Using reverse proxy and terminating ssl on them

Similar Messages

• Reverse proxy and iWS 6.1 SP2?

  Hey all,
  i have 2 questions.
  Can i use reverse proxy (and pass proxy) with iWS 6.1 SP2?
  How must i configure the webserver to use this?
  I need the following thing:
  Client called https://server111.de/XXXXTruePassApp/ ---> Proxy get Data from https://server222.de/XXXXTruePassAppProxy/
  Under Apache looks like that with mod_proxy:
  ProxyPass /eCaSSTruePassApp/ https://server222.de/XXXXTruePassAppProxy/
  ProxyPassReverse /eCaSSTruePassApp/ https://server222.de/XXXXTruePassAppProxy/
  Thanks for help.
  Greets Chmeee-de

  Chmeee-de, I really don't think you should be using Sun ONE Web Server 6.1SP2. That version has known security vulnerabilities. Please consider applying the latest service pack, 6.1SP7.
  Have you downloaded the Reverse Proxy Plugin? Have you tried reading the Reverse Proxy Plugin release notes? The release notes for Reverse Proxy Plugin 6.1SP7 are at http://docs.sun.com/app/docs/doc/820-0262/6nc0vpnc2?a=view.
  Once you have the plugin installed and have edited the magnus.conf configuration file according to the release notes, you can add the following line immediately below the <Object name="default"> line in the obj.conf configuration file:NameTrans fn="assign-name" from="/XXXXTruePassApp/*" name="XXXXTruePassApp"This line indicates that requests for /XXXXTruePassApp/* should be serviced by an object named XXXXTruePassApp.
  You can then create an object named XXXXTruePassApp by adding the following to the bottom of the obj.conf configuration file:<Object name="XXXXTruePassApp">
  Service fn="service-passthrough" servers="https://server222.de"
  </Object>

• Apache reverse proxy and SSL termination

  Hi Guru's
      Can anyone tell me, how to do SSL termination at apache reverse proxy. I am using apache reverse proxy for accesing portal from internet. Apache is configured for SSL and portal is NON SSL.
  I am using header variable login module in portal. i wanted to terminate SSL at apache reverse proxy and then all traffic after that should be clear text.
  should i maitain any property. is there any documentation for it.
  Please help me
  Tom

  The majority of the work here is around configuring your Web Dispatcher and Apache Reverse proxy. The work on the portal is straight forward enabling of SSL.
  You can follow http://help.sap.com/saphelp_nw2004s/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm for setting this up.
  what level I need to configure SSL and how do I proceed in both scenarios?
  Your question itself says where you need SSL. SSL is required where ever you need HTTPS communication.
  how do I proceed in both scenarios?
  From a portal perspective, the configuration should remain the same.
  Do I have to install SSL at portal, web dispatcher or at Apache level?
  SSL needs to be configured at all the 3 levels if you are looking at end to end SSL implementation.
  See the following for possible SSL implementation options:
  http://help.sap.com/saphelp_nw04/helpdata/en/d8/a922d7f45f11d5996e00508b5d5211/frameset.htm
  https://cw.sdn.sap.com/cw/docs/DOC-115509
  Will SSL termination work for scenario 2?
  Yes this should work - see http://help.sap.com/saphelp_nw2004s/helpdata/en/36/fd39eacf4cde4a8fe32d7f29b3db16/frameset.htm
  However in case of SSL Termination, the request to your portal from the web dispatcher will be sent as HTTP.
  I would recommend you to take a step by step (backward approach).
  First, enable SSL on your portal and make sure it works - going directly to the server.
  Then, you can introduce the Web Dispatcher - and test if every thing works going through the web dispatcher.
  Finally - you can test the end to end flow - with your Reverse proxy involved.
  - Shanti

• Web Dispatcher - Reverse Proxy and Load Balancing

  I'm finding limited docs on Web Dispatcher with regard to reverse proxy and load balancing.  Are you aware of some recent presentations or docs in this area?  The info on help.sap.com is not what I'm looking for.
  Thanks.

  Hi,
  best thing is that you look at your scenarios and test the web dispatcher against each of it, like:
  - SSL
  - Portal only
  - Web Dynpro ABAP / Java
  - BSP
  - Different backend systems like SRM, MDM
  - Several backends with 1 Web Dispatcher
  After getting a list of use cases that you can test quite easily (installation of Web Dispatcher is done fast and can be done on a local PC), you can contact SAP Support and ask them about the specific problems and questions you encountered. This way, you'll get the official answer, sometimes they will even inform you about "secret" parameters and options.
  As of the reverse proxy functionality: there are several version of Web Dispatcher available that differ from the functionality offered. The latest version - 7.2 - is the one that offers the most, i.e. allows you to create rewrite rules like Apache.
  SAP Note 908097 - SAP Web Dispatcher: Released releases and applying patches
  br,
  Tobias

• Arrowpoint Cookies, Reverse Proxy and Multiplexed Client Requests

  Hi,
  I have a reverse proxy which is performing SSL offload and making backend connections to two web servers. Between the reverse proxy and the two webservers, a CSS is in place to load balance between the web servers. There is a requirement for session stickiness on the web servers and since client IP details are lost through the reverse proxy I have used the arrowpoint-cookie method to load balance connections.
  However, the reverse proxy seems to make only a handful of connections to the servers compared to the number incoming client connections and we have noticed that stickiness is broken. Now, I would assume this is correct if arrowpoint-cookie makes a load balancing based on the first HTTP get in a tcp stream and not on a per transaction basis AND our reverse proxy is multiplexing client requests. However, I can not convince myself of how the arrowpoint-cookie method actually works.
  I wondered if anyone had any insight on this or had experienced similar issues with arrowpoint cookies?

  Hi Gilles,
  I have implemented this today, and we are still seeing issues with requests hitting the wrong server.
  A bit more info, the reverse proxy is an AXG Web Aopplication Firewall. I have been looking at this and am considering disabling connection re-use on here.
  However I am also wondering if this might be to do with the flow timeout multiplier I am using which is 5 (80 seconds). Perhaps this is too low?
  Thanks, David.

• Sun Web Server Reverse Proxy and Weblogic HTTP to HTTPS redirection

  Hi,
  I am currently testing reverse-proxy from SJSW 7.0 update 5 to Weblogic server but I have encountered an issue.
  I have configured a context root to be forwarded to weblogic:
  Web Server: www.server.com
  URI: /path
  Reverse Proxy URL: wlserver:9000
  When I access https://www.server.com/path, I am getting the correct page. The issue is, the weblogic server is configured to redirect HTTP access to HTTPS, i.e., when I access http://www.server.com/path, it should be redirected to https://www.server.com/path. However, that is not the case. What happens is that I am being redirected instead to https://www.server.com/.
  If I don't use reverse proxy, that is, if I use the libproxy.so from weblogic, I get the correct redirection.
  Would appreciate it very much if someone can help me troubleshoot this issue.
  Thanks in advance!
  Edited by: agent_orange on Jul 29, 2010 2:30 AM
  Edited by: agent_orange on Jul 29, 2010 2:31 AM

  I am not sure, how you have configured your reverse proxy since you didn't attach / refer your current configuration file. this is how I would do it..
  - create a new configuration (using web server 7 admin gui , within configuration wizard, disable java option if you plan to use web server 7 only for reverse proxy)
  - select this new configuration and go to reverse proxy and try to reverse proxy / to the origin server.
  that is all it should need.
  your obj.conf or <hostname>-obj.conf depending on your configuration should look like following snippet
  <Object name="default">
  AuthTrans..
  NameTrans fn=map from="/" to="/path" name="reverse-proxy-/"
  </object>
  <Object name="reverse-proxy-/">
  Route fn=....
  Service ..
  </Object>
  this is all you should need..
  However, if you wanted to add complexity to your configuration, you could do some thing like
  <Object name="default">
  Auth..
  <If defined $security>
  NameTrans fn=map from="/" to="/path" name="reverse-proxy-/"
  </If>
  </Object>
  <Object name="reverse-proxy-/">
  Route...
  </Object>

• Reverse Proxy and Load Balancer for SMP 2.3 and Agentry Application

  Hi Expert,
  I'm putting in place a mobile solution composed by SMP 2.3 SPS 4 and SAP ECC 6.0. In the SMP 2.3 I created the agentry server and I have deployed my agentry application.
  My SMP/Agentry infrastructure is composed by two servers therefore I need a load balancer for balance the load into the several servers. Furthermore I need to use a reverse proxy in my DMZ zone.
  Based on what indicated in the SAP note "1904213 - SAP Mobile Platform Server Release Information" the Apache Reverse Proxy is not supported for Agentry clients. Agentry uses nginx for Reverse Proxy.
  I also found the following document How-to-Guide for Reverse Proxy and Load Balancing in SAP Mobile Platform 3.x that explain how to set-up a reverse proxy and load balancer with nginx and apache.
  Both the SAP note and the HOW to document are refereed to SMP 3.0 and not to SMP 2.3.
  I would know if the NGINX must be used also for SMP 2.3.
  Any suggestion/information is appreciated.
  Thanks in advance
  g.

  Please see Agentry Network Landscapes

• Need in depth knowledge about Certficate request and install for Reverse proxy and CAS role

  Hi,
  I have few confusions about Exchange 2010/13 certificate request and install. As per my understanding best practise is to assign public CA certificate to Reverse proxy and Local CA certificate to CAS servers but need to know that what should be the format
  of certificate request? Do we need to order public certificate just for mail.domain.com and add SAN for other web services URLs and is it required to add CAS array and server names to this certificate ? In what case we will add server names and what will happen
  if we don't add in it ? How the outlook clients connecting from internet will be using this certificate? I have very limited knowledge in certificates and it always pisses me off. Please help me with explanations and articles. I tried to google and gone through
  many articles but didn't get a fair idea. Thanks in advacnce. :) 

  Hi,
  Here are my answers you can refer to:
  1. Use the New-ExchangeCertificate cmdlet to generate a new certificate request:
  New-Exchangecertificate -domainname mail.domain.com, autodiscover.domain.com -generaterequest:$true -keysize 1024 -path "c:\Certificates\xxxx.req” -privatekeyexportable:$true –subjectname "c=US o=domain.com, CN=server.domain.com"
  2. CAS array name doesn’t need to be added in the certificate:
  http://blogs.technet.com/b/exchange/archive/2012/03/23/demystifying-the-cas-array-object-part-1.aspx
  3. It depends on the situation that you configured to add the server name.
  4. Outlook clients use certificate for authentication.
  If you have any question, please feel free to let me know.
  Thanks,
  Angela Shi
  TechNet Community Support

• Why do we use reverse proxy for Oracle RAC Cluster setup

  Hello All,
               I got this question lately.. "why do we use reverse proxy for Oracle RAC Cluster setup". I know we use the reverse proxy at Middleware level for multiple security reasons.
  Thanks..

  "why do we use reverse proxy for Oracle RAC Cluster setup".
  I wouldn't. I wouldn't use a proxy of any sort for the Cluster Interconnect for sure.
  Cheers,
  Brian

• Where are my designs stored when using Adobe CC and can i access them if i cancel ?

  where are my designs stored when using Adobe CC and can i access them if i cancel ?

  This is answered in the CC FAQ: http://www.adobe.com/products/creativecloud/faq.html

• After I installed the Moare recording, the firefox can't connect to internet. BTW I used the proxy and it works fine in another browse.

  After I installed the Moare recording, the firefox can't connect to internet. It worked fine before I installed Moare.
  I used the proxy and it works fine in another browse.

  I can not find "Moare recording" on the internet. Please see the following thread for troubleshooting. [https://support.mozilla.org/en-US/questions/935081?esab=a&s=proxies&r=3&as=s following thread;]

• Issues in ssl configuration with apache server (using reverse proxy)

  Hi,
  I am able to use apache server as a reverse proxy to connect to Portal. When I enter the web server url as https://mywebserver.com, I am able to connect to the http url of the Portal. But the moment I try to connect to the https url of Portal with this https url, I am not able to connect to the Portal. Thus I am not able to use apache as a proxy server for https connections it makes. What must I do. I read that mod_proxy_connect needs to be used, but how do I use this?
  The second problem is that I need to use more than one kind of mapping.
  For example I must be redirected to the Portal even if I use http://webserver.com , or even if I use https://webserver.com or even if I use http://webserver.com/irj or https://webserver.com/irj or http://ipaddress-websserver/irj etc

  I have SSLCertificateFile and
  and SSLCertificateKeyFile .
  My problem is with regard to ssl/CertificateChainFile?
  what is this? Also how do I upload my J2EE Certificate into apache.
  The problem is with Apache handshake is not happening.
  I am forwarding the entire log during . I have put what I consider important in bold.Please have a look.
  <b>----
  </b>
  Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1769): OpenSSL: Handshake: start
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: before/connect initialization
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv2/v3 write client hello A
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1512): OpenSSL: read 7/7 bytes from BIO#629160 [mem: 47855a8] (BIO dump follows)
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1459): ----
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0000: 16 03 01 04 1a 02                                ......           |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1488): | 0007 - <SPACES/NULS>
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1490): ----
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1512): OpenSSL: read 1048/1048 bytes from BIO#629160 [mem: 47855af] (BIO dump follows)
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1459): ----
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0000: 00 36 03 01 44 74 67 cb-38 b5 8e 42 3b 59 c3 6c  .6..Dtg.8..B;Y.l |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0010: 23 5c 07 d0 8b 24 89 89-11 2e 0d 80 ed 1a 06 ea  #
  ...$.......... |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0020: 1d 10 b0 59 10 28 7c b4-02 cb d6 08 a8 e4 ea 5a  ...Y.(|........Z |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0030: e5 88 5c 5d 90 00 39 00-0b 00 01 cc 00 01 c9 00  ..
  ]..9......... |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0040: 01 c6 30 82 01 c2 30 82-01 2b a0 03 02 01 02 02  ..0...0..+...... |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0050: 04 36 0b 23 72 30 0d 06-09 2a 86 48 86 f7 0d 01  .6.#r0...*.H.... |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0060: 01 04 05 00 30 14 31 12-30 10 06 03 55 04 03 13  ....0.1.0...U... |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0070: 09 6c 6f 63 61 6c 68 6f-73 74 30 1e 17 0d 30 33  .localhost0...03 |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0080: 31 30 30 32 30 37 32 35-30 30 5a 17 0d 30 35 31  1002072500Z..051 |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0090: 30 30 32 30 37 32 35 30-30 5a 30 14 31 12 30 10  002072500Z0.1.0. |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 00a0: 06 03 55 04 03 13 09 6c-6f 63 61 6c 68 6f 73 74  ..U....localhost |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 00b0: 30 81 9f 30 0d 06 09 2a-86 48 86 f7 0d 01 01 01  0..0...*.H...... |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 00c0: 05 00 03 81 8d 00 30 81-89 02 81 81 00 ef d6 ff  ......0......... |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 00d0: a6 39 e1 64 a5 d3 fb 16-de 4e ee 1d 81 84 31 bc  .9.d.....N....1. |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 00e0: e6 b7 96 07 3e 81 b9 94-d1 c1 e0 f9 00 3a 84 e8  ....>........:.. |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 00f0: 7a 30 11 cd 41 26 d6 6c-95 90 93 95 17 e0 1a b7  z0..A&.l........ |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0100: 00 0f 59 33 7d 1d f3 a0-83 17 c5 f3 7e b3 ad ed  ..Y3}.......~... |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0110: c9 60 ac af 9e 31 d2 ec-42 71 f9 c3 98 2e 93 f9  .`...1..Bq...... |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0120: 9d c3 c4 3d b3 7d 9b 97-83 1c 6b bd c0 75 cc 96  ...=.}....k..u.. |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0130: dc b9 a0 1b 00 79 85 e4-19 1f 61 42 54 db 91 94  .....y....aBT... |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0140: d8 1d 72 13 08 36 22 49-3b fb 05 dc 33 02 03 01  ..r..6"I;...3... |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0150: 00 01 a3 21 30 1f 30 1d-06 03 55 1d 0e 04 16 04  ...!0.0...U..... |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0160: 14 ed ed 02 af 94 13 59-1c 42 e6 69 40 e5 80 dd  .......Y.B.i@... |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0170: a4 e9 33 91 02 30 0d 06-09 2a 86 48 86 f7 0d 01  ..3..0...*.H.... |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0180: 01 04 05 00 03 81 81 00-2c 22 08 bd 71 b6 80 43  ........,"..q..C |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0190: 5a 2a 8b e8 62 34 b4 b4-84 8a 47 4b 97 5e bf dd  Z*..b4....GK.^.. |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 01a0: 17 4c 0a 1c b7 0e cd c5-d1 cc d8 77 cd 38 10 ef  .L.........w.8.. |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 01b0: 22 02 f0 02 7f a2 39 2b-53 eb 31 b6 18 49 37 a0  ".....9+S.1..I7. |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 01c0: 50 47 f2 34 ab 33 eb 5f-ec 5a f9 f7 53 5f 27 eb  PG.4.3._.Z..S_'. |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 01d0: 02 7f b4 28 3e e8 b1 c7-59 df 2c 93 25 c5 34 14  ...(>...Y.,.%.4. |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 01e0: 7a 34 7c 45 b4 eb 6b 34-93 26 98 51 37 d3 e6 b0  z4|E..k4.&.Q7... |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 01f0: 7f 83 e3 a9 04 d3 47 b3-3d de 43 57 27 45 82 c0  ......G.=.CW'E.. |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0200: 4d 48 bf c0 a7 2f 66 0c-0c 00 02 08 00 80 af 76  MH.../f........v |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0210: 1f f5 f6 48 a0 01 0f ed-55 4c 53 9a 7c 07 7a ba  ...H....ULS.|.z. |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0220: c7 9d 77 e8 8b c7 66 8f-80 03 18 c5 1f 4f 2a a0  ..w...f......O*. |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0230: 08 6f 9f e3 13 94 30 56-e7 2f 96 7c 26 97 ba 12  .o....0V./.|&... |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0240: aa fd 3e 43 e1 46 c2 d1-32 94 56 45 52 c0 24 6f  ..>C.F..2.VER.$o |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0250: 38 e0 93 0f 3a f8 0a 7c-41 0e 4c 54 4f 5a 7e d4  8...:..|A.LTOZ~. |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0260: 62 e6 71 cd a0 dc 1e 9b-17 e5 10 71 3c 9d c6 39  b.q........q<..9 |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0270: 05 50 b6 15 37 0b 68 4f-24 50 74 47 13 1c 74 d8  .P..7.hO$PtG..t. |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0280: 81 27 81 71 3a 4a c5 26-7d b8 e6 21 b3 d9 00 80  .'.q:J.&}..!.... |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0290: 4f 6f 5d e6 2d dc 77 46-e6 77 b1 94 3d 65 5b b0  Oo].-.wF.w..=e[. |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 02a0: 3d 39 7a 6c a2 c7 0b e3-27 08 fa 48 8d 75 1a fe  =9zl....'..H.u.. |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 02b0: 32 e6 13 d1 31 65 7d d5-11 34 21 78 38 d1 11 fb  2...1e}..4!x8... |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 02c0: ea 59 8e 24 79 5a 4b c2-f7 98 22 51 9f a7 4d 2b  .Y.$yZK..."Q..M+ |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 02d0: 15 98 fe d4 43 4b 34 25-b3 9b b3 ae 57 d1 ea 69  ....CK4%....W..i |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 02e0: 6e 02 7e 61 d7 80 b6 73-6a 3e ac eb 69 38 67 8f  n.~a...sj>..i8g. |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 02f0: a9 2a dc 93 3d 22 f3 6e-6a 5d 51 1f b1 b1 10 5e  .*..=".nj]Q....^ |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0300: 82 28 48 0d 5a 78 f8 17-61 e0 c5 43 61 7a 42 6a  .(H.Zx..a..CazBj |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0310: 00 80 42 fa 7e 11 b2 77-3a 8c de f1 52 5a e1 18  ..B.~..w:...RZ.. |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0320: d4 e7 8f ee 2c e0 06 ef-d5 37 87 62 07 14 d1 5a  ....,....7.b...Z |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0330: ca 30 be fd dd 76 47 8f-ed f4 5f f3 64 6c 32 a9  .0...vG..._.dl2. |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0340: d5 07 e2 9b f1 29 a3 bf-33 4a ed 72 6b 2e c3 0f  .....)..3J.rk... |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0350: 30 bd 13 a1 42 d8 f7 1d-58 8a 1c 53 d6 c3 c8 6e  0...B...X..S...n |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0360: 0e 51 e3 f5 a0 37 68 0d-04 c6 0e c4 4d cc ed 7c  .Q...7h.....M..| |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0370: ef 8f 81 b3 52 34 0c 60-eb f8 01 19 cc 95 31 55  ....R4.`......1U |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0380: 7d 16 bf 0c df b8 e0 3d-8f 7c 7a 4a 64 98 93 59  }......=.|zJd..Y |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0390: eb ae 00 80 ef cb bc 38-ab 16 0e a2 b2 2d fa 0f  .......8.....-.. |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 03a0: da 55 2d 67 a8 b8 34 1b-bf 39 d9 d6 da 65 f2 8f  .U-g..4..9...e.. |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 03b0: 6f a2 b1 1d db bb d5 dd-ab cf 9e 63 00 e4 57 a5  o..........c..W. |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 03c0: 18 4a dc 60 b0 97 5d 67-34 96 bf a2 43 2b 7d 70  .J.`..]g4...C+}p |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 03d0: d6 99 d2 31 d2 11 f4 f2-19 b8 0c 41 7d bf b1 7c  ...1.......A}..| |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 03e0: fb 31 cb 3e c2 0a e2 26-1a 7e 63 50 9b 62 c3 82  .1.>...&.~cP.b.. |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 03f0: ca cd 36 82 0c 56 5f 26-f6 cc c6 6f 03 92 cc f5  ..6..V_&...o.... |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0400: 6b 55 1a d6 92 f9 5b 59-18 c2 62 21 eb d8 a4 ea  kU....[Y..b!.... |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0410: fd b6 3e f7 0e                                   ..>..            |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1488): | 1048 - <SPACES/NULS>
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1490): ----
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 read server hello A
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1207): Certificate Verification: depth: 0, subject: /CN=localhost, issuer: /CN=localhost
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1207): Certificate Verification: depth: 0, subject: /CN=localhost, issuer: /CN=localhost
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1207): Certificate Verification: depth: 0, subject: /CN=localhost, issuer: /CN=localhost
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 read server certificate A
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 read server key exchange A
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 read server done A
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 write client key exchange A
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 write change cipher spec A
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 write finished A
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 flush data
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1512): OpenSSL: read 5/5 bytes from BIO#629160 [mem: 47855a8] (BIO dump follows)
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1459): ----
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0000: 15 03 01 00 02                                   .....            |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1490): ----
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1512): OpenSSL: read 2/2 bytes from BIO#629160 [mem: 47855ad] (BIO dump follows)
  Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1459): ----
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0000: 02 28                                            .(               |
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1490): ----
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1782): OpenSSL: Read: SSLv3 read finished A
  [Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1801): OpenSSL: Exit: failed in SSLv3 read finished A
  [Wed May 24 07:03:54 2006] [info] SSL Proxy connect failed
  [Wed May 24 07:03:54 2006] [info] SSL Library Error: 336151568 error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
  [Wed May 24 07:03:54 2006] [info] Connection to child 249 closed with abortive shutdown(server apacheserver:443, client j2eeserver)
  [Wed May 24 07:03:54 2006] [error] (20014)Error string not specified yet: proxy: pass request body failed to j2eeserver:50001 (j2eeserver)
  [<b>Wed May 24 07:03:54 2006] [error] (20014)Error string not specified yet: proxy: pass request body failed to j2eeserver:50001 (j2eeserve) from apacheserver ()
  [Wed May 24 07:04:10 2006] [debug] ssl_engine_io.c(1523): OpenSSL: I/O error, 5 bytes expected to read on BIO#612610 [mem: 62ac80]
  [Wed May 24 07:04:10 2006] [info] (OS 10060)A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.  : SSL input filter read failed.
  [Wed May 24 07:04:10 2006] [debug] ssl_engine_kernel.c(1787): OpenSSL: Write: SSL negotiation finished successfully
  [Wed May 24 07:04:10 2006] [info] Connection to child 249 closed with standard shutdown(server apacheserver:443, client apacheserver)
  </b>

• Charts, reverse proxy and SSL

  I have set up an APEX server running XE under Windows 2003. I upgraded it to APEX 3.0.1. I have an application almost completed that I now want to start testing remotely, and that I want to protect with SSL. So, I installed the Windows version of Apache, and got one of my network experts to help me install an SSL certificate. We used a reverse proxy method per non-Oracle documentation we dug up using Google. (I think one of my problems may be that I did not actually configure APEX to use an external web server -- read on.) Everything seems to be working fine except the flash charts, which generate an error message that "XML loading failed." There is a URL in the error message that starts: http://127.0.0.1:8080/apex... Clearly, when APEX generates an internal URL, it is not aware of the fact that the browser is remote and the reverse proxy is only working from the Apache server to the internal APEX server (and not the other direction). This may or may not be complicated by the fact that the URL's being proxied contain "https".
  I tried to configure APEX for an external web server per instructions in the APEX 3.1 Installation Guide. HOWEVER, per step 4.4.5, I cannot find "ORACLE_HTTPSERVER_HOME\Apache\modplsql\conf\dads.conf". In fact, there is NO apache directory anywhere (except for the one that I installed indepentdently of APEX). I had this problem prior to installing Apache myself, i.e there is no obvious place where the web server that comes with APEX is installed, and there is no DADS file. I searched the ENTIRE C: drive and there is no DADS file.
  You've already guessed that I have not been using APEX very long, and I am guessing that I probably have more than one problem. I have spent hours reading documentation, and have had a lot of success with APEX. This just went further than I know how to diagnose.
  Here are some of my questions, some of which I'm sure are related:
  - Where is dads.conf?
  - Where is the 3.0.1 web server?
  - What do I have to do to get APEX to generate the correct https URL's?
  - Is it possible to set up a reverse proxy from the APEX internal web server to the external Apache server?
  Oh... and P.S.: I installed the upgrade to APEX 3.1 in the hope that it would fix something. I spent a lot of time trying to follow every step precisely. The 3.1 installation acts the same way as 3.0.1 where everything that I have done except charts works fine.
  I will be incredibly gateful if someone can help me with this.

  Did you ever find a solution to this issue?

• Enterprise portal access using reverse proxy using Apache and webdispatcher

  Hi Guys,
  As requirement, we need to give solution to customer about Reverse proxy scenario. I am new to this part.
  What we have think of to use Apache and Web dispatcher.
  I tried to search documents and found some sdn links also but still i am not comfortable to go about.
  Need suggestion and document if anyone has used so far.reverse proxy.
  As basis person, we need to do all ( Apache installation, Apache configuration, Web dispatcher installation and configuration, integration with EP.)
  It will helpful to me if i can get Apache installation, Apache configuration part and integration with EP, or web dispatcher, configuration etc.
  Thanks,
  Deepak

  We used Netscaler for Reverse Proxy implementation and can assure you that network team performed most of the set ups. This was on EP 7.01.
  From BASIS stand point it would be primarily Web Dispatcher Configuration.
  Also refer the links I specified in another thread. There are several scenarios discussed there -
  Re: Post values for userid and passowrd fields in logon page
  http://wiki.sdn.sap.com/wiki/display/BSP/Using+Proxies
  ~ Dhanz

• Problems with apex and anychart (using reverse proxy)

  Hi,
  Im using 2 Servers. The first with Apache2 and the /i/ directory and the second with a Oracle XE Database.
  The imagedirectory is at the first server.
  Heres my Apache Setup:
  <Location /apex>
  Options None
  Order allow,deny
  allow from all
  ProxyPass http://..(remote_ip)..:8080/apex
  ProxyPassReverse http://..(remote_ip)..:8080/apex
  </Location>
  Alias /i/ /var/i/
  <Directory "/var/i/">
  Options None
  AllowOverride None
  Order allow,deny
  Allow from all
  </Directory>
  if I open a page with a anychart chart I get this error:
  "Flash Security Error
  Anychart can not be launched due to Flash Security Settings violation.
  Please refer to Security error Article in Anychart Documentation..."
  http://www.anychart.com/products/anychart/docs/users-guide/index.html?security-error.html
  I think I have to place a crossdomain.xml
  Placing the crossdomain.xml in example.com/ root-directory doesn't work?
  thanks for any help

  Hi Christoph,
  Yes, the APEX Listener works with Oracle XE. The APEX Listener is currently an Early Adopters release, and is available for download from here: http://www.oracle.com/technology/products/database/application_express/html/apex_listener_download.html. I would recommend reviewing the accompanying Installation Guide before proceeding. There's an 'APEX Listener Feedback' thread - APEX Listener Feedback - which may also proof useful to you. There's also another related thread on this topic: Re: #HOST# Substituin incorrect for charts via Reverse Proxy which discusses the replacement of the #HOST# substitution string.
  Regards,
  Hilary