Simple URLs only on reverse proxy?

Similar Messages

• Only Federation: Reverse Proxy required?

  Hi,
  We are planning to deploy an Edge for Federation (only Federation) and we are wondering whether Reverse Proxy is actually required or not.
  From Setting up reverse proxy servers for Lync Server 2013 we get the features given by the Reverse Proxy. The one that could impact us and makes us doubt is:
  "Enabling external users to download meeting content for your meetings"
  It says "downloading content" not "joining".
  Without Reverse Proxy we're sure we couldn't schedule meetings through Outlook as they would contain a Meet URL that wouldn't be reachable for the federated user. In addition, we suppose that "Meet now" wouldn't work due to the same reason.
  But, if I have an IM or A/V conversation with another internal user or a federated user (peer-to-peer) and promote it to conference by inviting a federated user... Would we the three have a conference with IM and A/V? Or won't it be possible because federated
  user actually needs Meet URL in order to connect and there wouldn't be a Reverse Proxy?
  TechNet just say "downloading content" and Lync 2013 workload posters doesn't show any communication between Lync Federation and Reverse Proxy. That's why we doubt whether it's needed or not.
  Thanks.
  Kind regards.

  I have never tested this scenario before and i'm completely basing on the logic that how it works. and based on the
  Lync server 2013 protocol Workload Poster, it does seems to use https traffic while on a A\V conference as well as app sharing. But i think you still can have AV conference as long
  as you invite people to an ongoing conference.
  http://thamaraw.com

• Change the redirect URL sent to reverse proxy

  Hi all,
  My system is composed of a reverse proxy(Apache 2.046) and a backend webserver (Oracle HTTP Server).
  To connect to a web application on the back end web server, the Internet user connect to reverse proxy via HTTPS and the reverse proxy forward the request to backend webserver via HTTP.
  Example :
  Internet user type :
  https://myreverseproxy/myWebApp
  The reverse proxy translate this to :
  http://mybackendserver/myWebApp
  The problem is myWebApp do a redirect like this:
  http://myreverseproxy/myWebApp/login.jsp
  How can I config the reverse proxy to change the redirect URL to :
  https://myreverseproxy/myWebApp/login.jsp
  Thank you in advance

  Hi Ove
      That is working fine.. Only thing i did is mapping node to /author . But is it possible to hit the author instance only wen i type http://localhost:4502/author . Ie: if I type http://localhost:4502 it should not resolve to my login page
  Thanks
  veena

• I want keep the URL. is it reverse proxy?

  Hi everyone.
  I don't know what is right.
  Just I want keep the url.
  for example,
  I have public url address. ex) public.abc.com
  and I have EP Product Server beyond firewall ex) ep.abc.com:50100/irj
  and I have B2C Homepage Server beyond firewall ex) b2b.abc.com:80
  I don't want to show public visitor our systems(url, ports, etc)
  so if user type the url "http://public.abc.com/epadm" then move to "http://ep.abc.com:50100/irj" but, user don't show the change url. just show the url is "http://public.abc.com/epadm". any click the hyperlink in EP Product System, don't change the url "http://public.abc.com/epadm"
  Could you help me?

  Mr. Park,
  On the WinNT server just open <drive:\>\winnt\system32\drivers\etc\hosts
  and make entry as following
  192.x.x.x epdev epdev.abccompany.com
  then save and test.
  More details on this thread: https://forums.sdn.sap.com/thread.jspa?threadID=80511
  <a href="https://forums.sdn.sap.com/thread.jspa?threadID=80511">FQDN</a>
  I hope can resolve your FQDN redirection.
  regards,
  AAAttar

• IIS Reverse Proxy with URL rewrite.

  Hi all, hoping to leverage the wealth of knowledge contained here.
  Any assistance would be very welcome.
  I'm having an issue getting a reverse proxy and URL rewrite working in IIS 7.0.
  I need to redirect all requests with a specific virtual directory suffix only.
  ie; https://domain.test.com/outbound/Content/query_etc
  With /Outbound/ being the trigger.
  This should be redirected to http://10.10.10.10/inbound/Content/query_etc
  While at the same time, requests without the /outbound/ suffix should be handled locally.
  I have configured the reverse proxy as described in a few articles, and have had no luck.
  Here's a snippet from my (sanitized) web.config at the site level.
  <rewrite>
  <outboundRules>
  <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
  <match filterByTags="A" pattern="^http(s)?://10.10.10.10/inbound/(.*)" />
  <action type="Rewrite" value="https://domain.test.com/outbound/{R:2}" />
  </rule>
  <preConditions>
  <preCondition name="ResponseIsHtml1">
  <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
  </preCondition>
  </preConditions>
  </outboundRules>
  <rules>
  <rule name="ReverseProxyInboundRule1" stopProcessing="true">
  <match url="^outbound/(.*)" />
  <action type="Rewrite" url="http://10.10.10.10/inbound/{R:1}" appendQueryString="true" logRewrittenUrl="false" />
  </rule>
  </rules>
  </rewrite>
  To me, this looks correct, yet it doesn't work.
  With this, I get the normal 404 - Error Code 0x80070002, with the text indicating the local directory doesn't exist, so.... not being picked up by the filter for redirection.

  Hi Andrew,
  Looking at your requirements it appears you need Reverse Proxy To Another Site/Server.
  By using URL Rewrite Module together with
  Application Request Routing module you can have IIS 7 act as a
  reverse proxy.
  It seems like URL Rewrite can't re-route the request somewhere else out of the server.
  Even when you rewrite the url the actual connection remains with the server. Hence if your original server doesn't have /inbound/Content/query_etc  it will fail with 404.
  Hosting multiple domain names under a single account using URL Rewrite.
  It’s a common desire to have a single IIS website that handles multiple sites with different domain names.
  References:
  How to create a url alias using IIS URL Rewrite:
  http://blogs.technet.com/b/mspfe/archive/2013/11/27/how-to-create-a-url-alias-using-iis-url-rewrite.aspx
  Reverse Proxy with URL Rewrite v2 and Application Request Routing:
  http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing
  Regards,
  Satyajit
  Please“Vote As Helpful”
  if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

• Reverse Proxy question

  Hi,
  I'm using the Sun Webserver 7 and my aim is to allow for some URLs to be reverse proxied into a different server altogether. e.g.
  http://xyz.com/test/something.do --> http://abc.com/test/something.do and
  http://xyz.com/test/images/123.jpg --> http://abc.com/test/images/123.jpg
  Notice that the targetURL is essentially similar to the first one with the difference in domain.
  1) The reason I have the /test/ in the target URL is because from what I have observed (and I have used the Webserver console only) if I had to map /test -> http://abc.com/ in the Reverse proxy then it looks like it adds the /test as well which I'd probably not like to have but its something I can live with.
  2) Considering security, I don't want to reverse proxy all of http://abc.com/ but just the http://abc.com/test/ - the issue here though is the /test/. When I set the Reverse Proxy setting to map /test/ to http://abc.com/test/ I get an error during the re-deployment saying
  set-origin-server reports: CORE7706: invalid URL: http://abc.com/test/ [there is a test directory in the docroot and I also created a simple index.jsp in it to be sure]
  When I try with other existing URLs also http://abc.com/images/ I get the same error. So I'm going to assume only the server is expected here and nothing more. Is there a way around that? I see some people mention more specific URLs in their forum posts and wanted to know if there is something I'm missing.
  Thanks for any input.

  Hi,
  I'm using the Sun Webserver 7 and my aim is to allow for some URLs to be reverse proxied into a different server altogether. e.g.
  http://xyz.com/test/something.do --> http://abc.com/test/something.do and
  http://xyz.com/test/images/123.jpg --> http://abc.com/test/images/123.jpg
  Notice that the targetURL is essentially similar to the first one with the difference in domain.
  1) The reason I have the /test/ in the target URL is because from what I have observed (and I have used the Webserver console only) if I had to map /test -> http://abc.com/ in the Reverse proxy then it looks like it adds the /test as well which I'd probably not like to have but its something I can live with.
  You might want to check out pre defined variables and regular expression pattern matching within our product (which provides lot more options than what is possible through the console)
  http://download.oracle.com/docs/cd/E19146-01/821-1827/gdaer/index.html
  For example, I would do some thing like
  a) manually edit the obj.conf or <vs>-obj.conf depending on your configuration
  <Object name="default">
  <If $urlhost =~ "/xyz.com" and $uri =~ "/test/(.*)" >
  <If not $security>
  NameTrans fn=rewrite from="http://abc.com/$1"
  <Else>
  NameTrans fn=rewrite from="https://abc.com/$1"
  </Else>
  </If>
  <If>
  ... rest of the directives..
  </If>
  </Object>
  2) Considering security, I don't want to reverse proxy all of http://abc.com/ but just the http://abc.com/test/ - the issue here though is the /test/. When I set the Reverse Proxy setting to map /test/ to http://abc.com/test/ I get an error during the re-deployment saying
  set-origin-server reports: CORE7706: invalid URL: http://abc.com/test/ [there is a test directory in the docroot and I also created a simple index.jsp in it to be sure]
  ( I believe you shouldn't be using the trailing slash (it should have been http://abc.com/test
  When I try with other existing URLs also http://abc.com/images/ I get the same error. So I'm going to assume only the server is expected here and nothing more. Is there a way around that? I see some people mention more specific URLs in their forum posts and wanted to know if there is something I'm missing.
  In the reverse proxy scenario, can you try this ( you probably do not need my earlier ones too.. )
  <Object name="default">
  <If not $internal and $urlhost =~ "xyz.com">
  NameTrans fn=map from="/test" to=http://abc.com/$1" rewrite-host=true # note: you could also add the name="..." option to this line and associate this map to say uri-/test object etc..
  </If>
  <If>
  ... rest of the directives..
  </Object>
  <Object name="uri-/test">
  </Object>

• Publish Lync Externally without Reverse Proxy

  Hello All,
       Well let me start out by saying I'm well aware that publishing lync externally without a reverse proxy is not suggested due to security measures. To get to the point I have the following questions regarding setting this up. As of right now
  I have lync fully working internally only. 
  Here is my current setup
  1 standard front end server with one nic card that has two ip addresses assigned to it and is signed with our internal CA,
  I also have an edge server that has two interfaces. One interface is facing external with three public IP addresses with the AV one set as the primary, This interface has a public UC cert applied to it. The other interface is using a private ip address that
  has a cert from our internal CA.
  My questions are as follow
  1. I currently have a GoDaddy UCC cert that allows me to have 5 San's. I'm trying to maximize this cert but am unsure of how to configure the SAN's. Which sans should be on the certificate so that I can use it for the edge server (av.domain.com/webconf.domain.com/access.domain.com)
  and lync front end external cert (lync.domain.com and meet.domain.com). I also have a wildcard cert from GoDaddy for *.domain.com however I can not attach SAN's to it I was wondering if this could be used for meet.domain.com or autodiscover.domain.com?
  2. Regarding external DNS entries so far I have the following:
  webconf.domain.com -> to the ip for webconf on edge server public interface
  av.domain.com -> to the ip for av on edge server public interface
  access.domain.com -> to the IP for the access on edge server public interface
  lync.domain.com -> to the IP configured for external access on the lync front end server ( I have configured IIS on this site to listen to port 80 and 443 as stated in Ken Lasko's blog post)
  meet.domain.com -> to the IP configured for external access on the lync front end server
       Now my question is do i need to add the autodiscover.domain.com and if so where do I point this entry to? Also can how can I configure this setup to work with lync mobile device. 

  As for the Reverse proxy if going that route:
  External DNS
  lyncdiscover.domain.edu -
  Point to Reverse Proxy Public IP
  lync.domain.edu (this is used as our external webservices url) -
  Point to Reverse Proxy Public IP 
  meeting.domain.edu (/meet and /dialin for the simple url's) - Point to Reverse Proxy Public IP
  sip.domain.edu (this is currently pointing to our external edge server access ip) - Correct
  av.domain.edu (this is currently pointing to our external edge server av ip) - Correct 
  webcon.domain.edu (this is currently pointing to our external edge server webconf ip)  - Correct
  Internal DNS
  You should setup Split DNS or pinpoint zones as meet/Lyncdiscover/sip/dialin records should be created for the domain.edu: http://technet.microsoft.com/en-us/library/gg398758.aspx
  Lyncdiscover.domain.edu - Not required Internally but should point to the private IP (external interface) of the Reverse
  proxy to direct 443 to 4443.
  lync.domain.edu -Point
  to the private IP (external interface) of the Reverse proxy to direct 443 to 4443
  Lyncdiscoverinternal.edu - pointed to front end server ip
  meeting.domain.edu - pointed to front end server ip
  lgcclync2013.domain.cc (this is our FE server) - pointed to our front ender server ip  - correct
  Cisco ASAs don't allow hair-pining of the firewall this is why the internal dns needs to have the lync.domain.edu pointing to an internal IP that can redirect 443 to 4443
  (reverse proxy) instead of pointing to the Public IP of the reverse proxy: http://technet.microsoft.com/en-us/library/hh690030.aspx
  Hi Michael,
       Thank you for all your help. I've set up and configured both the external dns and the IIS ARR, but now I'm running into an error when I try to connect any of the following sites https://lyncdiscover.domain.edu, https://meeting.domain.com,
  https://lync.domain.edu I get an Internal 500 error. When I check the Microsoft Remote Connectivity Analyzer under
  Lync Autodiscover Web Service Remote Connectivity Test I get the following error
  Testing HTTP authentication methods for URL https://lyncdiscover.domain.edu/Autodiscover/AutodiscoverService.svc/root/user.
  HTTP authentication test failed.
  Additional Details
  An HTTP 500 response was returned from IIS7.
  Headers received:
  Content-Length: 1208
  Content-Type: text/html
  Date: Wed, 01 Jan 2014 14:56:12 GMT
  Server: Microsoft-IIS/8.0
  Elapsed Time: 286 ms.
  I created 3 server farms on the IIS ARR sever
  Lync.domain.edu which is being directed to lgcclync2013.domain.cc ports 8080 and 4443 LyncDiscover.domain.edu which is being directed to lgcclync2013.domain.cc ports 8080 and 4443                      
                                meeting.domain.edu which is being directed to lgcclync2013.domain.cc ports 8080 and 4443 When I ping lgcclync2013.domain.cc from the IIS Server it resolved
  correctly to the right IP address.

• Sun Web Server Reverse Proxy and Weblogic HTTP to HTTPS redirection

  Hi,
  I am currently testing reverse-proxy from SJSW 7.0 update 5 to Weblogic server but I have encountered an issue.
  I have configured a context root to be forwarded to weblogic:
  Web Server: www.server.com
  URI: /path
  Reverse Proxy URL: wlserver:9000
  When I access https://www.server.com/path, I am getting the correct page. The issue is, the weblogic server is configured to redirect HTTP access to HTTPS, i.e., when I access http://www.server.com/path, it should be redirected to https://www.server.com/path. However, that is not the case. What happens is that I am being redirected instead to https://www.server.com/.
  If I don't use reverse proxy, that is, if I use the libproxy.so from weblogic, I get the correct redirection.
  Would appreciate it very much if someone can help me troubleshoot this issue.
  Thanks in advance!
  Edited by: agent_orange on Jul 29, 2010 2:30 AM
  Edited by: agent_orange on Jul 29, 2010 2:31 AM

  I am not sure, how you have configured your reverse proxy since you didn't attach / refer your current configuration file. this is how I would do it..
  - create a new configuration (using web server 7 admin gui , within configuration wizard, disable java option if you plan to use web server 7 only for reverse proxy)
  - select this new configuration and go to reverse proxy and try to reverse proxy / to the origin server.
  that is all it should need.
  your obj.conf or <hostname>-obj.conf depending on your configuration should look like following snippet
  <Object name="default">
  AuthTrans..
  NameTrans fn=map from="/" to="/path" name="reverse-proxy-/"
  </object>
  <Object name="reverse-proxy-/">
  Route fn=....
  Service ..
  </Object>
  this is all you should need..
  However, if you wanted to add complexity to your configuration, you could do some thing like
  <Object name="default">
  Auth..
  <If defined $security>
  NameTrans fn=map from="/" to="/path" name="reverse-proxy-/"
  </If>
  </Object>
  <Object name="reverse-proxy-/">
  Route...
  </Object>

• Disabling normal proxy function in a reverse-proxy server..

  If you want to disable the capability to use the server as a "normal" forward proxy and only allow reverse proxying. Based on a section in the admin manual
  These additional automatic mappings are for users who connect to the reverse
  proxy as a normal server. The first mapping is to catch users connecting to the
  reverse proxy as a regular proxy. Depending on the setup, usually the second is the
  only one required, but it does not cause problems in the proxy to have them both.
  The first mapping reffered to is a mapping rule:
  "http://external.ip.address" => "http://proxyied.server.ip"
  The second is of the form:
  "/" => "http://proxyied.server.ip"
  Would it be enough to just have the "/" rule, which it kind of sounds like i the admin text?

  You can use the admin GUI to turn on access control and to create/modify
  ACLs. Once you save and apply changes, and compare the new obj.conf
  to the previous one (do a backup first, if you prefer) you can see a new
  PathCheck "check-acl" directive present. You need to wrap this directive
  in a <Client> tag:
  Here's how to use <Client> tags:
  http://docs.sun.com/app/docs/doc/819-5494/6n7isltea?l=ko&a=view

• Reverse Proxy Setup

  I have a 10.5 server running as a webserver with a single static IP address. I have a second machine running FileMaker Server that is also a webserver. I have two different domain names ( example.com and fmexample.com) that both point to the same static IP.
  I would like all traffic coming to example.com to pull data from the 10.5 Webserver and I would like all traffic coming to fmexample.com to pull data from the FileMaker Server.
  In researching this it seems like adding fmexample.com to the Sites list in 10.5 server and then adding a reverse proxy to the FileMaker server should accomplish what I am trying to do. However, even with the reverse proxy setup both domain names still pull data from the 10.5 server.
  On the 10.5 server in the Sites Menu these are my settings for the fmexample.com site.
  General Tab
  Domain Name: fmexample.com
  IP Address: 10.0.1.10 (IP address of the 10.5 server)
  Proxy Tab
  Enable Reverse Proxy "Checked"
  Proxy Path: /
  Balancer Members:
  Worker URL: http://10.0.1.100:80/ (IP address of the FileMaker Server)
  Route: "Blank"
  Load Factor: 100
  Any help would be appreciated.

  The reverse proxy is in the loop because I have multiple servers sitting behind a single public static IP address. When external calls (users outside of my local network) are made to the public IP for fmexample.com the reverse proxy server sends them to the 10.0.1.100 server on my local network.
  This worked fine for standard web serving. The problem came in with FileMaker's IWP engine. It was reading the incoming host header not as the original domain name (fmexample.com) but as the domain name or IP Address that I was assigning in the reverse proxy (ie fmexample.local, or 10.0.1.100)
  So when IWP would issue a redirect it would return a URL to the external user specifying an internal address. For example if a specify http://10.0.1.100/ as the URL in the reverse proxy IWP would issue a redirect and return a URL that looked like http://10.0.1.100/fmi/iwp....
  That internal address would not work outside of the network.
  By adding adding a DNS record internally that routes all fmexample.com traffic to 10.0.1.100, I was able to set the reverse proxy in essence to point to itself but since the reverse proxy looking at my local DNS server it would route back to the local IP address.
  Since I could now set the reverse proxy to use fmexample.com as the worker URL, IWP now could see a host header of "fmexample.com" and when it issues a redirect to the external user it shows the proper URL (ie http://fmexample.com/fmi/iwp)
  Circumstances Affecting my thought process:
  1) I can't just route all incoming traffic to my public IP to 10.0.1.100 because I have a couple of other domains that route to different servers so I still need the reverse proxy to play traffic cop.
  2) I also didn't have any idea how to modify IWP to force it to return a specific domain and I couldn't find any clear information on how to modify IWP. I decided to leave IWP working as it was designed and come up with a way to feed it the host header that I wanted.
  I admit it does seem a bit convoluted but the important thing is that it works, both internally and externally.
  Message was edited by: Patrick Cranston

• Simple URLs of Paired Pools on different sites

  Dears,
     I'm currently planning for deploying another Lync pool on a different site.
  i'll use Active/Active design and use SRV records to load balance  the requests between the pools. 
  But what about Simple URLs for meeting and dialin. 
  i found that i can create another simple URLs for the other pool using powershell. 
  but when i tried that always fails. 
  is that still supported in Lync 2013 . 
  if yes, please i need to know how to do that using powershell

  Please create just one meet and dialin URL at global level use GSLB to load balance Arecords 
  Please Note 
  You can configure your simple URLs to have global scope, or you can specify different simple URLs for each central site in your organization. If both a global simple URL and a site simple URL are specified, the site simple URL has precedence.
  In most cases, we recommend that you set simple URLs only at the global level, so that a user’s Meet simple URL does not change if they move from one site to another. The exception would be organizations that need to use different telephone numbers for dial-in
  users at different sites. Note that if you set one simple URL (such as the Dial-in simple URL) at a site to be a site-level simple URL, you must also set the other simple URLs at that site to be site-level 
  Please refer to http://technet.microsoft.com/en-us/library/gg398287.aspx for more informaation 
  Please remember, if you see a post that helped you please click ;Vote As Helpful" and if it answered your question please click "Mark As Answer" Regards Edwin Anthony Joseph

• How do I use Sun Web Server 7.0u1 reverse proxy to change public URLs?

  Some of our installations use the Sun Web Server 7.0 (update 1, usually)
  for hosting some of the public resource and reverse-proxying other parts
  of the URI namespace from other backend servers (content, application
  and other types of servers).
  So far every type of backend server served a unique part of the namespace
  and there was no collision of names, and the backend resources were
  published in a one-to-one manner. That is, a backend resource like, say,
  http://appserver:8080/content/page.html would be published in the internet
  as http://www.publicsite.com/content/page.html
  I was recently asked to research whether we can rename some parts of
  the public URI namespace, to publish some or all resources as, say,
  http://www.publicsite.com/data/page.html while using the same backend
  resources.
  Another quest, possibly related in solution, was to make a tidy url for the
  first page the user opens of the site. That is, in the current solution when
  a visitor types the url "www.publicsite.com" in his or her browser, our web
  server returns an HTTP-302 redirect to the actual first page URL, so the
  browser sends a second request (and changes the URL in its location bar).
  One customer said that it is not "tidy". They don't want the URL to change
  right upon first rendering the page. They want the root page to be rendered
  instantly i the first HTTP request.
  So far I found that I can't solve these problems. I believe these problems
  share a solution because it relies on ability to control the actual URI strings
  requested by Sun Web Server from backend servers.
  Some details follow, now:
  It seems that the reverse proxy (Service fn="service-passthrough") takes
  only the $uri value which was originally requested by the browser. I didn't
  yet manage to override this value while processing a request, not even if
  I "restart" a request. Turning the error log up to "finest" I see that even
  when making the "service-passthrough" operation, the Sun Web Server
  still remembers that the request was for "/test" (in my test case below);
  it does indeed ask the backend server for an URI "/test" and that fails.
  [04/Mar/2009:21:45:34] finest (25095) www.publicsite.com: for host xx.xx.xx.83
  trying to GET /content/MainPage.html while trying to GET /test, func_exec reports:
  fn="service-passthrough" rewrite-host="true" rewrite-location="true"
  servers="http://10.16.2.127:8080" Directive="Service" DaemonPool="2b1348"
  returned 0 (REQ_PROCEED)My obj.conf file currently has simple clauses like this:
  # this causes /content/* to be taken from another (backend) server
  NameTrans fn="assign-name" from="/content" name="content-test" nostat="/content"
  # this causes requests to site root to be HTTP-redirected to a certain page URI
  <If $uri =~ '^/$'>
      NameTrans fn="redirect"
          url="http://www.publicsite.com/content/MainPage.html"
  </If>
  <Object name="content-test">
  ### This maps http://public/content/* to http://10.16.2.127:8080/content/*
  ### Somehow the desired solution should instead map http://public/data/* to http://10.16.2.127:8080/content/*
      Service fn="service-passthrough" rewrite-host="true" rewrite-location="true" servers="http://10.16.2.127:8080"
      Service fn="set-variable" set-srvhdrs="host=www.publicsite.com:80"
  </Object>
  I have also tried "restart"ing the request like this:
      NameTrans fn="restart" uri="/data"or desperately trying to set the new request uri like this:
      Service fn="set-variable"  uri="/magnoliaPublic/Main.html"Thanks for any ideas (including a statement whether this can be done at all
  in some version of Sun Web Server 7.0 or its opensourced siblings) ;)
  //Jim

  Some of our installations use the Sun Web Server 7.0 (update 1, usually)please plan on installing the latest service pack - 7.0 Update 4. these updates addresses potentially critical bug fixes.
  I was recently asked to research whether we can rename some parts of
  the public URI namespace, to publish some or all resources as, say,
  http://www.publicsite.com/data/page.html while using the same backend
  resources.> now, if all the resources are under say /data, then how will you know which pages need to be sent to which back end resources. i guess, you probably meant to check for /data/page.html should go to <back-end>/content/page.html
  yes, you could do something like
  - edit your corresponding obj.conf (<hostname>-obj.conf or obj.conf depending on your configuration)
  <Object name=¨default¨>
  <If $uri = ¨/page/¨>
  #move this nametrans SAF (for map directive - which is for reverse proxy within <if> clause)
  NameTrans.. fn=map
  </If
  </Object>
  and you could do https-<hostname>/bin/reconfig (dynamic reconfiguration) to check out if this is what you wanted. also, you might want to move config/server.xml <log-level> to finest and do your configuration . this way, you would get enough information on what is going on within your server logs.
  finally,when you are satisfied, you might have to run the following command to make your manual change into admin config repository.
  <install-root>/bin/wadm pull-config user=admin config=<hostname> <hostname>
  <install-root>/bin/wadm deploy-config --user=admin <hostname>
  you might want to check out this for more info on how you could use <if> else condition to handle your requirement.
  http://docs.sun.com/app/docs/doc/820-6599/gdaer?a=view
  finally, you might want to refer to this doc - which explains on ws7 request processing overview. this should provide you with some pointers as to what these different directives mean
  http://docs.sun.com/app/docs/doc/820-6599/gbysz?a=view
  >
  One customer said that it is not "tidy". They don't want the URL to change
  right upon first rendering the page. They want the root page to be rendered
  instantly i the first HTTP request.
  please check out the rewrite / restart SAF. this should help you.
  http://docs.sun.com/app/docs/doc/820-6599/gdada?a=view
  pl. understand that - like with more web servers - ordering of directives is very important within obj.conf. so, you might want to make sure that you verify the obj.conf directive ordering is what you want it to do..
  It seems that the reverse proxy (Service fn="service-passthrough") takes
  only the $uri value which was originally requested by the browser. I didn't
  yet manage to override this value while processing a request, not even if
  I "restart" a request. Turning the error log up to "finest" I see that even
  when making the "service-passthrough" operation, the Sun Web Server
  still remembers that the request was for "/test" (in my test case below);
  it does indeed ask the backend server for an URI "/test" and that fails.
  now, you are in the totally wrong direction. web server 7 includes a highly integrated reverse proxy solution compared to 6.1. unlike 6.1, you don´t have to download a separate plugin . however, you will need to manually migrate your 6.1 based reverse proxy settings into 7.0. please check out this blog link on how to set up a reverse proxy
  http://blogs.sun.com/amit/entry/setting_up_a_reverse_proxy
  feel free to post to us if you need any futher help
  you are probably better off - starting fresh
  - install ws7u4
  - use gui or CLI to create a reverse proxy and map one on one - say content
  http://docs.sun.com/app/docs/doc/820-6601/create-reverse-proxy-1?a=view
  if you don´t plan on using ws7 integrated web container (ability to process jsp/servlet), then you could disable java support as well. this should reduce your server memory footprint
  <install-root>/bin/wadm disable-java user=admin config=<hostname>
  <install-root>/bin/wadm create-reverse-proxy user=admin uri-prefix=/content server=<http://your back end server/ config=<hostname> --vs=<hostname>
  <install-root>/bin/wadm deploy-config --user=admin <hostname>
  now, you can check out the regular express processing and <if> syntax from our docs and try it out within <https-<hostname>/config/<hostname>-obj.conf> file and restart the server. pl. note that once you disable java, ws7 admin server creates <vs>-obj.conf and you need to edit this file and not default obj.conf for your changes to be read by server.
  >
  I have also tried "restart"ing the request like this:
  NameTrans fn="restart" uri="/data"
  ordering is very important here... you need to do this some thing like
  <Object name=default>
  <If not $restarted>
  NameTrans fn=restart uri from=/¨ uri=/foo.
  </If>

• How to configure SharePoint HNSC with a reverse proxy server so that HNSC Share Point URLs are not exposed to end users.

  Could you please let me know how SharePoint HNSC can be configured with a reverse proxy server so that HNSC Share Point URLs are not exposed to end users.
  In normal path based site collections/web applications, reverse proxy configuration can be done using alternate access mappings with  Public URL = "proxy URL", internal = "HNSC Share Point URL" so that share point sends response back
  to Public URL = "proxy URL".
  In Host Named Site Collections,  alternate access mappings  are not supported. Each HNSC is designed to have only one URL in each zone. Zone is one of the five zones(Default,Intranet,Internet,Custom,Extranet) with each of which only one alternate
  URL is associated.  This is what we are able to get using power shell command "Set-SPSiteUrl", but this will not help us to get the response back to proxy URL after a request sent to share point because we could not find any mechanism in share
  point HNSC to respond  to a different URL(proxy URL). Consequently, Share Point URLs are exposed to  external users.
  Below share point article in MSDN blog is symmetrical to what we are observing with Share Point 2013 and Proxy Server. It mentions that internal HNSC URLs can’t be hidden using any proxy server. If  hiding the internal Share Point URLS is a requirement,
  it suggests to use a web application instead of host named site collections.
  Though I’m also observing the same behavior with Share Point 2013 HNSC, Could you please confirm my understanding is correct.
  http://blogs.msdn.com/b/kaevans/archive/2012/03/27/what-every-sharepoint-admin-needs-to-know-about-host-named-site-collections.aspx
  Excerpt from above article-
  "Host Named Site Collections Only Use One Host Name
  Continuing on the discussion on AAMs and host named site collections, you cannot use multiple host names to address a site collection in SharePoint 2010. Because host-named site collections have a single URL, they do not support alternate access mappings and
  are always considered to be in the Default zone.  This is important if you are using a reverse proxy to provide access to external users. Products like Unified Access Gateway 2010 allow external users to authenticate to your gateway and access a site
  as http://uag.sharepoint.com and forward the call to http://portal.sharepoint.com. Remember that URL rewriting is not permitted. Further, a site collection can only respond to one host name. This means if you are using a reverse proxy, it must forward the
  calls to the same URL.  If your networking team has a policy against exposing internal URLs externally, you must instead use web applications and extend the web application using an alternate access mapping."<u5:p></u5:p>

  Hi Satish,
  You are right that only one URL is allowed for each zone of the host-name site collections in both SharePoint 2010 and SharePoint 2013.
  It is by design that each host-name site collection only support one URL for each zone.
  The article below is about RTM version of SharePoint, and it is the same for SharePoint 2013 with the latest CU.
  https://support.microsoft.com/en-us/kb/2826457
  So to make the URL of HNSC not exposed to external users is not supported, you need to use path-based sites instead.
  Best regards.
  Thanks
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• ACE SSL Reverse Proxy for multible URLs

  Hi,
  I am trying to setup an ACE as a reverse proxy (one-arm mode) for HTTPS connections for multiple URLs to multiple serverfarms. From what i know i have two options:
  1. Use different VIP for each URL and do
  L4 loadbalancing or use a
  combination of IP address and port.
  2. Use different VIP for each URL, do
  SSL offloading and do L7 URL based
  loadbalancing.
  So with these options i am bind to use different IPs for each site. Is there a way i can use one VIP and then offload SSL and do URL based loadbalancing? From my knowledge we are restricted by the nature of the SSL. The reason is that the SSL protocol is a separate layer which encapsulates the HTTP protocol. So the problem is that the SSL session is a separate transaction that takes place before the HTTP session even starts so there is no visibility of the HTTP header.
  Any comments appreciated
  George Georgiou

  Geroge,
  your understanding is absolutely correct.
  We need to know the site in order to decrypt te traffic because the certificate is associated to a domain name.
  But without decrypting, we can't see the domain name.
  So, the only way to know the domain without decrypting is to allocate a single ip to each domain.
  There is no other solution.
  Gilles.

• ITS through Reverse Proxy : Only POST method  doesn't work

  Hi all,
  We are using an Apache Reverse Proxy infront of our Portal and ITS Server
  and using https.
  Reverse Proxy : 443 > ITS:8443
  We have rewrite rules for /sap and /scripts (ITS) /irj (portal) in the
  Reverse Proxy .
  We have set the following variables through the wgate-config URL of the
  ITS server (SetHeader) :
  HTTPS on
  HTTP_HOST proxy_server:443
  All ITS Iviews that use GET mehod display correctly .
  However all ITS Iviews that use POST create an Apache Proxy Error.
  We believe this is due to HTTP_CONTENT_LENGTH not being set in the ITS .
  Do we set this value the same way?
  Are there any other ITS settings that would cause this error for POSTS in
  a Reverse Proxy ?
  Regards
  Daniel

  There is a way around this (thanks to apple for responding to my bug submission) but it's slow. Test to see if the glyphCode created is greater than zero or not:
  final FontRenderContext fontRenderContext = new FontRenderContext(null, false, false);
  char[] array = new char[1];
  array[0] = (char) intvalueofchar;
  GlyphVector glyphVector = glyphFont.createGlyphVector(fontRenderContext, array);
  int glyphCode = glyphVector.getGlyphCode(0);
  boolean validchar = (glyphCode > 0);I only need to do this on the mac; on windows it does the right thing without this. If anyone has any suggestions for speeding it up (I already have it running in a thread), that'd be great - but thought I'd post it here for anyone else who might run into the same problem some day.