URL Prefix in a reverse proxy scenario

Similar Messages

• Simple URLs only on reverse proxy?

  Hello all,
  Is there any big impact of having DNS entries for the simple URLs only pointing to the reverse proxy (including for internal clients)? In particular for the meet URL? Would that change the traffic flow for internal users in conferences?
  In my situation we don't have split-blain DNS, we have a trick to hide DNS records to external users so automatic sign-in is fine, but we cannot have one IP for internal and a different one for external for the same FQDN. That is why I am thinking of having
  simple URLs pointing to the reverse proxy for both internal and external access.
  Thanks,
  Gael

  It might be a heavier load on your reverse proxy, but should work fine.  Internal users joining conferences are already logged in via clients that understand they're internal and should connect accordingly.
  The bigger question is lyncdiscoverinternal, are you going to populate it in your DNS?  Or try with lyncdiscover only?  If it resolves, you might get delays from external clients trying to authenticate.  If it's not, then an internal client
  may connect through the edge.  What I've attempted here is to create a pinpoint zone for lyncdiscoverinternal.sipdomain.com with a blank A records that point to the pool.  Then allow access to that "zone" from internal networks only. 
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications
  This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Reverse Proxy question

  Hi,
  I'm using the Sun Webserver 7 and my aim is to allow for some URLs to be reverse proxied into a different server altogether. e.g.
  http://xyz.com/test/something.do --> http://abc.com/test/something.do and
  http://xyz.com/test/images/123.jpg --> http://abc.com/test/images/123.jpg
  Notice that the targetURL is essentially similar to the first one with the difference in domain.
  1) The reason I have the /test/ in the target URL is because from what I have observed (and I have used the Webserver console only) if I had to map /test -> http://abc.com/ in the Reverse proxy then it looks like it adds the /test as well which I'd probably not like to have but its something I can live with.
  2) Considering security, I don't want to reverse proxy all of http://abc.com/ but just the http://abc.com/test/ - the issue here though is the /test/. When I set the Reverse Proxy setting to map /test/ to http://abc.com/test/ I get an error during the re-deployment saying
  set-origin-server reports: CORE7706: invalid URL: http://abc.com/test/ [there is a test directory in the docroot and I also created a simple index.jsp in it to be sure]
  When I try with other existing URLs also http://abc.com/images/ I get the same error. So I'm going to assume only the server is expected here and nothing more. Is there a way around that? I see some people mention more specific URLs in their forum posts and wanted to know if there is something I'm missing.
  Thanks for any input.

  Hi,
  I'm using the Sun Webserver 7 and my aim is to allow for some URLs to be reverse proxied into a different server altogether. e.g.
  http://xyz.com/test/something.do --> http://abc.com/test/something.do and
  http://xyz.com/test/images/123.jpg --> http://abc.com/test/images/123.jpg
  Notice that the targetURL is essentially similar to the first one with the difference in domain.
  1) The reason I have the /test/ in the target URL is because from what I have observed (and I have used the Webserver console only) if I had to map /test -> http://abc.com/ in the Reverse proxy then it looks like it adds the /test as well which I'd probably not like to have but its something I can live with.
  You might want to check out pre defined variables and regular expression pattern matching within our product (which provides lot more options than what is possible through the console)
  http://download.oracle.com/docs/cd/E19146-01/821-1827/gdaer/index.html
  For example, I would do some thing like
  a) manually edit the obj.conf or <vs>-obj.conf depending on your configuration
  <Object name="default">
  <If $urlhost =~ "/xyz.com" and $uri =~ "/test/(.*)" >
  <If not $security>
  NameTrans fn=rewrite from="http://abc.com/$1"
  <Else>
  NameTrans fn=rewrite from="https://abc.com/$1"
  </Else>
  </If>
  <If>
  ... rest of the directives..
  </If>
  </Object>
  2) Considering security, I don't want to reverse proxy all of http://abc.com/ but just the http://abc.com/test/ - the issue here though is the /test/. When I set the Reverse Proxy setting to map /test/ to http://abc.com/test/ I get an error during the re-deployment saying
  set-origin-server reports: CORE7706: invalid URL: http://abc.com/test/ [there is a test directory in the docroot and I also created a simple index.jsp in it to be sure]
  ( I believe you shouldn't be using the trailing slash (it should have been http://abc.com/test
  When I try with other existing URLs also http://abc.com/images/ I get the same error. So I'm going to assume only the server is expected here and nothing more. Is there a way around that? I see some people mention more specific URLs in their forum posts and wanted to know if there is something I'm missing.
  In the reverse proxy scenario, can you try this ( you probably do not need my earlier ones too.. )
  <Object name="default">
  <If not $internal and $urlhost =~ "xyz.com">
  NameTrans fn=map from="/test" to=http://abc.com/$1" rewrite-host=true # note: you could also add the name="..." option to this line and associate this map to say uri-/test object etc..
  </If>
  <If>
  ... rest of the directives..
  </Object>
  <Object name="uri-/test">
  </Object>

• Sun Web server 6.1 SP9 Reverse proxy - Changing Web Server Context

  I am trying to configure a Reverse Proxy such that it can change the context of the requested URL.
  My SOWS reverse proxy plug-in is running on server server1.sample.com and the destination server is running on server2.sample.com. The use case, the incoming URL is [|http://server1.sample.com/dummy1/]...... and I need to map this to {color:#0000ff}http://server2.sample.com/*dummy2*/.....;{color} It looks like the reverse proxy only maps to a server level but disregards the context. The reason I say that, in the server 2 logs I see - .... trying to GET /dummy1....; I needed the call to look for dummy2 context. Can this be done?

  well, web server uri processing does not understand web application level context (in terms of java web applications). however, if you would like to map all uri's ending with /dummy1 to go to /dummy2, then you can easily do this with web server 7 regular express processing
  http://blogs.sun.com/elving/entry/mass_virtual_hosting_in_7
  http://docs.sun.com/app/docs/doc/820-6599/gdaer?a=view
  besides web server 7 includes a very tightly integrated reverse proxy unlike 6.1 where you need reverse proxy as a separate plugin. so, you might want to check out if ws7 can serve your needs
  - sriram

• Enterprise portal access using reverse proxy using Apache and webdispatcher

  Hi Guys,
  As requirement, we need to give solution to customer about Reverse proxy scenario. I am new to this part.
  What we have think of to use Apache and Web dispatcher.
  I tried to search documents and found some sdn links also but still i am not comfortable to go about.
  Need suggestion and document if anyone has used so far.reverse proxy.
  As basis person, we need to do all ( Apache installation, Apache configuration, Web dispatcher installation and configuration, integration with EP.)
  It will helpful to me if i can get Apache installation, Apache configuration part and integration with EP, or web dispatcher, configuration etc.
  Thanks,
  Deepak

  We used Netscaler for Reverse Proxy implementation and can assure you that network team performed most of the set ups. This was on EP 7.01.
  From BASIS stand point it would be primarily Web Dispatcher Configuration.
  Also refer the links I specified in another thread. There are several scenarios discussed there -
  Re: Post values for userid and passowrd fields in logon page
  http://wiki.sdn.sap.com/wiki/display/BSP/Using+Proxies
  ~ Dhanz

• How to disable hostname verification on iplanet reverse proxy

  I am looking for a way to disable hostname verification of the application server url specified in teh reverse proxy setup.
  I am using the following setting in my Object definitions. It is failing due to the certificate CN is not matching the url I specified
  The error is :
  for host xx.yy.zz.ww trying to GET /uri/loginAction.do, service-http reports: HTTP7758: error sending request (SSL_ERROR_BAD_CERT_DOMAIN: Requested domain name does not match the server's certificate.)
  Route fn="set-origin-server" server="https://bbb.com:7002/" poll-timeout="20000" retries="2"
  My tomcat certificate CN has  aaa.com
  While I am using the tomcat on bbb.com.
  Is there any way to disable hostname verification on a reverproxy setup. I am unable to find any relevant documentation on this.
  The closest discussion I found was https://forums.oracle.com/thread/1943116 but it did not conclude anything.

  Found a solution from Oracle Knowledge base:
  This fixed our issue
  <Object name="reverse-proxy-/abc">
  ObjectType fn="ssl-client-config" validate-server-cert="false"
  Route fn="set-origin-server" server="https://server1.test.com:11011" server="https://server2.test.com:11011"
  </Object>

• Publish Lync Externally without Reverse Proxy

  Hello All,
       Well let me start out by saying I'm well aware that publishing lync externally without a reverse proxy is not suggested due to security measures. To get to the point I have the following questions regarding setting this up. As of right now
  I have lync fully working internally only. 
  Here is my current setup
  1 standard front end server with one nic card that has two ip addresses assigned to it and is signed with our internal CA,
  I also have an edge server that has two interfaces. One interface is facing external with three public IP addresses with the AV one set as the primary, This interface has a public UC cert applied to it. The other interface is using a private ip address that
  has a cert from our internal CA.
  My questions are as follow
  1. I currently have a GoDaddy UCC cert that allows me to have 5 San's. I'm trying to maximize this cert but am unsure of how to configure the SAN's. Which sans should be on the certificate so that I can use it for the edge server (av.domain.com/webconf.domain.com/access.domain.com)
  and lync front end external cert (lync.domain.com and meet.domain.com). I also have a wildcard cert from GoDaddy for *.domain.com however I can not attach SAN's to it I was wondering if this could be used for meet.domain.com or autodiscover.domain.com?
  2. Regarding external DNS entries so far I have the following:
  webconf.domain.com -> to the ip for webconf on edge server public interface
  av.domain.com -> to the ip for av on edge server public interface
  access.domain.com -> to the IP for the access on edge server public interface
  lync.domain.com -> to the IP configured for external access on the lync front end server ( I have configured IIS on this site to listen to port 80 and 443 as stated in Ken Lasko's blog post)
  meet.domain.com -> to the IP configured for external access on the lync front end server
       Now my question is do i need to add the autodiscover.domain.com and if so where do I point this entry to? Also can how can I configure this setup to work with lync mobile device. 

  As for the Reverse proxy if going that route:
  External DNS
  lyncdiscover.domain.edu -
  Point to Reverse Proxy Public IP
  lync.domain.edu (this is used as our external webservices url) -
  Point to Reverse Proxy Public IP 
  meeting.domain.edu (/meet and /dialin for the simple url's) - Point to Reverse Proxy Public IP
  sip.domain.edu (this is currently pointing to our external edge server access ip) - Correct
  av.domain.edu (this is currently pointing to our external edge server av ip) - Correct 
  webcon.domain.edu (this is currently pointing to our external edge server webconf ip)  - Correct
  Internal DNS
  You should setup Split DNS or pinpoint zones as meet/Lyncdiscover/sip/dialin records should be created for the domain.edu: http://technet.microsoft.com/en-us/library/gg398758.aspx
  Lyncdiscover.domain.edu - Not required Internally but should point to the private IP (external interface) of the Reverse
  proxy to direct 443 to 4443.
  lync.domain.edu -Point
  to the private IP (external interface) of the Reverse proxy to direct 443 to 4443
  Lyncdiscoverinternal.edu - pointed to front end server ip
  meeting.domain.edu - pointed to front end server ip
  lgcclync2013.domain.cc (this is our FE server) - pointed to our front ender server ip  - correct
  Cisco ASAs don't allow hair-pining of the firewall this is why the internal dns needs to have the lync.domain.edu pointing to an internal IP that can redirect 443 to 4443
  (reverse proxy) instead of pointing to the Public IP of the reverse proxy: http://technet.microsoft.com/en-us/library/hh690030.aspx
  Hi Michael,
       Thank you for all your help. I've set up and configured both the external dns and the IIS ARR, but now I'm running into an error when I try to connect any of the following sites https://lyncdiscover.domain.edu, https://meeting.domain.com,
  https://lync.domain.edu I get an Internal 500 error. When I check the Microsoft Remote Connectivity Analyzer under
  Lync Autodiscover Web Service Remote Connectivity Test I get the following error
  Testing HTTP authentication methods for URL https://lyncdiscover.domain.edu/Autodiscover/AutodiscoverService.svc/root/user.
  HTTP authentication test failed.
  Additional Details
  An HTTP 500 response was returned from IIS7.
  Headers received:
  Content-Length: 1208
  Content-Type: text/html
  Date: Wed, 01 Jan 2014 14:56:12 GMT
  Server: Microsoft-IIS/8.0
  Elapsed Time: 286 ms.
  I created 3 server farms on the IIS ARR sever
  Lync.domain.edu which is being directed to lgcclync2013.domain.cc ports 8080 and 4443 LyncDiscover.domain.edu which is being directed to lgcclync2013.domain.cc ports 8080 and 4443                      
                                meeting.domain.edu which is being directed to lgcclync2013.domain.cc ports 8080 and 4443 When I ping lgcclync2013.domain.cc from the IIS Server it resolved
  correctly to the right IP address.

• Reverse Proxy behind a gateway

  hi ,
  I want to put a reverse Proxy behind the gateway. All the access Manager and the portal are behind the reverse proxy.Kindly, send me some steps on how to configure gateway to achieve this deployment.
  thanks in advance
  dhawanmayur

  Hi ,
  Below steps might help you.
  Edit Platform.conf file of the gateway and set the following properties as follows
  * gateway.enable.accelerator = true
  * gateway.enable.customURl = true
  * Append the reverse-proxy server hostname to the gateway.virtualhost property
  * gateway.httpsurl = https://<reverse-porxy-host>:<reverse-proxy-host-no>/
  Note: Don't miss the Fwd slash "/" at the end of the portNo: in https://hostname.india.sun.com:500/ <--
  After that you might have to do URL mapping on the reverse proxy that you are using.

• Changing URL path or prefix for Java Systems for Reverse Proxying

  I am running an Apache Reverse Proxy for multiple systems including Enterprise Portal and GRC.  Unfortunately, the two systems share the same directory structure (e.g. /webdynpro, /images, /logon, /useradmin, /VC).  The reverse proxy won't be able to differentiate URLs for the two systems.
  I want to add a prefix (e.g. /grc/webdynpro) or change the URL directories (e.g. /grcwebdynpro) for Portal or GRC.  How can I do this?

  Thank you for the reply, but could you explain?  It seems like this wiki is suggesting how to change the default port and start URL and how to configure reverse proxies in general.  It doesn't seem to answer the specific question that I have.
  I need to add or modify the URL so that it is unique to the reverse proxy.  For example, EP and GRC both use /webdynpro.  I would like one of them to use a completely different structure (e.g. /grc/webdynpro) so that the reverse proxy can differentiate requests to different hosts.
  The reason why changing the Start URL doesn't seem like the answer is because the fundamental directory structure is still the same.  The reverse proxy won't be able to differentiate the different requests because of this.
  I am looking for some kind of configuration that lets me add a prefix to the entire web application server.  Is anyone aware of this configuration or know of an alternative solution?

• How do I use Sun Web Server 7.0u1 reverse proxy to change public URLs?

  Some of our installations use the Sun Web Server 7.0 (update 1, usually)
  for hosting some of the public resource and reverse-proxying other parts
  of the URI namespace from other backend servers (content, application
  and other types of servers).
  So far every type of backend server served a unique part of the namespace
  and there was no collision of names, and the backend resources were
  published in a one-to-one manner. That is, a backend resource like, say,
  http://appserver:8080/content/page.html would be published in the internet
  as http://www.publicsite.com/content/page.html
  I was recently asked to research whether we can rename some parts of
  the public URI namespace, to publish some or all resources as, say,
  http://www.publicsite.com/data/page.html while using the same backend
  resources.
  Another quest, possibly related in solution, was to make a tidy url for the
  first page the user opens of the site. That is, in the current solution when
  a visitor types the url "www.publicsite.com" in his or her browser, our web
  server returns an HTTP-302 redirect to the actual first page URL, so the
  browser sends a second request (and changes the URL in its location bar).
  One customer said that it is not "tidy". They don't want the URL to change
  right upon first rendering the page. They want the root page to be rendered
  instantly i the first HTTP request.
  So far I found that I can't solve these problems. I believe these problems
  share a solution because it relies on ability to control the actual URI strings
  requested by Sun Web Server from backend servers.
  Some details follow, now:
  It seems that the reverse proxy (Service fn="service-passthrough") takes
  only the $uri value which was originally requested by the browser. I didn't
  yet manage to override this value while processing a request, not even if
  I "restart" a request. Turning the error log up to "finest" I see that even
  when making the "service-passthrough" operation, the Sun Web Server
  still remembers that the request was for "/test" (in my test case below);
  it does indeed ask the backend server for an URI "/test" and that fails.
  [04/Mar/2009:21:45:34] finest (25095) www.publicsite.com: for host xx.xx.xx.83
  trying to GET /content/MainPage.html while trying to GET /test, func_exec reports:
  fn="service-passthrough" rewrite-host="true" rewrite-location="true"
  servers="http://10.16.2.127:8080" Directive="Service" DaemonPool="2b1348"
  returned 0 (REQ_PROCEED)My obj.conf file currently has simple clauses like this:
  # this causes /content/* to be taken from another (backend) server
  NameTrans fn="assign-name" from="/content" name="content-test" nostat="/content"
  # this causes requests to site root to be HTTP-redirected to a certain page URI
  <If $uri =~ '^/$'>
      NameTrans fn="redirect"
          url="http://www.publicsite.com/content/MainPage.html"
  </If>
  <Object name="content-test">
  ### This maps http://public/content/* to http://10.16.2.127:8080/content/*
  ### Somehow the desired solution should instead map http://public/data/* to http://10.16.2.127:8080/content/*
      Service fn="service-passthrough" rewrite-host="true" rewrite-location="true" servers="http://10.16.2.127:8080"
      Service fn="set-variable" set-srvhdrs="host=www.publicsite.com:80"
  </Object>
  I have also tried "restart"ing the request like this:
      NameTrans fn="restart" uri="/data"or desperately trying to set the new request uri like this:
      Service fn="set-variable"  uri="/magnoliaPublic/Main.html"Thanks for any ideas (including a statement whether this can be done at all
  in some version of Sun Web Server 7.0 or its opensourced siblings) ;)
  //Jim

  Some of our installations use the Sun Web Server 7.0 (update 1, usually)please plan on installing the latest service pack - 7.0 Update 4. these updates addresses potentially critical bug fixes.
  I was recently asked to research whether we can rename some parts of
  the public URI namespace, to publish some or all resources as, say,
  http://www.publicsite.com/data/page.html while using the same backend
  resources.> now, if all the resources are under say /data, then how will you know which pages need to be sent to which back end resources. i guess, you probably meant to check for /data/page.html should go to <back-end>/content/page.html
  yes, you could do something like
  - edit your corresponding obj.conf (<hostname>-obj.conf or obj.conf depending on your configuration)
  <Object name=¨default¨>
  <If $uri = ¨/page/¨>
  #move this nametrans SAF (for map directive - which is for reverse proxy within <if> clause)
  NameTrans.. fn=map
  </If
  </Object>
  and you could do https-<hostname>/bin/reconfig (dynamic reconfiguration) to check out if this is what you wanted. also, you might want to move config/server.xml <log-level> to finest and do your configuration . this way, you would get enough information on what is going on within your server logs.
  finally,when you are satisfied, you might have to run the following command to make your manual change into admin config repository.
  <install-root>/bin/wadm pull-config user=admin config=<hostname> <hostname>
  <install-root>/bin/wadm deploy-config --user=admin <hostname>
  you might want to check out this for more info on how you could use <if> else condition to handle your requirement.
  http://docs.sun.com/app/docs/doc/820-6599/gdaer?a=view
  finally, you might want to refer to this doc - which explains on ws7 request processing overview. this should provide you with some pointers as to what these different directives mean
  http://docs.sun.com/app/docs/doc/820-6599/gbysz?a=view
  >
  One customer said that it is not "tidy". They don't want the URL to change
  right upon first rendering the page. They want the root page to be rendered
  instantly i the first HTTP request.
  please check out the rewrite / restart SAF. this should help you.
  http://docs.sun.com/app/docs/doc/820-6599/gdada?a=view
  pl. understand that - like with more web servers - ordering of directives is very important within obj.conf. so, you might want to make sure that you verify the obj.conf directive ordering is what you want it to do..
  It seems that the reverse proxy (Service fn="service-passthrough") takes
  only the $uri value which was originally requested by the browser. I didn't
  yet manage to override this value while processing a request, not even if
  I "restart" a request. Turning the error log up to "finest" I see that even
  when making the "service-passthrough" operation, the Sun Web Server
  still remembers that the request was for "/test" (in my test case below);
  it does indeed ask the backend server for an URI "/test" and that fails.
  now, you are in the totally wrong direction. web server 7 includes a highly integrated reverse proxy solution compared to 6.1. unlike 6.1, you don´t have to download a separate plugin . however, you will need to manually migrate your 6.1 based reverse proxy settings into 7.0. please check out this blog link on how to set up a reverse proxy
  http://blogs.sun.com/amit/entry/setting_up_a_reverse_proxy
  feel free to post to us if you need any futher help
  you are probably better off - starting fresh
  - install ws7u4
  - use gui or CLI to create a reverse proxy and map one on one - say content
  http://docs.sun.com/app/docs/doc/820-6601/create-reverse-proxy-1?a=view
  if you don´t plan on using ws7 integrated web container (ability to process jsp/servlet), then you could disable java support as well. this should reduce your server memory footprint
  <install-root>/bin/wadm disable-java user=admin config=<hostname>
  <install-root>/bin/wadm create-reverse-proxy user=admin uri-prefix=/content server=<http://your back end server/ config=<hostname> --vs=<hostname>
  <install-root>/bin/wadm deploy-config --user=admin <hostname>
  now, you can check out the regular express processing and <if> syntax from our docs and try it out within <https-<hostname>/config/<hostname>-obj.conf> file and restart the server. pl. note that once you disable java, ws7 admin server creates <vs>-obj.conf and you need to edit this file and not default obj.conf for your changes to be read by server.
  >
  I have also tried "restart"ing the request like this:
  NameTrans fn="restart" uri="/data"
  ordering is very important here... you need to do this some thing like
  <Object name=default>
  <If not $restarted>
  NameTrans fn=restart uri from=/¨ uri=/foo.
  </If>

• IIS Reverse Proxy with URL rewrite.

  Hi all, hoping to leverage the wealth of knowledge contained here.
  Any assistance would be very welcome.
  I'm having an issue getting a reverse proxy and URL rewrite working in IIS 7.0.
  I need to redirect all requests with a specific virtual directory suffix only.
  ie; https://domain.test.com/outbound/Content/query_etc
  With /Outbound/ being the trigger.
  This should be redirected to http://10.10.10.10/inbound/Content/query_etc
  While at the same time, requests without the /outbound/ suffix should be handled locally.
  I have configured the reverse proxy as described in a few articles, and have had no luck.
  Here's a snippet from my (sanitized) web.config at the site level.
  <rewrite>
  <outboundRules>
  <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
  <match filterByTags="A" pattern="^http(s)?://10.10.10.10/inbound/(.*)" />
  <action type="Rewrite" value="https://domain.test.com/outbound/{R:2}" />
  </rule>
  <preConditions>
  <preCondition name="ResponseIsHtml1">
  <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
  </preCondition>
  </preConditions>
  </outboundRules>
  <rules>
  <rule name="ReverseProxyInboundRule1" stopProcessing="true">
  <match url="^outbound/(.*)" />
  <action type="Rewrite" url="http://10.10.10.10/inbound/{R:1}" appendQueryString="true" logRewrittenUrl="false" />
  </rule>
  </rules>
  </rewrite>
  To me, this looks correct, yet it doesn't work.
  With this, I get the normal 404 - Error Code 0x80070002, with the text indicating the local directory doesn't exist, so.... not being picked up by the filter for redirection.

  Hi Andrew,
  Looking at your requirements it appears you need Reverse Proxy To Another Site/Server.
  By using URL Rewrite Module together with
  Application Request Routing module you can have IIS 7 act as a
  reverse proxy.
  It seems like URL Rewrite can't re-route the request somewhere else out of the server.
  Even when you rewrite the url the actual connection remains with the server. Hence if your original server doesn't have /inbound/Content/query_etc  it will fail with 404.
  Hosting multiple domain names under a single account using URL Rewrite.
  It’s a common desire to have a single IIS website that handles multiple sites with different domain names.
  References:
  How to create a url alias using IIS URL Rewrite:
  http://blogs.technet.com/b/mspfe/archive/2013/11/27/how-to-create-a-url-alias-using-iis-url-rewrite.aspx
  Reverse Proxy with URL Rewrite v2 and Application Request Routing:
  http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing
  Regards,
  Satyajit
  Please“Vote As Helpful”
  if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

• How to configure SharePoint HNSC with a reverse proxy server so that HNSC Share Point URLs are not exposed to end users.

  Could you please let me know how SharePoint HNSC can be configured with a reverse proxy server so that HNSC Share Point URLs are not exposed to end users.
  In normal path based site collections/web applications, reverse proxy configuration can be done using alternate access mappings with  Public URL = "proxy URL", internal = "HNSC Share Point URL" so that share point sends response back
  to Public URL = "proxy URL".
  In Host Named Site Collections,  alternate access mappings  are not supported. Each HNSC is designed to have only one URL in each zone. Zone is one of the five zones(Default,Intranet,Internet,Custom,Extranet) with each of which only one alternate
  URL is associated.  This is what we are able to get using power shell command "Set-SPSiteUrl", but this will not help us to get the response back to proxy URL after a request sent to share point because we could not find any mechanism in share
  point HNSC to respond  to a different URL(proxy URL). Consequently, Share Point URLs are exposed to  external users.
  Below share point article in MSDN blog is symmetrical to what we are observing with Share Point 2013 and Proxy Server. It mentions that internal HNSC URLs can’t be hidden using any proxy server. If  hiding the internal Share Point URLS is a requirement,
  it suggests to use a web application instead of host named site collections.
  Though I’m also observing the same behavior with Share Point 2013 HNSC, Could you please confirm my understanding is correct.
  http://blogs.msdn.com/b/kaevans/archive/2012/03/27/what-every-sharepoint-admin-needs-to-know-about-host-named-site-collections.aspx
  Excerpt from above article-
  "Host Named Site Collections Only Use One Host Name
  Continuing on the discussion on AAMs and host named site collections, you cannot use multiple host names to address a site collection in SharePoint 2010. Because host-named site collections have a single URL, they do not support alternate access mappings and
  are always considered to be in the Default zone.  This is important if you are using a reverse proxy to provide access to external users. Products like Unified Access Gateway 2010 allow external users to authenticate to your gateway and access a site
  as http://uag.sharepoint.com and forward the call to http://portal.sharepoint.com. Remember that URL rewriting is not permitted. Further, a site collection can only respond to one host name. This means if you are using a reverse proxy, it must forward the
  calls to the same URL.  If your networking team has a policy against exposing internal URLs externally, you must instead use web applications and extend the web application using an alternate access mapping."<u5:p></u5:p>

  Hi Satish,
  You are right that only one URL is allowed for each zone of the host-name site collections in both SharePoint 2010 and SharePoint 2013.
  It is by design that each host-name site collection only support one URL for each zone.
  The article below is about RTM version of SharePoint, and it is the same for SharePoint 2013 with the latest CU.
  https://support.microsoft.com/en-us/kb/2826457
  So to make the URL of HNSC not exposed to external users is not supported, you need to use path-based sites instead.
  Best regards.
  Thanks
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• Apache reverse proxy and URL Iview

  Hi everybody,
  I'm trying to configure apache as reverse proxy to access my portal from extranet.
  The first problem I have is that I have to access a URL Iview that connect another internal application.
  ProxyPass /irj http://internaPortall/irj
  ProxyPassReverse /irj https://externalPortal/irj
  ProxyPass /irj http://internalApp/myApp
  ProxyPassReverse /irj https://externalApp/myApp
  In my portal the urlIview maps externalApp/myApp
  No problem to access my portal from extranet but I cannot get myApp.....
  Another point:
  I have configured SSL but if I try to connect
  https://externalPortal:8443/irj/
  apache redirects me to
  http://externalPortal/irj/
  Thanks a lot
  Massimiliano

  Hi,
  We are in a similiar situation. Can you please share the solution.
  Thanks...
  Vinay

• O-Portal behind reverse proxy, aliasing of o-portal url to generic url.

  I'd like to setup o-Portal behind a reverse proxy. This is a proxy service which accepts connections on http://a.b.com/ and gets the content from internal webservers based on the url. For example http://a.b.com/pls/DAD1 comes from an o-Portal server but http://a.b.com/depts/ comes from a webserver. The problem with o-Portal is now, that it creates pages with its servername and port in the URL of the pages it serves out. For example, if it runs on server x.b.com on the port 7777 the links on all pages are http://x.b.com:7777/pls/DAD1. To get it to work correctly with my proxy, all these links should be http://a.b.com/pls/DAD1 and then the proxy gets the pages from http://x.b.com:77777/pls/DAD1.
  How do I tell o-Portal to create this different URL in its pages? You could also say, I'd like to alias http://a.b.com/pls/DAD1 to http://x.b.com:77777/pls/DAD1
  I'm sure there is a configuration setting to change this. We had the same problem with Oracle HR11i and there we got it solved.
  Web Single Sign On applications like IBM WebSeal or Netegrity Siteminder use these kind of proxies to protect the intranet and to create a Single Sign On domain for all web servers.
  Thanks,
  Rainer

  I also would like overcome this issue. I could not find an answer anywhere on Metalink or OTN.
  Can a reverse-proxy (i.e. using ProxyPass & Reverse) be used with and internal Portal?
  John Z
  Butler Mfg. Co.
  [email protected]

• Uwc behind a reverse proxy asks for internal urls

  Hi,
  I have an uwc on the msg store. I try to access it through a web reverse proxy, but after the login page which appeared allright, the url is transformed to a internal url which is invalid from the normal outside scope.
  Is this setting a possible one, as advertised or not at all. And what would be the workaround, if any.
  Thanks
  Fran�ois

  Dear Expert,
  Can i know how do you config the reserve proxy to work with the uwc?
  my network topology is:
  machine A: uwc (https://port:443) and MEM (https://port 80) (both are running SSL)
  machine B: Messaging Server (MTA and store)
  machine C: ldap and Identity server
  the login page is https://commexp/uwc , after login, it divide to two main session.
  Mail tab - https://commexp:80
  Other tab - https://commexp/uwc
  How can i set the reverse proxy for this configuration?
  And which proxy are you using?
  Thanks a lot!
  Regards,
  Angus
  had the same problem, fix was -
  >
  >
  in Uwcauth.properties changes
  uwcauth.identity.login.url=http://bason.blah.com:81/am
  server/UI/Login
  AMconfig.properties changes
  com.sun.identity.server.fqdnMap[bason.blah.com]=bason.
  blah.com
  with the hostname (bason.blah.com) being the *uwc
  server* with reverse proxy on it
  for some fun have a look at the url you are directed
  too - in particular the parameters on the url...
  can anyone say "SECURITY HOLE"?