Our current setup with SiteMinder Apache web agent:
Can the CA Access Gateway reverse proxy send requests to destination Tomcat server via AJP protocol rather than HTTP? Currently we have an Apache web server frontend with SiteMinder web agent and this Apache web server act as a reverse proxy server to send to the Tomcat application server:
ProxyPass /app ajp://claritysandlb.regence.com:8009/app keepalive=OnProxyPassReverse /app ajp://claritysandlb:8009/app
Due to our firewall and security policies we do not allow our tomcat servers to listen to HTTP but instead only on AJP port. Moving away from the Apache web agent architecture and into the Access Gateway model we would need Access Gateway to send traffic to directly to the Tomcat app server via AJP protocol rather than HTTP/HTTPS. Below is my proxy rule that I've tried but this did not work and I am not even sure if this is possible at all with Access Gateway.
<!-- Proxy Rules --><nete:proxyrules xmlns:nete="SPS Proxy Rule"> <nete:cond type="host"> <nete:case value="app.company.com:443"> <nete:forward>ajp://tomcat.company.com:8009$1</nete:forward> </nete:case> <nete:default> <nete:forward>http://app.company.com$1</nete:forward> </nete:default> </nete:cond></nete:proxyrules>
Much appreciate any help.
CA Access Gateway uses The HTTP client to send the requests to the backend server and receives responses from the backend server. The Apache JServ Protocol (AJP) is a binary protocol that can proxy inbound requests from a web server through to an application server that sits behind the web server.AJP is tomcat proprieatry used for connecting to tomcat from various front end servers like Apache and IIS, probably AJP is not supported for HTTPClient. hence it is not possible to use AJP while sending request to backend.
You can use http server configuration for AJP based communication. Update the httpd.conf file to as following for this communication.
#below 5 lines are added to post header on ajp port for appB portalLoadModule proxy_module modules/mod_proxy.soLoadModule proxy_ajp_module modules/mod_proxy_ajp.soLoadModule rewrite_module modules/mod_rewrite.soRewriteEngine OnRewriteRule ^/appA/(.*) ajp://127.0.0.1:8010/appB/$1 [P]