Anyone have an idea about how ti configure the WEB gateway to be an SSL terminator in a reverse proxy configuration?
The idea is the following:
clients communicate to rev-proxy via https
rev-proxy communicate to internal web server via http
internal web server replies to rev-proxy via http
rev-proxy replies to client via https
I've tried some configuration changing URL.protocol property but i get in a bed request between rev-proxy and intenaral web server
(tcpdump of traffic from rev-proxy as attachment)Message was edited by: w.furlan on 3/30/12 5:07:42 AM CDT
I have a very simple reverse proxy example that I am currently preparing for the Online Rule Set Library. I don´t have any documentation yet, but I will attach it for you. It will cause MWG to accept requests on port 80 and port 443. Request to port 80 are immediatly redirected to port 443, so all clients will talk to MWG via HTTPS.
MWG talks to two web servers via HTTP in the backend. My example servers are "web" and "mail". For this to work I am using DNS, so when the client looks up "web" and "mail" it gets an IP address which MWG is listening on. I am using two IP addresses to keep older browser/os versions compatible. When MWG looks up "web" and "mail" it uses the web servers IP address to connect to the server. I have added entries to the /etc/hosts on MWG.
Different scenarios are of course possible, but this is one approach to do it. Maybe you can grab some ideas out of the rules.
AndreNachricht geändert durch asabban on 30.03.12 06:17:39 CDT
I have not tried it but I believe it can. You can create a proxy listener which listens on an IPv6 address. When MWG internally forwards the traffic you can forward it to an IPv4 address and hand back the response via the IPv6 proxy listener. You can tell MWG to prefer IPv4 or IPv6 when talking to a destination in the Proxy Settings in the advanced tab.
Unfortunately I don't have an IPv6 test environment but I think it should be possible without a lot of efforts to configure MWG that way.