifying-the-cas-array-object-part-1.aspx
  3. It depends on the situation that you configured to add the server name.
  4. Outlook clients use certificate for authentication.
  If you have any question, please feel free to let me know.
  Thanks,
  Angela Shi
  TechNet Community Support

• How to Install Apache 2.x with ssl on solaris 8/9 for reverse proxy

  Hi,
  I need to install Apache 2.x on solaris , along with mod_ssl and openssl . I am not sure where to find the required version for solaris and also where to find openssl and mod_ssl for installation for 2.x.
  I need this for configuring reverse proxy pointing to the Portal.

  Harish,
  I think, I don't get your problem...
  the files are available at http://www.apache.org (binaries and source)
  http://www.artfiles.org/apache.org/httpd/binaries/solaris/
  openssl at http://www.openssl.org
  mod_ssl at http://www.modssl.org
  kr, achim

• HT2497 secure connection for software updates

  Several days ago, I began to do a software update to see if there are any updates for the OS.  I have done this many times over many years.  When I began an OS software update several days ago, I got a mesage that said, more or less, that a secure connection could not be established or verified.  My computer asked me if I wanted to proceed anyway.  I did not proceed.  I had never before gotten such a notice.  A few days later, when I tried to make an SFTP connection completely unrelated to Apple, I got essentially the same notice and question.  What causes these notices?  Is this connection problem caused by a cracker, my computer, something wrong I did, the phone company, my ISP, or some other source?  Can I identify the cause or stop the problem?  Is there a security problem?  If so, what's causing it?
  The problem is stated above.  Below, I give information which may be related.
  In the Users and Groups preference panel which one sees when one creates a new user, there is no set of alternate images shown to the administrator.  The new user automatically is given a log in image but the administrator is not shown a set of alternate images from which he may choose one.  The images are in folders in root/Library/User Pictures but the images are not automatically shown to the administrator.  When a new user is created, an image is automatically assigned to him.  If one clicks that image, one sees three words:  Defaults, Recents, Camera.  Below those words, one sees "No Items".  Two users have been given the same image.  I think that this is evidence that my OS may be from a source other than Apple.  I bought the computer with Lion.  I downloaded Mountain Lion for free in the standard way over the Internet but it is conceivable that it did not really come from Apple, I suppose.  I post this message because of the insecure connection problem which so far has occurred twice, once involving Mac OS software update.

  Did you get it through the Mac App Store?
  Or, did you get it from some other source on the internet?

• SMP 3.0 (using Agentry): Requirements for Reverse Proxy

  All.
  We are in the process of designing our landscape for SMP 3.0, where we will expose Agentry functionality, and are currently looking at the Reverse Proxy technology to use.
  From the document
  Common Requirements for Reverse Proxies - Landscape Planning and Design - SAP Library
  it is stated that any reverse proxy used:
  Does not remove any HTTP headers.
  Sets a timeout period, if used, that is greater than the timeout used by the clients.
  Is this all the requirements that must be fulfilled for a reverse proxy ?
  We are looking into installing a common Reverse Proxy technology, that can handle reverse proxy requirements for multiple platforms.
  Hence I need to specify the requirements, in relation to SMP, for this technology.
  I hope someone can help.
  Thanks.
  Søren Hansen.

  Thanks Bill and Steve.
  I got it now - for Agentry support we need WebSockets.
  What about everything else on SMP 3.0 ?
  From this document:
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/200d7500-2605-3210-9d91-a24cfb6523ba?QuickLink=index&…
  it is stated on page 4 that different technologies needs different platforms.
  Application          Reverse Proxy
  Native                 Apache
  Hybrid                 Apache
  Agentry               Nginx
  MBO                   RelayServer
  Is there no one Reverse Proxy platform that can act for all application types in front of SMP 3.0 ?
  And what should the entire list of demands be ?
  Søren Hansen

• Apache installation for reverse proxy in linux for portal

  dear all,
  can u please guide me where to download the openssl apache foe linux for the reverse proxy
  regards
  revanth

  Google is your friend...
  It will take 15 seconds !
  Regards,
  Olivier

• Changing URL path or prefix for Java Systems for Reverse Proxying

  I am running an Apache Reverse Proxy for multiple systems including Enterprise Portal and GRC.  Unfortunately, the two systems share the same directory structure (e.g. /webdynpro, /images, /logon, /useradmin, /VC).  The reverse proxy won't be able to differentiate URLs for the two systems.
  I want to add a prefix (e.g. /grc/webdynpro) or change the URL directories (e.g. /grcwebdynpro) for Portal or GRC.  How can I do this?

  Thank you for the reply, but could you explain?  It seems like this wiki is suggesting how to change the default port and start URL and how to configure reverse proxies in general.  It doesn't seem to answer the specific question that I have.
  I need to add or modify the URL so that it is unique to the reverse proxy.  For example, EP and GRC both use /webdynpro.  I would like one of them to use a completely different structure (e.g. /grc/webdynpro) so that the reverse proxy can differentiate requests to different hosts.
  The reason why changing the Start URL doesn't seem like the answer is because the fundamental directory structure is still the same.  The reverse proxy won't be able to differentiate the different requests because of this.
  I am looking for some kind of configuration that lets me add a prefix to the entire web application server.  Is anyone aware of this configuration or know of an alternative solution?

• Adding Expired heading with static value for reverse proxy

  I'd like to add an Expired heading to a response leaving a reverse proxy to make sure that the browser will not cache the file locally (or at least attempt to prevent it).
  Is this possible with SWP? I cannot find out how to do this in the admin interface at least. I'm running 4.0.5 B04
  thanx,

  I'd like to add an Expired heading to a response leaving a reverse proxy to make sure that the browser will not cache the file locally (or at least attempt to prevent it).
  Is this possible with SWP? I cannot find out how to do this in the admin interface at least. I'm running 4.0.5 B04
  thanx,

• Error While connecting for ABAP Proxy

  Hi All,
  i am getting the connection error while creating the proxy connection from PI server to R3 System . I have checked the SLD configuration but did not find any wrong parameters there.
  I am getting the below error.
  "Error while reading ID of own business system from the SLD for system UDX and client 200", Also the software component of PI box is not getting reflected in SPROXY transaction of R3 system

  Hi,
  Do you see RFC created for /rep of desired PI system?This could be potential issue in your case:
  Please check this:
  In order to connect to an ESR, you have to maintain the RFC destination "SAP_PROXY_ESR". This RFC destination will then be used by proxy generation / Transaction SPROXY. It has to be set up using transaction SM59 and should look like this:
  RFC Destination: SAP_PROXY_ESR
  Connection Type: G  (HTTP Connection to External Serv)
  Description1: ESR for Proxy Generation
  Target Host: esr_host
  Service No: 1080
  Path Prefix: /rep
  Logon and Security:
  Basic Authentication: active
  User: esr_user
  Password: esr_password
  Regards,
  Ashutosh

• Secure Connection for Mail in ColdFusion

  Hi,
  Can anyone help me out on this:
  I wished to know as to how can we configure the SSL with respect to Mail (Enable SSL socket connections to mail server ), in Cold Fusion 7.
  As the Admin of the same is not having the above mentioned Check Box to do so. The same is present in for higher version of Cold Fusion (i.e ColdFuion 8.0.1)
  Waiting to hear
  Thanks
  Simar

  Google this: Cfmail Gmail, and you'll find a good tutorial on how to 
  enable SSL programmatically.
  Sincerely,
  Michael
  El 11/05/2009, a las 1:22, spsb84 <[email protected]> escribió:
  >
  Hi,
  >
  Can anyone help me out on this:
  >
  I wished to know as to how can we configure the SSL with respect to 
  Mail (Enable SSL socket connections to mail server ), in Cold 
  Fusion 7.
  As the Admin of the same is not having the above mentioned Check Box 
  to do so. The same is present in for higher version of Cold Fusion 
  (i.e ColdFuion 8.0.1)
  >
  Waiting to hear
  >
  Thanks
  Simar
  >

• UrlRewrite for reverse proxy on IIS

  Hi,
  I have a situation where I need to host node server behind IIS on the same machine. I wanted to create an application under the Default Web Site in IIS running on ports 80. I want the application to reroute the urls to the node server listening on port say
  3000. I tried using the Urlrewrite to create a reverseproxy rule to send all the requests to the node server. I am facing problems trying to load the static files. I tried different Urlrewrite pattern matches but could not get this to work. Can someone suggest
  me what would be the best way to configure the urlrewrites so that have the routes sent to the node server while the static files loaded from where my IIS application is pointed to?
  Example: http://mysite.com/webapp -> load static files
  http://mysite.com/webapp -> reroute the routes to http://mysite.com:3000

  Hello Victor1124,
  This forum is for Microsoft Small Basic program language.  You should better to ask your question in http://forums.iis.net/ .
  Thanks.
  Nonki Takahashi