I need to route 9iAS forms listener servlet users through a webcache ssl connection - with the forms servers ONLY accepting a connection from webcache, and not users directly.

Hi,

I have a pair of 9iAS R1 Servers running forms listener servlet 6i, and reports over cgi - there is a dozen or so reasons as to why I'm compelled to use this configuration.

Fronting these I have a webcache 9.0.2 box that is correctly configured for SSL.  The webcache SSL port 443 site is mapped to the forms 9iAS boxes on http port 80.

I want my users to connect only to the webcache box, and not to the 9iAS servers.  If possible, I would like to configure these 9iAS servers to receive IP traffic from the webcache box only.  I can do this with IPSec or using a host based firewall such as Zonealarm.

When my users connect to the ssl webcache port, the browser shows the status bar lock icon and a connection is established to one of the 9iAS servers over http. The browser continues to show the icon, but the forms application appears to 'hand off' the connection to the app server.  This is highlighted where I enforce a rule on zonealarm (on the app server) to accept traffic from the webcache ip address only - I get a zonealarm msg box indicating that a request from the users own ip address has been blocked.

My question - is it possible to route all connections through webcache, and channel all user connections through that box to the app servers.

I would very very very grateful if someone could answer this question really fast.

Many thanks

Pat
pmkennaAsked:
Who is Participating?
 
seazodiacConnect With a Mentor Commented:
your comments--->The user's 6i forms session attempts to connect directly to the app server, and not through the webcache.  So though the initial connection to webcache is on ssl, the handed off connection is not.

I think only those sessions that don't have cached data in Webcache, will be routed again to App server.  the form data, to some extent , is cached in web cache.



your comments-->A solution is to enable ssl on the app servers, but there is a technical reason why I am trying to avoid that.

Yes, your only solution with Web cache server and app server on different machine is to enable SSL on App server too.

but You don't need enable SSL on app server if you put your Webcache server on the same machine as App server (there is not network traffic)
0
 
seazodiacCommented:
that's kind of easy.

You need to configure Oracle Application SErvers in their httpd.conf so that they will filter out all the IPs except the one from Web cache server.


0
 
pmkennaAuthor Commented:
Hi,

not so easy I think.  The user's 6i forms session attempts to connect directly to the app server, and not through the webcache.  So though the initial connection to webcache is on ssl, the handed off connection is not.

A solution is to enable ssl on the app servers, but there is a technical reason why I am trying to avoid that.

Pat
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.