SSL and IISProxy

Similar Messages

• SSL on IISPROXY

  Hello All,
  We have set up proxy server in DMZ and installed IISPROXY in it. Now we want to apply the SSL on IISPROXY.
  Browser to IISPROXY (HTTPS) -->IISPROXY to Portal (HTTP)
  --> IISPROXY to R3 (HTTP)
  We access all other SAP Enterprise Portal and SAP R/3, BW systems using http. We wanted to terminate the SSL at IISPROXY itself.
  I have successfully configured the SSL based on SAP documentation. I have maintained <protpcol-header> at each mapping also. Everything works except accessing SAP R3/BW Systems. I guess request is being sent as https instead of http and its gives Forbidden 403.4 error.
  Can anyone kindly post me the iisproxy.xml with SSL for verification. or Does anybody know as what else had to be done to terminate ssl at IISPROXY and send http request to R3 or BW servers.
  Thanks,
  Maya

  Hello All,
  Anybody has suggestions on this??
  Thanks,
  Maya

• How do I bind to directory server with SSL and authentication?

  I'm running Lion Server 10.7.3, Open Directory master. In Open Directory/Settings/LDAP, I've checked the box to Enable SSL and selected a (self-signed) certificate. In Policies/Binding, I've checked the box to Enable Authenticated Directory Binding.
  Testing with a client computer on which Snow Leopard has been freshly installed and fully updated, I went to System Prefs/Accounts to bind to the new directory server. The good news is, the binding was successful, and when the client initiates an AFP connection with the server, it uses Kerberos, creating a ticket as expected. (Which doesn't work with Lion clients, alas, but that's a seperate matter.)
  Here are the problems:
  1) It looks like the binding did not use SSL. By which I mean that when I opened Directory Utility and examined the LDAPv3 entry, the SSL checkbox was not checked. (If I then check the box, everything looks fine until I restart the client, after which I have a red dot. So I'm guessing that checking the box does nothing until after restart, and that it breaks the binding.)
  2) I was never prompted to authenticate for the directory binding.
  So I get that literally I'm *enabling* SSL and Authenticated Directory Binding, but it seems like the defaults are to bind without SSL or authentication, and there's no obvious-to-me way to force the binding to use those things. How do I do that?
  What I'd really like to do is *require* SSL and Authenticated Directory Binding. I want this because my belief (correct me if I'm wrong) is that if authentication is required to bind to the server, no one will be able to bind to my server without my permission, and that SSL offers a more secure connection to my server than not-SSL. How do I require these things, or do I not really want to?
  Thank you.

  You cannot connect to databases via Muse at the moment. Please refer: http://forums.adobe.com/message/5090145#5090145
  Cheers,
  Vikas

• EDSPermissionError(-14120) problems with LDAP, SSL and Directory Utility

  Hello everyone,
  Apologies for the repost but I think I may have made a mistake by posting this originally in the Installation, Setup and Migration forum instead of the Open Directory forum. At least I think that may be why I didn't receive any responses.
  Anyway, I've been trying to get my head around Open Directory and SSL as they are implemented in Mac OS X Server 10.5 Leopard, and have been having a few issues. I would like to set up a secure internal infrastructure based around a local Certificate Authority that signs certificates for other internal services like LDAP, email, websites, etc.
  I only have one Mac OS X Server and it is kind of a small office so I have gone against best practice and simply made it a CA (through Keychain Utility). I then generated a self-signed SSL certificate through Server Admin, and used the "Generate CSR" option to create a Certificate Signing Request. This went fine, but I did have some problems signing it with the CA, because the server documentation suggested that once I signed it it would pop open a Mail message containing the ASCII version of the signed certificate - it did not, and it took me a loooong time to realize that I could simply export the copy of the signed certificate it put in my local Keychain on the server as a PEM file and paste this back into the "Add Signed or Renewed Certificate from Certificate Authority" dialog box in Server Admin. Hopefully this can be fixed in a forthcoming patch, but I thought I would mention it here in case anyone else is stuck on this issue.
  Once I did this I was able to use this certificate in the web server on the same machine and sure enough I was able to connect to it with with clients who had installed the CA certificate in their system Keychains without getting any error messages - very cool.
  However, I haven't had quite as much luck getting it going with LDAP/Open Directory. I installed the certificate there as well, but have run into a number of problems. At first I could not get clients (also running 10.5.2) to talk to the server at all over SSL, receiving an error in Directory Utility that the server did not support SSL. I eventually discovered that the problem seemed to lie in the fact that the OpenLDAP implementation on Leopard is not tied in with the system Keychain, necessitating some command-line voodoo to install a copy of the CA cert in a local directory and point /etc/openldap/ldap.conf at it, as documented here: http://www.afp548.com/article.php?story=20071203011158936
  This allowed me to do an ldapsearch command over SSL, and seemingly turn SSL on on clients that were previously bound to the directory, and additionally allowed me to run Directory Utility on new clients and put in the server name with the SSL box checked and begin to go through the process of binding. Once this seemed to work, I turned off all plaintext LDAP communication and locked down the service by checking the "Enable authenticated directory binding," "Require authenticated binding," "Disable clear text passwords," and "Encrypt all packets" options in Server Admin. However, I am now running into a new problem, specifically that I cannot successfully bind a local account to a directory account over SSL.
  Here's what happens:
  1) I run Directory Utility, (or it auto-runs) and add a server, typing in the DNS name and clicking the SSL box.
  2) I get asked to authenticate, and type in user credentials, including computer name (incidentally, should this be a FQDN or just a hostname?)
  3) Provided I put admin credentials in here and not user-level credentials, I get taken to the "Do you want to set up Mail, VPN, etc.?" box that normally appears when you autodiscover or connect to an Open Directory server.
  4) I click through, and am asked for a username and password on the server, as well as the password for my local account.
  5) When I put this information in, I get a popup with the dreaded "eDSPermissionError(-14120)" and it fails.
  Checking the logs in Server Admin reveals nothing special, and while I have seen a couple other threads on this error and various other binding problems:
  http://discussions.apple.com/thread.jspa?messageID=5967023
  http://discussions.apple.com/message.jspa?messageID=5982070
  these have not solved the problem. In the Open Directory user name field I am putting the short username. I have tried putting [email protected] and the user's longname but this fails by saying the account does not exist. For some reason it does seem to work if I bind it to the initial admin account I created, but no other user accounts.
  If I turn all the encryption stuff off I am able to join just fine, so I am suspecting that the error may lie in some other "under the hood" piece of software that doesn't get the CA trust settings from the Keychain or the ldap.conf file, but I'm stymied as to which piece of software this might be. Does anyone have any clues on what I might be able to do here?
  Thanks,
  Andrew

  Hard to tell what is happening without looking at the application
  source, knowing what OS & hardware you're using etc. You might want to
  try running with different JVM versions to see if it's actually the VM
  that is the problem. If you have a support contract with BEA you could
  ask support to help you diagnose this.
  Regards,
  /Helena
  Ayub Khan wrote:
  I have an application running on Weblogic 8.1 ( with JRockit as the JVM). This
  application in turns talks to an iPlanet Directory server via LDAP/SSL. The problem
  seems to happen on loading the machine..the performance progressively gets worse
  and after a couple of seconds, all the threads stop responding. I checked the
  heap, cpu and the idle threads in the execute queue and there is nothing there
  to trigger alarms...there are quite a few idle threads still and the heap and
  the cpu utilization seem OK. On doing a thread dump, Is see that all the other
  threads seem to be in a state where they are waiting for data from LDAP and it
  is basically read only data that they are waiting on.
  Does anyone know what it is going on and help point me in the right direction.
  -Ayub

• Business Connector problem with SSL and Web Services

  Hi,
  I have generated a Web Connector Service and tested this in our DEV and QA environment with http and no credentials.
  All is fine.
  I now switched to SSL and was provided with an https WSDL by our Web Server developers. The Web Connector service generates fine however as soon as I execute the service I get a NumberFormatException. Exact error is:
  java.io.IOException:java.lang.NumberFormatException: null
  The error occurs in pub.client:http
  I traced through the working (in QA) and non-workinfg versions and checked the pipeline prior to the call and can see no different apart from the difference in protocol.
  Does anyone have any idea what the cause is? I cannot determine what value is null.
  Thanks
  Brian

  Hi,
  I have generated a Web Connector Service and tested this in our DEV and QA environment with http and no credentials.
  All is fine.
  I now switched to SSL and was provided with an https WSDL by our Web Server developers. The Web Connector service generates fine however as soon as I execute the service I get a NumberFormatException. Exact error is:
  java.io.IOException:java.lang.NumberFormatException: null
  The error occurs in pub.client:http
  I traced through the working (in QA) and non-workinfg versions and checked the pipeline prior to the call and can see no different apart from the difference in protocol.
  Does anyone have any idea what the cause is? I cannot determine what value is null.
  Thanks
  Brian

• WWSAPI - Cannot connect to web service via SSL and HTTP proxy authentication with NTLM, errorCode 0x803d0016, HTTP status 407

  Hi,
  I built a web service client using WWSAPI. The connection works via SSL (without HTTP proxy) and it works with SSL and proxy with basic authentication as well. When I try to connect using a proxy with NTLM authentication, then I get the errorCode
  0x803d0016, HTTP status "407 (0x197)", "Proxy Authentication Required".
  In WireShark I see only one HTTP request to connect to the proxy with NTLM Message Type: NTLMSSP_NEGOTIATE. The HTTP Response returns Status 407 and the connection ist closed. Comparing this to Internet Explorer - the Connection is not closed and
  a second request with NTLMSSP_AUTH is sent.
  Why doesn't it make the complete NTLM handshake? Why wasn't sent the NTLMSSP_AUTH directly?
  I oriented in the HttpCalculatorWithKerberosOverSslClientExample.
  Using WS_HTTP_HEADER_AUTH_SECURITY_BINDING,
  WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_SCHEME was set to WS_HTTP_HEADER_AUTH_SCHEME_NTLM, WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_TARGET to WS_HTTP_HEADER_AUTH_TARGET_PROXY. I tried WS_DEFAULT_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE but also WS_STRING_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE.
  Any idea?
  Thanks

  Hi,
  I built a web service client using WWSAPI. The connection works via SSL (without HTTP proxy) and it works with SSL and proxy with basic authentication as well. When I try to connect using a proxy with NTLM authentication, then I get the errorCode
  0x803d0016, HTTP status "407 (0x197)", "Proxy Authentication Required".
  In WireShark I see only one HTTP request to connect to the proxy with NTLM Message Type: NTLMSSP_NEGOTIATE. The HTTP Response returns Status 407 and the connection ist closed. Comparing this to Internet Explorer - the Connection is not closed and
  a second request with NTLMSSP_AUTH is sent.
  Why doesn't it make the complete NTLM handshake? Why wasn't sent the NTLMSSP_AUTH directly?
  I oriented in the HttpCalculatorWithKerberosOverSslClientExample.
  Using WS_HTTP_HEADER_AUTH_SECURITY_BINDING,
  WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_SCHEME was set to WS_HTTP_HEADER_AUTH_SCHEME_NTLM, WS_SECURITY_BINDING_PROPERTY_HTTP_HEADER_AUTH_TARGET to WS_HTTP_HEADER_AUTH_TARGET_PROXY. I tried WS_DEFAULT_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE but also WS_STRING_WINDOWS_INTEGRATED_AUTH_CREDENTIAL_TYPE.
  Any idea?
  Thanks

• Webservice call failed during execution (SSL and certificates) on NetWeaver 7.30

  Hey experts,
  i need your help!
  We make webservice calls to sap me with our own software.
  We connect to our software via SSL and certificates e.g. https://host:50001/XMII/CM/POD/MEDialogsWeb.irpt
  At the beginning the software runs without any problems and than we become the following message on all our webservice:
  thats the webservice configurations
  (configuration - connectivity - single service administration):
  (configuration - security - authentication and single sign-on)
  if we restart the software after the error display, the webservice call runs successfully again.
  is it a timeout?
  can anybody help us?
  Thanks,
  Markus
  our system info:
  NetWeaver 7.30 Java
  SAP ME 6.0
  software runs log looks as following
  software doesn't runs log looks as following
  security Log Entry
  more info from security_00.0.log
  #2.0 #2014 06 06 14:51:17:136#+0200#Warning#/System/Security/WS#
  com.sap.ASJ.wssec.020142#BC-ESI-WS-JAV-RT#tc~sec~wssec~service#C0000A650AD826FF0000000100000BEC#3855850000000005#sap.com/me~ws#com.sap.engine.services.wssec.authentication#Guest#0##207092CAED7111E3A01A0000003AD5EA#23386e31ed7911e39d560000003ad5ea#23386e31ed7911e39d560000003ad5ea#0#Thread[HTTP Worker [@648881277],5,Dedicated_Application_Thread]#Plain##
  Received unsupported callback: com.sap.engine.interfaces.security.auth.SetLogonTicketCallback
  Received unsupported callback: com.sap.engine.lib.security.http.HttpSetterCallback
  Read data of type username and value  MEFLEX from wsse:Security header and set on module javax.security.auth.callback.NameCallback
  Read data of type username and value   from HTTP header and set on module javax.security.auth.callback.NameCallback
  Read data of type password and value  xxx from wsse:Security header and set on module javax.security.auth.callback.PasswordCallback
  Read data of type password and value  xxx from HTTP header and set on module javax.security.auth.callback.PasswordCallback
  Authentication for web service ShopOrderService, configuration ShopOrderService using security policy BASIC*SSO2*_*_*ws failed: Cannot authenticate the user.. (See SAP Note 880896 for further info).

  Hi,
  the authentication for the second call is failing. Have you tried suggest log level from note 880896 - Web Service authentication failure? I would also try to use something like SoapUI to test if the issue is caused by your application or something wrong on SAP side. Also coparing messages for the first and second calls might give you answer.
  Cheers

• What is "use SSL" and "S/MIME" mail settings for?

  What is "use SSL" and "S/MIME" mail settings for?

  it has do with encrypting your mail when sent over the web

• JDBC Thin Connections with SSL and client certificates

  Hi ,
  we are going have a look at JDBC Thin Connections with SSL and client certificates.
  I have two questions:
  1. Is it possible to use SSL connections from JDBC Thin Driver and which release of the driver introduced it
  2. Is it possible to use client certificates with JDBC Thin Driver and which release of the driver introduced it
  Thanks for your help
  regards
  Markus Reichert

  I could not reproduce the error after appending the SSL certificate to the certdb.txt file available under $Jinitiator_Home/lib/security folder.
  Steps to add the SSL Certificate:
  1. Run the form with the https mode in the IE Browser.
  2. Security Alert is raised.
  3. Click on the View Certificate button.
  4. In the Certificate Window, click on the Details tab.
  5. Click on the Copy to File button to copy the certificate.
  6. Copy the certificate and append to the certdb.txt file.

• Iisforward and iisproxy

  Does anyone know how I can forward to two different WLS? I have a website with two virtual directories for two applications. one is /fw and the other /tw but in the .ini file there is only one weblogichost entry and no way to distinguish that /fw needs to go to WLS1 and /tw goes to WLS2Please help.

  Scott,
  If you are using the iisforward.dll, you can only have 1 instance of that dll
  per website (on an IIS server a website is a unique combination of port, ip, and
  host header). I had a similar issue and I just created two server instances on
  separate ports (though separate hosts names might look neater), each forwarding
  to different WL servers. For example. IIS address http://iisserver:7777/ forwarded
  to http://wlserver_1:7001 and http://iisserver:7778/ forwarded to http://wlserver_2:7001.
  Each IIS website had it's own copy of iisforward.dll, iisproxy.dll and iisproxy.ini.
  If you must keep your virtual directories you could have them forward to the other
  iis websites on the same server.
  Good luck,
  Barrett
  Scott <[email protected]> wrote:
  Does anyone know how I can forward to two different WLS? I have a website
  with two virtual directories for two applications. one is /fw and the
  other /tw but in the .ini file there is only one weblogichost entry
  and no way to distinguish that /fw needs to go to WLS1 and /tw goes
  to WLS2Please help.

• Connect - SSL and certificate chain

  Hi,
  is it possible to place a certificate chain somewhere, so
  that Adobe connect users dont have to manually install the
  certificates from the chain?

  Hi cj63, why isn't your cert accepted automatically? We're
  using hardware SSL and encountered an issue with our cert. We ended
  up changing the cert chain on the F5, I believe. I'm not sure of
  the "how" other than to know we did it with hardware SSL, so it
  should be possible.

• What is SSO , SSL, and other terms?

  Hi,
  I always hear the terms SSO, SSL and some other terms, but I am not aware of the exact meaning of them.
  Can anyone focus some light on this ?
  Thanks!
  Yogini

  Hi Yogini,
  if you are referring SSO( Single sign on ) and SSL ( security socket layer) for Discoverer, check out the link below.
  http://download.oracle.com/docs/html/B13918_03/security2.htm#BABGEIEC
  Here topics on 14.6 Using Discoverer with OracleAS Framework Security
  14.7 Using Discoverer with Oracle Identity Management Infrastructure

• Delete or disable ssl and https on exchange web url

  Hi,
  I disable by clear check box on Default Web Site --> SSL Settiings --> Require SSL
  and also inseret my domain name example: http://mail.myexchange.com/owa in Exchange admin center Console --> Servers --> Virtual Directory -->  owa
  and also i change     <add key="UseHttpsForWacUrl" value="true" />    to     <add key="UseHttpsForWacUrl" value="false" /> in C:\Program Files\Microsoft\Exchange
  Server\V15\ClientAccess\Owa\web
  But, after this steps for removing https on my url i can use it. and after loggin in https mode i can delete https on my url manually but did't work good and i get this error when i want see my email body "Error: Your
  request can't be completed right now. Please try again later."

  Hi S.Ali,
  Have you restarted IIS after changing all the settings?
  If not, please try to restart iis and check again.
  Best regards,
  Niko Cheng
  TechNet Community Support

• SSL and froms90 with AS 10g

  dear all,
  i have AS 10g Release 1 with froms90, i want to know how to enable the ssl with from90 on the AS. are there any notes or tips.
  please let me know
  fadi

  ... maybe you find this useful
  SSL and Application Server 10G
  Frank

• IISForward and IISProxy Configuration Internals/Interaction

  Can someone give a detailed description of how IISForward and IISProxy interact
  with IIS as ISAPI modules? We have the IIS plugins functioning properly, we would
  just like a more detailed explanation on how they interact and work together when
  proxying multiple virtual hosts. It seems that many people are in the dark on
  this process, and that any clarification would alleviate many of the posts we
  see here. I would also settle for a link to some documentation (not BEA's, it
  is very poor!) on this.
  Here is an excerpt from some documentation that we have written up internally
  that helped us keep track of what we were doing when setting up the IIS Plugins.
  Some of this content draws from BEA's documentation so we here at Servicemaster
  make no claims on this content:
  START OF EXCERPT:
  6. Configuring IISForward
  6.1 Installing iisforward.dll
  Before creating the Virtual hosts in IIS, we need to create the directories that
  are going to contain the DLL’s. There is going to be a one-to-one relationship
  between Virtual Hosts and DLL directories. First create a directory where all
  of the DLL directories will reside:
  D:\WebLogicVHosts
  Within this directory create the directory for each Virtual Host that will be
  connecting to the WebLogic instance:
  D:\WebLogicVHosts\vhost1-svmhome.com
  D:\WebLogicVHosts\vhost2-svmwork.com
  D:\WebLogicVHosts\vhost3-svmmemphis.com
  Now copy the iisforward.dll from the directory WL_HOME/server/bin into each of
  the directories you created for each of the Virtual Hosts.
  6.2 Creating iisforward.ini
  Create a file called iisforward.ini. Place this file in the same directories for
  each of the virtual hosts that contain the iisforward.dll. This file should contain
  the following entry for each virtual website defined in IIS:
  vhostN=websiteName:port
  websiteName:port=dll_directory/iisproxy.ini
  Where:
  N is an integer representing the virtual website. The first virtual website you
  define should use the integer 1 and each subsequent website should increment this
  number by 1.
  websiteName is the name of the virtual website as registered with IIS.
  port is the port number where IIS listens for HTTP requests.
  dll_directory is the path to the directory you created in step 1.
  For example:
  vhost1=svmhome.com:7001
  svmhome.com:7001=D:\WebLogicVHosts\vhost1-svmhome.com \iisproxy.ini
  vhost2=svmwork.com:7002
  svmwork.com:7002= D:\WebLogicVHosts\vhost2-svmhome.com \iisproxy.ini
  vhost3=svmmemphis.com:7003
  svmmemphis.com:7003= D:\WebLogicVHosts\vhost3-svmmemphis.com \iisproxy.ini
  7. Configuring IISProxy
  7.1 Installing IISProxy
  Now copy the iisproxy.dll from the directory WL_HOME/server/bin into each of the
  directories you created for each of the Virtual Hosts.
  D:\WebLogicVHosts\vhost1-svmhome.com
  D:\WebLogicVHosts\vhost2-svmwork.com
  D:\WebLogicVHosts\vhost3-svmmemphis.com
  7.2 Creating iisproxy.ini
  The iisproxy.ini file contains name=value pairs that define configuration parameters
  for the plug-in. Changes in the parameters will not go into effect until you
  restart the "IIS Admin Service".
  We need to create a iisproxy.ini configuration file for each of the virtual hosts.
  Here is a sample iisproxy.ini file for use with a single, non-clustered WebLogic
  Server. Comment lines are denoted with the "#" character.
  # This file contains initialization name/value pairs
  # for the IIS/WebLogic plug-in.
  WebLogicHost=examplehost16
  WebLogicPort=7001
  ConnectTimeoutSecs=20
  ConnectRetrySecs=2
  Here is a sample iisproxy.ini file with clustered WebLogic Servers. Comment lines
  are denoted with the "#" character.
  # This file contains initialization name/value pairs
  # for the IIS/WebLogic plug-in.
  WebLogicCluster=examplehost07:7001,examplehost08:7001
  ConnectTimeoutSecs=20
  ConnectRetrySecs=2
  8. Configuring IIS Virtual Hosts
  8.1 Proxying by file extension
  At this point we are now ready to configure the virtual hosts within IIS. First
  create a new virtual website as you would normally do within IIS. Second add
  the iisforward.dll file as a filter service in IIS (WebSite Properties —> ISAPI
  Filters tab —> Add the iisforward dll). For each virtual host the path to the
  iisforward.dll should be unique. The paths should match the ones that you created
  previously. Again, there should be a unique path for each virtual website.
  Example:
  D:\WebLogicVHosts\vhost1-svmhome.com\iisforward.dll
  D:\WebLogicVHosts\vhost2-svmwork.com\iisforward.dll
  D:\WebLogicVHosts\vhost3-svmmemphis.com\iisforward.dll
  On the App Mappings tab, click the Add button to add file types and configure
  them to be proxied to WebLogic Server. In the dialog box, browse to find the
  "iisproxy.dll" file that matches the path to the unique iisproxy.dll file for
  the virtual host.
  Example:
  D:\WebLogicVHosts\vhost1-svmhome.com\iisproxy.dll
  D:\WebLogicVHosts\vhost2-svmwork.com\iisproxy.dll
  D:\WebLogicVHosts\vhost3-svmmemphis.com\iisproxy.dll
  Set the Extension to the type of file that you want to proxy to WebLogic Server.
  Register .wlforward as a special file type to be handled by iisproxy.dll. Deselect
  the "Check that file exists" check box. Set the Method exclusions as needed
  to create a secure installation.
  When you finish, click the OK button to save the configuration. You can repeat
  this process for each file type you want to proxy to WebLogic. When you finish
  configuring file types, click the OK button to close the Properties panel.
  In the URL, any path information you add after the server and port is passed directly
  to WebLogic Server. For example, if you request a file from IIS with the URL:
  Example:
  http://svmhome.com/jspfiles/myfile.jsp
  it is proxied to WebLogic Server with a URL such as
  http://examplehost07:7001/jspfiles/myfile.jsp
  8.2 Proxying by path
  Now, within the iisproxy.dll file for each virtual host, define the property WlForwardPath
  in iisproxy.ini. WlForwardPath defines the path that is proxied to WebLogic
  Server.
  Example:
  WlForwardPath=/apps
  Set the PathTrim parameter to trim off the WlForwardPath when necessary.
  Example:
  WlForwardPath=/apps
  PathTrim=/apps
  The previous trims a request from IIS to Weblogic Server. Therefore, /apps/exampleapp
  is changed to /exampleapp.
  If you want requests that do not contain extra path information (in other words,
  requests containing only a host name), set the DefaultFileName parameter to the
  name of the welcome page of the Web Application to which the request is being
  proxied. The value of this parameter is appended to the URL.
  If you need to debug your application, set the Debug=ON parameter in iisproxy.ini.
  A c:\tmp\iisforward.log is generated containing a log of the plug-in's activity
  that you can use for debugging purposes.
  For each virtual host that you configure to be proxied to WebLogic, set the value
  for the Application Protection option to high (isolated) as opposed to Low or
  Medium. This allows separate iisforward and iisproxy DLL’s to be loaded into
  each virtual hosts (dllhost.exe) memory address space.
  END OF EXCERPT
  Can someone at BEA verify this information or possible add to it?
  Tony

  Nice write-up.
  Though, I may have found an easier way to use VirtualHost and/or Virtual
  Directories with IIS without the need to use the iisforward.dll.
  A lot of customers are asking about using multiple WlForwardPath to proxy to
  different WebLogic instances. It is possible to use Virtual Directories to
  do this.
  All that you need to do is set the Application Protection to HIGH for each
  Virtual Directory
  and then each directory can use it's own iisproxy.dll/iisproxy.ini. Fairly
  straight forward and it seems to
  work.
  As well, you can do Virtual Websites with each one having the application
  protection set to HIGH as well. And of course they will each use their own
  iisproxy.dll/iisproxy.ini. These virtual Websites can also all listen on
  the
  same IP/Port and if you want to proxy based on Host header, you can click on
  the advanced tab and set the Host header for which this virtual website will
  use.
  So, all that really needs to be done is when you create the virtual
  directory, make sure the
  application protection is set to HIGH and change the App Mapping to point to
  the new iisproxy.dll/iisproxy.ini.
  If you want to proxy everything under that path, then Add another App
  Mapping
  that has an extension of *.
  I do believe this will allow us to completely bypass the need of the
  iisforward.
  I have tested this with IIS5. With IIS4 it is not possible to register an
  App Mapping of *(not sure why).
  I hope this helps many of you.
  Best regards,
  Eric
  "Tony Mendoza" <[email protected]> wrote in message
  news:[email protected]...
  >
  Can someone give a detailed description of how IISForward and IISProxyinteract
  with IIS as ISAPI modules? We have the IIS plugins functioning properly,we would
  just like a more detailed explanation on how they interact and worktogether when
  proxying multiple virtual hosts. It seems that many people are in thedark on
  this process, and that any clarification would alleviate many of the postswe
  see here. I would also settle for a link to some documentation (notBEA's, it
  is very poor!) on this.
  Here is an excerpt from some documentation that we have written upinternally
  that helped us keep track of what we were doing when setting up the IISPlugins.
  Some of this content draws from BEA's documentation so we here atServicemaster
  make no claims on this content:
  START OF EXCERPT:
  6. Configuring IISForward
  6.1 Installing iisforward.dll
  Before creating the Virtual hosts in IIS, we need to create thedirectories that
  are going to contain the DLL's. There is going to be a one-to-onerelationship
  between Virtual Hosts and DLL directories. First create a directory whereall
  of the DLL directories will reside:
  D:\WebLogicVHosts
  Within this directory create the directory for each Virtual Host that willbe
  connecting to the WebLogic instance:
  D:\WebLogicVHosts\vhost1-svmhome.com
  D:\WebLogicVHosts\vhost2-svmwork.com
  D:\WebLogicVHosts\vhost3-svmmemphis.com
  Now copy the iisforward.dll from the directory WL_HOME/server/bin intoeach of
  the directories you created for each of the Virtual Hosts.
  6.2 Creating iisforward.ini
  Create a file called iisforward.ini. Place this file in the samedirectories for
  each of the virtual hosts that contain the iisforward.dll. This fileshould contain
  the following entry for each virtual website defined in IIS:
  vhostN=websiteName:port
  websiteName:port=dll_directory/iisproxy.ini
  Where:
  N is an integer representing the virtual website. The first virtualwebsite you
  define should use the integer 1 and each subsequent website shouldincrement this
  number by 1.
  websiteName is the name of the virtual website as registered with IIS.
  port is the port number where IIS listens for HTTP requests.
  dll_directory is the path to the directory you created in step 1.
  For example:
  vhost1=svmhome.com:7001
  svmhome.com:7001=D:\WebLogicVHosts\vhost1-svmhome.com \iisproxy.ini
  vhost2=svmwork.com:7002
  svmwork.com:7002= D:\WebLogicVHosts\vhost2-svmhome.com \iisproxy.ini
  vhost3=svmmemphis.com:7003
  svmmemphis.com:7003= D:\WebLogicVHosts\vhost3-svmmemphis.com \iisproxy.ini
  7. Configuring IISProxy
  7.1 Installing IISProxy
  Now copy the iisproxy.dll from the directory WL_HOME/server/bin into eachof the
  directories you created for each of the Virtual Hosts.
  D:\WebLogicVHosts\vhost1-svmhome.com
  D:\WebLogicVHosts\vhost2-svmwork.com
  D:\WebLogicVHosts\vhost3-svmmemphis.com
  7.2 Creating iisproxy.ini
  The iisproxy.ini file contains name=value pairs that define configurationparameters
  for the plug-in. Changes in the parameters will not go into effect untilyou
  restart the "IIS Admin Service".
  We need to create a iisproxy.ini configuration file for each of thevirtual hosts.
  Here is a sample iisproxy.ini file for use with a single, non-clusteredWebLogic
  Server. Comment lines are denoted with the "#" character.
  # This file contains initialization name/value pairs
  # for the IIS/WebLogic plug-in.
  WebLogicHost=examplehost16
  WebLogicPort=7001
  ConnectTimeoutSecs=20
  ConnectRetrySecs=2
  Here is a sample iisproxy.ini file with clustered WebLogic Servers.Comment lines
  are denoted with the "#" character.
  # This file contains initialization name/value pairs
  # for the IIS/WebLogic plug-in.
  WebLogicCluster=examplehost07:7001,examplehost08:7001
  ConnectTimeoutSecs=20
  ConnectRetrySecs=2
  8. Configuring IIS Virtual Hosts
  8.1 Proxying by file extension
  At this point we are now ready to configure the virtual hosts within IIS.First
  create a new virtual website as you would normally do within IIS. Secondadd
  the iisforward.dll file as a filter service in IIS (WebSite Properties ->ISAPI
  Filters tab -> Add the iisforward dll). For each virtual host the pathto the
  iisforward.dll should be unique. The paths should match the ones that youcreated
  previously. Again, there should be a unique path for each virtualwebsite.
  >
  Example:
  D:\WebLogicVHosts\vhost1-svmhome.com\iisforward.dll
  D:\WebLogicVHosts\vhost2-svmwork.com\iisforward.dll
  D:\WebLogicVHosts\vhost3-svmmemphis.com\iisforward.dll
  On the App Mappings tab, click the Add button to add file types andconfigure
  them to be proxied to WebLogic Server. In the dialog box, browse to findthe
  "iisproxy.dll" file that matches the path to the unique iisproxy.dll filefor
  the virtual host.
  Example:
  D:\WebLogicVHosts\vhost1-svmhome.com\iisproxy.dll
  D:\WebLogicVHosts\vhost2-svmwork.com\iisproxy.dll
  D:\WebLogicVHosts\vhost3-svmmemphis.com\iisproxy.dll
  Set the Extension to the type of file that you want to proxy to WebLogicServer.
  Register .wlforward as a special file type to be handled byiisproxy.dll. Deselect
  the "Check that file exists" check box. Set the Method exclusions asneeded
  to create a secure installation.
  When you finish, click the OK button to save the configuration. You canrepeat
  this process for each file type you want to proxy to WebLogic. When youfinish
  configuring file types, click the OK button to close the Properties panel.
  In the URL, any path information you add after the server and port ispassed directly
  to WebLogic Server. For example, if you request a file from IIS with theURL:
  >
  Example:
  http://svmhome.com/jspfiles/myfile.jsp
  it is proxied to WebLogic Server with a URL such as
  http://examplehost07:7001/jspfiles/myfile.jsp
  8.2 Proxying by path
  Now, within the iisproxy.dll file for each virtual host, define theproperty WlForwardPath
  in iisproxy.ini. WlForwardPath defines the path that is proxied toWebLogic
  Server.
  Example:
  WlForwardPath=/apps
  Set the PathTrim parameter to trim off the WlForwardPath when necessary.
  Example:
  WlForwardPath=/apps
  PathTrim=/apps
  The previous trims a request from IIS to Weblogic Server. Therefore,/apps/exampleapp
  is changed to /exampleapp.
  If you want requests that do not contain extra path information (in otherwords,
  requests containing only a host name), set the DefaultFileName parameterto the
  name of the welcome page of the Web Application to which the request isbeing
  proxied. The value of this parameter is appended to the URL.
  If you need to debug your application, set the Debug=ON parameter iniisproxy.ini.
  A c:\tmp\iisforward.log is generated containing a log of the plug-in'sactivity
  that you can use for debugging purposes.
  For each virtual host that you configure to be proxied to WebLogic, setthe value
  for the Application Protection option to high (isolated) as opposed to Lowor
  Medium. This allows separate iisforward and iisproxy DLL's to be loadedinto
  each virtual hosts (dllhost.exe) memory address space.
  END OF EXCERPT
  Can someone at BEA verify this information or possible add to it?
  Tony