I have to integrate siteminder with an application having jboss as application server and apache as web server.
As per the bookshelf, I have configured SM web agent on web server and SM jboss agent on application server.
The flow of application currently without siteminder is as: Hardware load balancer --> Software load balancer --> Web server --> app server Please suggest how the reverse proxy rules will be configured for this scenario. Also can siteminder reverse proxy work with two load balancers.
You would need to use proxy plugin module (mod_proxy) to redirect the request to backend application server.
The ProxyPass directive specifies the mapping of incoming requests to the backend server (or a cluster of servers known as a Balancer group). The simpliest example proxies all requests ("/") to a single backend:
ProxyPass "/" "http://www.example.com/"To ensure that and Location: headers generated from the backend are modified to point to the reverse proxy, instead of back to itself, the ProxyPassReverse directive is most often required:
ProxyPass "/" "http://www.example.com/"ProxyPassReverse "/" "http://www.example.com/"Only specific URIs can be proxied, as shown in this example:
ProxyPass "/images" "http://www.example.com/"ProxyPassReverse "/images" "http://www.example.com/"
In the above, any requests which start with the /images path with be proxied to the specified backend, otherwise it will be handled locally.
Refer below link for more details.
Reverse Proxy Guide - Apache HTTP Server Version 2.4
Also can siteminder reverse proxy work with two load balancers. ?Are you talking about CA Access Gateway ? if so, yes you can use CA Access gateway under load balancer and Also you can use it as proxy server for redirecting to backend appliction server.
Thanks for your response.
In my application, i need to configure reverse proxy rules for the below flow at the web server(apache) level. The request will flow from HLB to SLB and then to apache.
Hardware load balancer --> Software load balancer --> Web server --> app serverSo, are we required to create two virtual host for this??As per my understanding, I have created the below reverse proxy rules:
Listen H/w LB FQDN:port<VirtualHost Web Server FQDN:port> ProxyPass /siteminderagent ! ProxyPass / http://App Server:port/ ProxyPassReverse / http://App Server:port/</VirtualHost>
Listen S/w LB FQDN:port<VirtualHost Web Server FQDN:port> ProxyPass /siteminderagent ! ProxyPass / http://App Server:port/ ProxyPassReverse / http://App Server:port/</VirtualHost>
Please let me know if these rules will work.
I think, it should work for you but please test it once.
Also add few more parameters under virtual host section.
SSLProxyEngine on --> this is for SSL ProxyPreserveHost On --> The ProxyPreserveHost directive is used to instruct Apache mod_proxy, when acting as a reverse proxy, to preserve and retain the original Host: header from the client browser when constructing the proxied request to send to the target server.
Will test these once in my environment.
If I’ve answered your question please mark my response as the Correct Answer.
If The flow of request is like:
HLB (port X) -> SLB (port X) -> apache web server (port Y) -> application server
HLB and SLB are listening on one port and apache to be used as reverse proxy with siteminder is listening on another port.
Also SLB is being used a reverse proxy currently before siteminder integration.
Please help to let me know will apache be able to work as reverse proxy with the ports as described above??
or do we need to make HLB and SLB listen on the same port as apache??
You are planning to use apache as reverse proxy and you need make sure that the request is reaching to apache from HLB/SLB whether it is same or different port. Once the request reaches apache then reverse proxy rules will be applied.
Please help to let me know if apache is listening on one port, will it be able to listen HLB/SLB on different port and is it possible to route the request to apache on one port from HLB/SLB on another port??
Listen H/w LB FQDN:HLB port<VirtualHost Apache Web Server FQDN:HLB port>ProxyPass /siteminderagent !ProxyPass / http://App Server:port/ProxyPassReverse / http://App Server:port/</VirtualHost>
Will these rules work??