Web Proxy Server & Secure LDAP Problem

Similar Messages

• Safari cannot open the page ~ The error was: "There was a problem communicating with the web proxy server (HTTP)

  Help!  I was cruzing along just fine and went out tonight only to receive the message above:
  Cannot open Page
  Safari cannot open the page
  The error was: "There was a problem communicating with the web proxy server (HTTP)."
  I have had all the Apple iPhone phone.  Have never encountered anything like this. 
  All systems are GO as soon as I log on to wifi. 
  Can anyone help, please. 

  I am also fixed.  I also loaded Onavo, but that was the other day ... this is what I did with the help of online chat with AT&T ...
  I went to:
  Settings
  Wifi
  I selected the network I was working on by hitting the blue arrow located on right side
  At the detail page of that network I scolled down to the bottom to find HTTP Proxy boxes
  I was on Off and changed it to Auto and it worked! 
  I was soo jazzed!!
  Instructions said if it was already on AUTO, to change it to Manual and make your Port = 80 but I didn't have to do that!
  YIPPIE!!  I'm a new man!!
  Go to settings -----> WI-FI  -----> select the network you're using  ------> hit the blue arrow located on the right-side of the network name (ie: show details of that network), this takes you to another page.  
  --------> at the bottom of the page you'll see "HTTP Proxy" boxes (located below the "renew lease" button) ---------------> change the proxy to AUTO.   Note: if you're already at AUTO, change it to "Manual" and make your Port = 80.

• Problem: Protect Sun Web Proxy Server 4.0.5 with Policy Agent 2.2

  We are trying to protect the Sun Web proxy Server 4.0.5 with policy agent 2.2 on solaris 10 machine.
  We are using Access Manager 7.1 along with directory server 6.2
  We are trying to protect the web proxy console url http://domain.example.com with that policy agent so that when we hit web proxy console url
  it should through us access manager login page ie http://abc.com/amserver.
  How can we achieve this.What all changes required in the AMAgent.properties file.Please suggest.

  Hi subho,
  problem is fixed. i have unistalled the policy agent and reinstalled it again. the problem i found is we didnt stop the webproxy instance when installing policy agent. Thanks for the reply

• Routing problem with Web Proxy Server SP5 on AIX

  I downloaded Sun Java System Web Proxy Server 3.6 Service Pack 5 and loaded it onto an AIX v4.3.3 server. Everything is configured correctly, and the server and admin functions start clean.
  This server has two interfaces. One is an INSIDE interface that points toward our network. The other is an OUTSIDE interface pointed toward the Internet. When a user uses the proxy server, he queries the INSIDE interface at port 8080. At that point, the proxy server should contact the destination web address using the OUTSIDE interface on port 80. However,
  a firewall log shows that the request that should be coming from the OUTSIDE is really originating from the INSIDE.
  My routing table looks OK, but I wanted to prove it. So on the proxy server, at command line, I ran a ping and traceroute to www.sun.com. The firewall log showed that the attempts were correctly coming from the OUTSIDE interface. Yet, at my PC, I try to go to the www.sun.com from a browser, and the log shows that it is coming from the INSIDE.
  Does anyone know why the port 80 relays are going out the wrong way?
  Thanks to all in advance.
  Bill

  This also happens on Solaris. Suspect they are performing raw IP connections - and not paying particular attention to the server routing tables.

• Problem on Setting up a Reverse Proxy on Web Proxy Server 4.0.1

  After you setup a reverse proxy using Web Proxy Server 4.0.1, if you get the following error --
  Proxy denies fulfilling the request
  Your client is not allowed to access the requested object.You probably forget to add a regular mapping from: / to: http://http.site.com/. The information provided in 4.0.1 Administration guide is misleading. You will have to add it NOW manually. (Note: in 3.6 it will be added automaticly)
  You will have to do the following step manually, what provided in the manual is misleading --
  Sun Java� System Web Proxy Server 4 .0.1 Administration Guide 2005Q4
  Chapter 14 Using a Reverse Proxy
  "Setting up a Reverse Proxy"
  5. To make the change, click OK.
  Once you click the OK button, the proxy server adds one or more additional
  mappings. To see the mappings, click the link called View/Edit Mappings.
  Additional mappings would be in the following format:
  from: /
  to: http://http.site.com/

  thanks, will verify and update the docs.
  rahul.

• Can i setup a secure reverse proxy using sun one web proxy server and windows 2000?

  I've tried this on IPlanet Proxy 3.6 and, after reading the documentation, realized that SSL is not supported on the Windows platform. So I'm asking if it is supported using Sun One Web Proxy Server

  Hi,
  Yes, What you say is right.
  "The NT and Windows 2000 versions of iPlanet Web Proxy Server 3.6 do not support SSL".
  Sun One Web Proxy Server is as same as iPlanet webproxy server.
  May be in future relase of proxy server SSL will be supported in Win2000.
  Regards,
  Dakshin.
  Developer Technical Support
  Sun Microsystems
  http://www.sun.com/developers/support.

• Socks services errors in web proxy server

  Using SunOne web proxy server 3.6+sp1, the socks service frequently out of service. Sometime its process is still alive , but can't response the client request; sometime the process is gone! The following is the errors log:
  [25/Oct/2002:11:18:06] 8269 debug: io_loop: killing tunnel after rollover, lastactivity == 1966619898,PR_IntervalNow says 2026622109
  [25/Oct/2002:11:20:31] 8269 debug: io_loop: killing tunnel after rollover, lastactivity == 1981101717,PR_IntervalNow says 2041102282
  [25/Oct/2002:11:20:48] 754 error: unknown request type 0x47 from 10.160.8.159:30 83
  [25/Oct/2002:11:41:07] 14946 debug: ACCEPT RETURNED NULL! io_total = 63 dead =-1
  Any infomation is welcome!

  what's the software name of socks? how i can download it?
  you mean it's not good?
  And the following is the issue in detail:
  The socks service frequently out of service. Sometime its process is still alive , but
  can't response the client request; sometime the process is gone.It occurs once a
  day, and after restart, its go away. And the last issue about must reconnect the gameroom
  is gone now, and was identified as the network's problem.
  mangus.conf:
  #ServerRoot /iPlanet/proxy/proxy-proxy-proxy
  ServerName proxy
  ServerID proxy-proxy
  Address 10.160.1.14
  Port 8080
  User root
  LoadObjects obj.conf
  RootObject default
  ErrorLog /iPlanet/proxy/proxy-proxy-proxy/logs/errors
  LDAPConnPool 5
  SearchDepth 30
  Dyngroups ON
  SearchTimeLimit 30
  BindTimeLimit 15
  LdapCheckUp 30
  CertificateChecking OFF
  PidLog /iPlanet/proxy/proxy-proxy-proxy/logs/pid
  MaxProcs 1024
  ProcessLife 128
  DNS on
  Security off
  Ciphers rc4,rc4export,+rc2,+rc2export,+des,+desede3
  SSL3Ciphers
  rsa_rc4_128_md5,rsa_3des_sha,+rsa_des_sha,+rsa_rc4_40_md5,+rsa_rc2_40
  md5,-rsanull_md5
  ACLFile /iPlanet/proxy/httpacl/generated.proxy-proxy-proxy.acl
  obj.conf
  # Netscape Communications Corporation - obj.conf
  # You can edit this file, but comments and formatting changes
  # might be lost when the admin server makes changes.
  Init funcs="icp-init,icp-route" shlib="/iPlanet/proxy/plugins/icp/icp.so" fn="load-
  modules"
  Init funcs="pa-init-proxy-array,pa-init-parent-array,pa-enforce-internal-routing,pa-set-
  parent-route,pa-set-member-status"
  shlib="/iPlanet/proxy/plugins/parray/parray.so" fn="load-modules"
  Init fn="load-types" mime-types="mime.types"
  Init access="/iPlanet/proxy/proxy-proxy-proxy/logs/access" format.access="%
  Ses->client.ip% - %Req->vars.pauth-user% [%SYSDATE%] \"%Req->reqpb.proxy-
  request%\" %Req->srvhdrs.clf-status% %Req->vars.p2c-cl%" fn="flex-init"
  Init fn="init-proxy" timeout="300" timeout-2="15"
  Init fn="init-dns-cache" status="on" dir="/tmp" semas="4" size="4096"
  expire="28800"
  Init fn="init-cache" status="on" ndirs="256" dir="/iPlanet/proxy/cache"
  Init fn="init-partition" status="on" name="p1" dir="/iPlanet/proxy/cache/p1" max-
  size="8000" min-avail="5"
  Init status="on" dir="/iPlanet/proxy/cache/p2" name="p2" max-size="8000" min-
  avail="5" fn="init-partition"
  Init status="on" dir="/iPlanet/proxy/cache/p3" name="p3" max-size="8000" min-
  avail="5" fn="init-partition"
  Init status="on" dir="/iPlanet/proxy/cache/p4" name="p4" max-size="8000" min-
  avail="5" fn="init-partition"
  Init status="on" dir="/iPlanet/proxy/cache/p5" name="p5" max-size="8000" min-
  avail="5" fn="init-partition"
  Init status="on" dir="/iPlanet/proxy/cache/p6" name="p6" max-size="8000" min-
  avail="5" fn="init-partition"
  Init status="on" dir="/iPlanet/proxy/cache/p7" name="p7" max-size="8000" min-
  avail="5" fn="init-partition"
  Init status="on" dir="/iPlanet/proxy/cache/p8" name="p8" max-size="8000" min-
  avail="5" fn="init-partition"
  Init fn="init-urldb" status="on" dir="/iPlanet/proxy/cache/urldb"
  Init fn="init-batch-update" status="off" dir="/tmp" conf-file="bu.conf"
  Init status="on" dir="/tmp" hash-size="17191" table-size="85955" expire="3600"
  fn="init-pauth-cache"
  Init config_file="icp.conf" status="off" fn="icp-init"
  Init set-status-fn="pa-set-member-status" file="/iPlanet/proxy/proxy-proxy-
  proxy/config/parray.pat" status="off" fn="pa-init-proxy-array"
  Init set-status-fn="pa-set-member-status" file="/iPlanet/proxy/proxy-proxy-
  proxy/config/parent.pat" status="off" fn="pa-init-parent-array"
  <Object name="default">
  NameTrans fn="map" from="file:" to="ftp:" cont="yes"
  NameTrans fn="pfx2dir" from="/ns-icons" dir="/iPlanet/proxy/ns-icons" name="file"
  NameTrans fn="pac-map" from="/" to="/iPlanet/proxy/proxy-proxy-
  proxy/pac/proxy.pac" name="file"
  PathCheck fn="url-check"
  PathCheck fn="check-acl" acl="proxy-proxy-proxy_formgen-READ-ACL_deny-
  5619"
  PathCheck fn="check-acl" acl="proxy-proxy-proxy_formgen-WRITE-ACL_deny-
  5619"
  Service fn="deny-service"
  AddLog fn="flex-log" name="access" iponly="1"
  AddLog fn="urldb-record"
  </Object>
  <Object name="file">
  PathCheck fn="unix-uri-clean"
  PathCheck fn="find-index" index-names="index.html"
  ObjectType fn="type-by-extension"
  ObjectType fn="force-type" type="text/plain"
  Service fn="send-file"
  </Object>
  <Object ppath="ftp://.*">
  ObjectType fn="cache-enable"
  ObjectType fn="cache-setting" max-uncheck="21600"
  Service fn="proxy-retrieve"
  </Object>
  <Object ppath="http://.*">
  ObjectType fn="cache-enable"
  ObjectType fn="cache-setting" max-uncheck="7200" lm-factor="0.100"
  Service fn="proxy-retrieve"
  </Object>
  <Object ppath="https://.*">
  Service fn="proxy-retrieve"
  </Object>
  <Object ppath="gopher://.*">
  ObjectType fn="cache-enable"
  ObjectType fn="cache-setting" max-uncheck="14400"
  Service fn="proxy-retrieve"
  </Object>
  <Object ppath="connect://.*:443">
  Service fn="connect" method="CONNECT"
  </Object>
  <Object ppath="connect://.*:563">
  Service fn="connect" method="CONNECT"
  </Object>
  socks5.conf
  # Netscape Communications Corporation - socks5.conf
  # You can edit this file, but comments and formatting changes
  # might be lost when the admin server makes changes.
  auth 10.160.0.0/255.255.224.0 - -
  auth - - u
  permit u,- - - - - - -
  set SOCKS5_BINDPORT 1080
  set SOCKS5_LOGFILE /iPlanet/proxy/proxy-proxy-proxy/logs/socks5.log
  set SOCKS5_DEBUG 1
  set SOCKS5_WORKERS 100
  set SOCKS5_ACCEPTS 5
  set SOCKS5_NOIDENT
  set SOCKS5_NOREVERSEMAP
  socks5.log
  [19/Nov/2002:11:31:14] 830 debug: request from 10.162.169.176:2305
  [19/Nov/2002:11:31:15] 830 debug: auth: userpass
  [19/Nov/2002:11:31:15] 830 debug: authentication type 2 successful for hs
  [19/Nov/2002:11:31:15] 830 debug: request 1 to jason314.3322.org:21
  [19/Nov/2002:11:31:15] 830 request: hs 5 connect: ok 10.162.169.176:2305 ->
  jason314.3322.org:21
  [19/Nov/2002:11:31:15] 831 debug: request from 10.162.169.176:2306
  [19/Nov/2002:11:31:15] 831 debug: auth: userpass
  [19/Nov/2002:11:31:15] 831 debug: authentication type 2 successful for hs
  [19/Nov/2002:11:31:15] 831 debug: request 1 to jason314.3322.org:21
  [19/Nov/2002:11:31:15] 831 request: hs 5 connect: ok 10.162.169.176:2306 ->
  jason314.3322.org:21
  access
  10.160.115.222 - scy-tl [19/Nov/2002:11:32:33 +0800] "GET
  http://www.eefoo.com/c
  ommunity/images/bbs0gg.gif HTTP/1.0" 200 146
  10.160.115.79 - whh-tl [19/Nov/2002:11:32:33 +0800] "GET
  http://fayhoo.com/image
  /blank HTTP/1.0" 404 276
  10.160.19.151 - lhb [19/Nov/2002:11:32:33 +0800] "POST HTTP://rich-bj.stockstar.
  com:8892/1 HTTP/1.0" 200 81
  10.160.160.130 - gsp-ld [19/Nov/2002:11:32:33 +0800] "GET
  http://images.sohu.com
  /cs/button/sony/12060.swf?clickthru=http://goto.sohu.com/goto.php3?code=sony-
  sh2
  40-fr12050 HTTP/1.0" 200 8302
  10.160.23.141 - wyn [19/Nov/2002:11:32:33 +0800] "POST HTTP://rich-
  bj.stockstar.
  com:8891/1 HTTP/1.0" 200 81
  10.161.159.40 - - [19/Nov/2002:11:32:33 +0800] "PUT http://204.177.92.204/w/getc
  lientid?srv=china_sex&ver=0,0,0,62 HTTP/1.0" 407 271
  10.160.17.108 - weizc [19/Nov/2002:11:32:33 +0800] "GET
  http://www.guosen.com/cg
  i-bin/RHStockGraphics.dll?GetTLine?code=10000001&cx=150&cy=70&am=0
  HTTP/1.0" 200
  1004
  10.161.130.3 - czy-ykj [19/Nov/2002:11:32:34 +0800] "GET http://ad4.sina.com.cn/
  btn/dbtel-tlhp.swf HTTP/1.0" 304 -
  10.161.159.40 - - [19/Nov/2002:11:32:34 +0800] "PUT http://204.177.92.204/w/getc
  lientid?srv=china_sex&ver=0,0,0,62 HTTP/1.0" 407 271
  errors
  [19/Nov/2002:11:33:13] failure: for host 10.160.80.148 trying to GET http://myjh
  xp.com/bbs/forums.cgi?forum=4, retrieve-exit-routine reports: proxy retrieve fai
  led: Proxy server's network connection was refused by the server: myjhxp.com.
  The server may not be accepting connections or may be busy. Try connecting
  agai
  n later.
  [19/Nov/2002:11:33:13] warning: last-modified in future (not caching): Tue Nov 1
  9 03:51:01 2002
  [19/Nov/2002:11:33:13] failure: for host 10.160.80.148 trying to GET http://myjh
  xp.com/bbs/forums.cgi?forum=4, retrieve-exit-routine reports: proxy retrieve fai
  led: Proxy server's network connection was refused by the server: myjhxp.com.
  The server may not be accepting connections or may be busy. Try connecting
  agai
  n later.
  [19/Nov/2002:11:33:13] failure: for host 10.162.101.73 trying to GET ftp://202.1
  15.144.37/software/special/WinPE-9down.rar, retrieve-exit-routine reports: proxy
  retrieve failed: Proxy server's network connection was refused by the server:
  202.115.144.37. The server may not be accepting connections or may be busy. Tr
  y connecting again later.
  [19/Nov/2002:11:33:13] warning: last-modified in future (not caching): Tue Nov 1
  9 18:21:00 2002
  [19/Nov/2002:11:33:13] warning: last-modified in future (not caching): Tue Nov 1
  9 03:51:01 2002
  The logs is so large, i only can give you some of them typically.
  and the types of log's record when problem occurs i have supplied to you, also i
  pasted here
  [25/Oct/2002:11:18:06] 8269 debug: io_loop: killing tunnel after rollover, lastactivity
  == 1966619898,PR_IntervalNow says 2026622109
  [25/Oct/2002:11:20:31] 8269 debug: io_loop: killing tunnel after rollover, lastactivity
  == 1981101717,PR_IntervalNow says 2041102282
  [25/Oct/2002:11:20:48] 754 error: unknown request type 0x47 from
  10.160.8.159:30 83
  [25/Oct/2002:11:41:07] 14946 debug: ACCEPT RETURNED NULL! io_total = 63
  dead =-1
  ------------------------------------------------------------------

• Migrate certificate 3.x to Oracle iPlanet Web Proxy Server 4.0.20

  Hi
  I try to migrate from Sun iPlanet Web Proxy Server(SPWPS) 3.6 to Oracle iPlanet Web Proxy Server(OPWPS) 4.0.20 and I have some problem.
  I have an instance in SPWPS-3.6 with SSL certificate, when I migrate it to OPWPS-4.0.20 using the admin interface, the certificate
  is not migrate with this error message :
  Migrating Keys and Certificates...
  [Error] The password entered for the key is not valid
  Assimilation failed.
  But I am sure to enter the right password.
  After that I manage the new instance in administration interface, and in Security Panel, there is a choice to "Migrate 3.x certificate"
  I try this, but I get this error message
  Incorrect Usage
  The password entered is not valide
  Can somebody help me to resolve this problem ?
  Thanks in advance.

  Your proxy instance should start. The error you are seeing should only be for the admin server. Add the location of where your jvm.so is located to the LD_LIBRARY_PATH. The jvm.so is located under the JDK directory.

• IPlanet Sun ONE Web Proxy Server 3.6 SP6 terminating

  I have a problem with my proxy server server.
  I use iPlanet Sun ONE Web Proxy Server 3.6 SP6
  It is terminating and the service is restarting. This happens about 10-15 times a day. The message I get from the log is :
  [22/Mar/2005:09:29:30] info: server terminating... each time it terminates.
  I know for sure that this is no hardware issue (as I have changed the hard disk recently). My OS is win2000 server SP4 + all released patches from MS.
  Also I have reinstalled the OS several times (clean install after format) and I got the same result.
  Also I tried to use the proxy with/without LDAP server for authentication - the same.
  Any suggestions/recommendations are mostly welcome.
  Thanks in advance,
  Kaloyan

  Dear Kaloyan,
  Migration to another proxy (e.g. ISA) seems to be quickest solution for your problem, as WebProxy doesn't work well on w2k platform.
  Vladimir
  P.S. Regards to Delyan :)

• Sun Java System Web Proxy Server (4.0.2) - manage server will not start

  In short here's the scenario and main problem.   
  a. Proxy admin server start - no problem
  b. Create a new manage server (no proxying - just testing it) using different port. It just won't start. No logs produced either.
  Here's the server.xml for the new manage server.
  <?xml version="1.0" encoding="UTF-8"?>
  <!--
     Copyright (c) 2003 Sun Microsystems, Inc.  All rights reserved.
     Use is subject to license terms.
  -->
  <!DOCTYPE SERVER PUBLIC "-//Sun Microsystems Inc.//DTD Sun Java System Web Proxy Server 4.0//EN" "file:///E:/Sun/ProxyServer40/bin/proxy/dtds/sun-web-proxy-server_4_0.dtd">
  <SERVER>
      <PROPERTY name="accesslog" value="E:/Sun/ProxyServer40/proxy-server3/logs/access"/>
      <LS id="ls1" port="8083" servername="cbaob-b3-csddb1.adp1.cibc.pte"/>
      <MIME id="mime1" file="mime.types"/>
      <ACLFILE id="acl1" file="E:/Sun/ProxyServer40/httpacl/generated.proxy-server3.acl"/>
      <USERDB id="default"/>
      <FILECACHE enabled="true"  maxage="30" mediumfilesizelimit="537600" mediumfilespace="10485760" smallfilesizelimit="2048" smallfilespace="1048576" transmitfile="false" maxfiles="1024" hashinitsize="0"/>
      <CACHE enabled="true" cachecapacity="2000" cachedir="E:/Sun/ProxyServer40/proxy-server3/cache">
          <PARTITION  partitionname="part1" partitiondir="E:/Sun/ProxyServer40/proxy-server3/cache" maxsize="100" minspace="5" enabled="true"/>
  <GC enabled="true" gchimargin="80" gclomargin="70" gcleavefsfull="60" gcextramargin="30"/>
      </CACHE>
      <LOG file="E:/Sun/ProxyServer40/proxy-server3/logs/errors" loglevel="finest"/>
  </SERVER>
  Nothing seems to be wrong with this. The XML format follows the specified DTD.   
  Would appreciate any help.   
  Thanks.

  Thanks for your reply. Yes. This is really odd.
  Anyway to make the whole story short, i uninstall this proxy server 4.0.2 on this server (say server1) and try to reinstall a new proxy 4.0.13 but having odd problem (i have administration rights)
  Here it goes.
  a. CMD java -version is 1.4.2_XX
  b. Double click the proxy 4.0.13 setup.exe - nothing happen.
  c. CMD setup --javahome c:\jdk1.6_XX - nothing happen
  Here retrying.
  a. Login to server2 and map conection to server1
  b. Double click the proxy 4.0.13 setup.exe on server1 (while on server2) - setup.exe runs. This proves the proxy setup.exe on server1 is good.
  c. Make a copy of proxy 4.0.13 on server2
  d. Login to server1 and map connection to server2
  e. Double click the proxy 4.0.13 setup.exe on server2 (while on server1) - setup.exe did not run.
  Both servers are on the same domain and i'm using same ID to access both servers
  Again, no logs on the windows events (security, application, system)
  This is becoming mind a boggling mystery.
  Any idea what's going on?
  Thanks.

• Released ::  Web Proxy Server 4.0.13

  Hi-
  We are delighted to announce Web Proxy Server 4.0.13 has been released!
  It can be publicly downloaded at: [http://tiny.cc/ZdtZS]
  Release Notes: [http://docs.sun.com/app/docs/doc/821-1321|http://docs.sun.com/app/docs/doc/821-1321]
  This release addresses around 30 unique bugs that includes new platform support, critical security vulnerabilities & few new features.
  New Platform Support:
  Microsoft Windows 2008 Enterprise Edition
  Critical Security Vulnerabilities:
  SSL/TLS renegotiation vulnerability (CVE-2009-3555)
  Digest authentication buffer overflow [1]
  TRACE heap overflow [1]
  New Features:
  Session-Based-Authentication
  Error rewriting capability based on back-end server response
  * Support for LDAP search filters*
  All users of Web Proxy Server 4.0 through Web Proxy Server 4.0.12 are encourage to upgrade.
  Thank you to the entire product team for another great release!
  On Behalf of Web Proxy Team!
  [1]: Refer Latest Alert @ [http://sunsolve.sun.com/search/document.do?assetkey=1-66-275850-1|http://sunsolve.sun.com/search/document.do?assetkey=1-66-275850-1]

  Good news.
  Thanks for the post.
  Can you point to documentation about session based authentication and how it works?
  I am interested in learning more about how it works with proxy 4.0.13.
  TIA.
  -AJ

• Web Proxy Server Load Balancing

  I deployed Sun Jave Web Proxy Server 4.0 as a Reverse Proxy. I would also like to use it as a load balancer. As per the instructions, I configured the obj.conf file as shown below
  Route fn="set-origin-server" server="https://xx.xx.xx.xx" server="https:yy.yy.yy.yy" sticky-cookie="JSESSIONID" sticky-param="jsessionid" route-hdr="Proxy-jroute" route-cookie="JROUTE" rewrite-host="true" rewrite-location="true" rewrite-content-location="true"
  But, it is not doing load balancing. It always sends to the first server (xx.xx.xx.xx). I guess that is because I used mapping as follows:
  NameTrans fn="reverse-map" from="https:xx.xx.xx.xx" to="https://server.net" rewrite-location="true" rewrite-content-location="true"
  NameTrans fn="redirect" from="http://server" url="https://xx.xx.xx.xx"
  NameTrans fn="map" from="https://server" to="https://xx.xx.xx.xx" rewrite-host="true" name="pa-server-farm1" NameTrans fn="map" from="/" to="https://xx.xx.xx.xx" rewrite-host="true" name="pa-server-farm1"PathCheck fn="url-check"ObjectType fn="block-ip"
  ObjectType fn="cache-enable" cache-auth="1" cache-https="1" query-maxlen="0" min-size="0" Service fn="proxy-retrieve"
  I don't understand how routing and mapping work togother. Any help in this regard is appreciated.

  Motor,
  the following is from the Web Proxy Sever Administration guide. Please, check the last paragraph for the explanation. Any how, the problem is simple. I am using the Proxy Server as the Reverse proxy. And at the same time, I would like to use two origin servers (for load balancing) instead of one. How do I make both load balancing and reverse proxy functions work together?
  Thanks
  To Create Regular or Reverse Mapping
  Access the Server Manager, and click the URLs tab.
  Click the Create Mapping link.
  The Create Mapping page is displayed.
  In the page that appears, provide the source prefix and source destination for the regular mapping,
  for example,
  Source prefix: http://proxy.site.com
  Source destination: http://http.site.com/
  Click OK.
  Return to the page and create the reverse mapping, for example,
  Reverse mapping:
  Source prefix: http://http.site.com/
  Source destination: http://proxy.site.com/
  To make the change, click OK.
  Once you click the OK button, the proxy server adds one or more additional mappings. To see the mappings, click the lView/Edit Mappings link. Additional mappings would be in the following format:
  from: /
  to: http://http.site.com/
  These additional automatic mappings are for users who connect to the reverse proxy as a normal server. The first mapping is to catch users connecting to the reverse proxy as a regular proxy. The �/� mapping is added only if the user doesn't change the contents of the Map Source Prefix text box provided automatically by the Administration GUI. Depending on the setup, usually the second mapping is the only one required, but the extra mapping does not cause problems in the proxy.

• How would a corporation deploy Sun ONE Web Proxy Server?

  A corporation should deploy Sun ONE Web Proxy Server at the following key places:
  * The Internet gateway: Sun ONE Web Proxy Server deployed just behind the firewall facilitates access to the Internet and reduces response times and communications expense.
  * Major sub-network connections: Marketing, Sales, Product Development, Human Resources, and Finance departments might have their own subnetworks. An Sun ONE Web Proxy Server deployed at each subnet can reduce traffic on the corporate backbone.
  * Remote offices that are disconnected from the internal network: Sun ONE Web Proxy Server can provide a quick mechanism for replicating content when necessary, providing better company integration and increasing network performance without large capital and communications expense.
  * Internationally: Outside the United States, communications bandwidth is typically much more expensive, making Sun ONE Web Proxy Servers even more cost effective. Every international office can make use of an Sun ONE Web Proxy Server.
  * Outside the firewall as a Web server substitute in reverse proxy configuration: This protects information on the secure Web server behind the firewall and offers load balancing via caching.

  http://wwws.sun.com/software/download/products/3ef1fcb5.html
  If u wait for a week or so, SP4 will also be there.
  Maneesh

• Configuring authentication in web proxy server

  We are using iPlanet Web Proxy Server 3.6 on WindowsNT 4.0
  After installation of iplanet web proxy server 3.6, and making a request for internet access through browser it does not ask for authentication. There is no pop up window received for user name password to authenticate users.
  Upon creating a group and then adding a few members (user1,user2,user3 etc.) to it, we configure rules to restrict user access to internet in the Global settings tab. After saving all the configuration and taking a restart of the proxy server, when we try to log on to internet from a
  different client machine (browser) using an existing user id and password, it does not prompt us for user name and password even though the option "restrict access" in global setting is properly set.
  My first question......
  =>DOES iPlanet Web Proxy allow for such authentication pop up ??
  => If Yes, then kindly let us know where we have gone wrong in configuring the server.
  We are NOT using any webserver or LDAP to authenticate users. No SSL is enabled.
  Please suggest.

  We are using iPlanet Web Proxy Server 3.6 on WindowsNT 4.0
  After installation of iplanet web proxy server 3.6, and making a request for internet access through browser it does not ask for authentication. There is no pop up window received for user name password to authenticate users.
  Upon creating a group and then adding a few members (user1,user2,user3 etc.) to it, we configure rules to restrict user access to internet in the Global settings tab. After saving all the configuration and taking a restart of the proxy server, when we try to log on to internet from a
  different client machine (browser) using an existing user id and password, it does not prompt us for user name and password even though the option "restrict access" in global setting is properly set.
  My first question......
  =>DOES iPlanet Web Proxy allow for such authentication pop up ??
  => If Yes, then kindly let us know where we have gone wrong in configuring the server.
  We are NOT using any webserver or LDAP to authenticate users. No SSL is enabled.
  Please suggest.

• Bug Report: JSSE 1.0.2 & iPlanet-Web-Proxy-Server/3.6

  When tunneling through iPlanet-Web-Proxy-Server/3.6 we get a "Socket Closed" exception during the handshake (right after overlaying the tunnel). I got this problem with HP-UX. My browser works fine with that proxy so the problem isn't the proxy. And my code works fine with every other proxies. This proxy does return HTTP 1.0 so this well known issue isn't related.
  Anyone from Sun can confirm this issue ?
  Anyone else got this bug ?
  Thanks in advance.
  Fran�ois

  Hi all,
  When you say tunnelling, are you referring to code similiar to the code in JavaWorld Tip 111?
  I am currently trying to debug some issues with that code myself. I get similiar errors when tunnelling through a proxy.
  The download works correctly when a HttpsURLConnection is used to connect directly to the same site.
  I am using a squid-cache as my test proxy, so I am not sure if the proxy is the problem. (assuming we are talking about the same issue)
  I have noticed that a V3 site certificate seems to be more likely to fail though. I have not found a site using a V1 certificate where the tunnelling has failed.
  We are also discussing what I think is the same issue in the thread "HTTPS tunneling and V3 certificates".
  I have been trying to get this stuff working for a few months now.