Symantec Access Management

  • Private Community

  • 1.  Configuring Reverse proxy rules with two Load Balancers

    Posted May 08, 2017 01:31 AM

    I have to integrate siteminder with an application having jboss as application server and apache as web server.

    As per the bookshelf, I have configured SM web agent on web server and SM jboss agent on application server.


    The flow of application currently without siteminder is as:     Hardware load balancer --> Software load balancer  --> Web server --> app server      Please suggest how the reverse proxy rules will be configured for this scenario.   Also can siteminder reverse proxy work with two load balancers.

     

    Regards

    Alisha Khattar



  • 2.  Re: Configuring Reverse proxy rules with two Load Balancers
    Best Answer

    Posted May 08, 2017 05:08 AM

    Hi Alisha,

     

    You would need to use proxy plugin module (mod_proxy) to redirect the request to backend application server.

     

    The ProxyPass directive specifies the mapping of incoming requests to the backend server (or a cluster of servers known as a Balancer group). The simpliest example proxies all requests ("/") to a single backend:

    ProxyPass "/" "http://www.example.com/"
    To ensure that and Location: headers generated from the backend are modified to point to the reverse proxy, instead of back to itself, the ProxyPassReverse directive is most often required:

    ProxyPass "/" "http://www.example.com/"
    ProxyPassReverse "/" "http://www.example.com/"
    Only specific URIs can be proxied, as shown in this example:

    ProxyPass "/images" "http://www.example.com/"
    ProxyPassReverse "/images" "http://www.example.com/"

    In the above, any requests which start with the /images path with be proxied to the specified backend, otherwise it will be handled locally.

    Refer below link for more details.

    Reverse Proxy Guide - Apache HTTP Server Version 2.4 

     

    Also can siteminder reverse proxy work with two load balancers. ?
    Are you talking about CA Access Gateway ? if so, yes you can use CA Access gateway under load balancer and Also you can use it as proxy server for redirecting to backend appliction server.

     

    Thanks,

    Sharan



  • 3.  Re: Configuring Reverse proxy rules with two Load Balancers

    Posted May 08, 2017 06:06 AM

    Hi Sharan

    Thanks for your response.

    In my application, i need to configure reverse proxy rules for the below flow at the web server(apache) level. The request will flow from HLB to SLB and then to apache.

    Hardware load balancer --> Software load balancer  --> Web server --> app server

    So, are we required to create two virtual host for this??

    As per my understanding, I have created the below reverse proxy rules:

    Listen H/w LB FQDN:port
    <VirtualHost Web Server FQDN:port>
    ProxyPass /siteminderagent !
    ProxyPass / http://App Server:port/
    ProxyPassReverse / http://App Server:port/
    </VirtualHost>


    Listen S/w LB FQDN:port
    <VirtualHost Web Server FQDN:port>
    ProxyPass /siteminderagent !
    ProxyPass / http://App Server:port/
    ProxyPassReverse / http://App Server:port/
    </VirtualHost>

     

    Please let me know if these rules will work.

     

    Regards

    Alisha Khattar



  • 4.  Re: Configuring Reverse proxy rules with two Load Balancers

    Posted May 08, 2017 11:10 AM

    Hi Alisha,

     

    I think, it should work for you but please test it once.

    Also add few more parameters under virtual host section.


    SSLProxyEngine on  --> this is for SSL
    ProxyPreserveHost On --> The ProxyPreserveHost directive is used to instruct Apache mod_proxy, when acting as a reverse proxy, to preserve and retain the original Host: header from the client browser when constructing the proxied request to send to the target server.

     

    Thanks,

    Sharan



  • 5.  Re: Configuring Reverse proxy rules with two Load Balancers

    Posted May 09, 2017 01:16 AM

    thanks Sharan. 

    Will test these once in my environment.

     

    Regards

    Alisha Khattar



  • 6.  Re: Configuring Reverse proxy rules with two Load Balancers

    Posted May 12, 2017 05:35 AM

    If I’ve answered your question please mark my response as the Correct Answer.

     

    Thanks,

    Sharan



  • 7.  Re: Configuring Reverse proxy rules with two Load Balancers

    Posted May 15, 2017 03:41 AM

    Hi Sharan

     

    If The flow of request is like:

    HLB (port X) -> SLB (port X) -> apache web server (port Y) -> application server

     

    HLB and SLB are listening on one port and apache to be used as reverse proxy with siteminder is listening on another port. 

    Also SLB is being used a reverse proxy currently before siteminder integration.

    Please help to let me know will apache be able to work as reverse proxy with the ports as described above??

    or do we need to make HLB and SLB listen on the same port as apache??

     

    Regards

    Alisha Khattar



  • 8.  Re: Configuring Reverse proxy rules with two Load Balancers

    Posted May 15, 2017 09:58 AM

    Hi Alisha,

     

    You are planning to use apache as reverse proxy and you need make sure that the request is reaching to apache from HLB/SLB whether it is same or different port. Once the request reaches apache then reverse proxy rules will be applied.

     

    Thanks,

    Sharan



  • 9.  Re: Configuring Reverse proxy rules with two Load Balancers

    Posted May 16, 2017 01:30 AM

    Hi Sharan

     

    Thanks for your response.

     

    Please help to let me know if apache is listening on one port, will it be able to listen HLB/SLB on different port and is it possible to route the request to apache on one port from HLB/SLB on another port??

     

     

    Listen H/w LB FQDN:HLB port
    <VirtualHost Apache Web Server FQDN:HLB port>
    ProxyPass /siteminderagent !
    ProxyPass / http://App Server:port/
    ProxyPassReverse / http://App Server:port/
    </VirtualHost>

     

    Will these rules work??

     

    Regards

    Alisha Khattar