3SP Knowledgebase
Information and FAQs about 3SP products 		  
Search  
   
Browse by Category
3SP Knowledgebase
 General FAQ
 SSL-Explorer
 About SSL-Explorer
 All Versions
 Access rights
 Agent
 Applications
 Attributes
 Authentication Schemes
 Documentation
 Extensions
 Internationalization
 IP restrictions
 Message queue
 Network Places
 Profiles
 SSL Certificates
 SSL Tunnels
 Update/Backup/Restore
 User Management
 Web Forwards
 Host-based reverse proxy
 Path-based reverse Proxy
 Replacement Proxy
 Tunneled proxy
 Enterprise Edition Only
 Improving Performance
 Installation Management
 rPath Appliance
 Support
3SP Knowledgebase .: SSL-Explorer .: All Versions .: Web Forwards .: Host-based reverse proxy .: How can I use the Reverse Proxy with no paths?

How can I use the Reverse Proxy with no paths?

With the standard Reverse Proxy feature, web sites are proxied by identifying the path of the request and mapping this to a back end web server. For example, to proxy Outlook Web Access we identify two paths /exchange and /exchweb. When SSL-Explorer receives a HTTP request for http://sslexplorer.example.com/exchange/inbox/lee we look at the path of the URI and match it against the paths configured for all Reverse Proxy resources. Since this resource URI starts with /exchange it must be destined for the Outlook Web Access application.

This means that web sites working on the root of a web server, https://webapp.example.com cannot be proxied automatically by the Reverse Proxy because there is no path to identify. To get around this we have developed a feature called Active DNS which modifies the hostname of the request so that we can identify the correct resource to forward to.

How does this work? 

Let's say I am connecting to SSL-Explorer through the URL https://sslexplorer.example.com. When I launch an Active DNS Reverse Proxy resource my browser is immediately redirected to a unique hostname based on the original, for example https://activeproxy12345.sslexplorer.example.com. SSL-Explorer can then examine the first portion of the connecting URL, in this case activeproxy12345 and match this against the Reverse Proxy web forwards.

In order to achieve this you need to configure a wildcard entry on any DNS server for domains used to access SSL-Explorer. This is achieved by including the wildcard asterisk character * in the hostname.

*.sslexplorer.example.com.

A

192.168.100.1

Once this is configured any hostname followed by .sslexplorer.example.com will resolve to your IP address. This enables the browser to continue communicating with the SSL-Explorer server over the custom hostname and identify the correct web site to forward to.

It is also important to point out here that in order for this feature to work the user must login to SSL-Explorer using the full qualified domain name setup in the DNS wildcard entry. You cannot use this feature if you access the service through an IP address or single hostname i.e. https://192.168.100.1 or https://sslexplorer.

This only has to be performed once, after the DNS has been configured you can use the Active DNS feature on as many web sites as you like.

Are there any alternatives?

You can also use the Host Header field in the reverse proxy to set a specific hostname for the site. But again this requires that the hostname you set will resolve to the SSL-Explorer server. In the same way as Active DNS the browser will be redirected to this host and SSL-Explorer will identify the site by its hostname.

As an example, say you configure the Host header "owa.example.com" in a web forward. When the user attempts to access this through SSL-Explorer their browser will be redirected from the standard SSL-Explorer URL to https://owa.example.com. Again it is important that this host resolves to the SSL-Explorer server so that it can proxy the web site correctly.

This will require that each web forward setup with a host header must have its own DNS entry.

How helpful was this article to you?

User Comments

Add Comment
No comments have been posted.


powered by Lore
© 2008 3SP Ltd. All Rights Reserved