pmkenna
asked on
I need to route 9iAS forms listener servlet users through a webcache ssl connection - with the forms servers ONLY accepting a connection from webcache, and not users directly.
Hi,
I have a pair of 9iAS R1 Servers running forms listener servlet 6i, and reports over cgi - there is a dozen or so reasons as to why I'm compelled to use this configuration.
Fronting these I have a webcache 9.0.2 box that is correctly configured for SSL. The webcache SSL port 443 site is mapped to the forms 9iAS boxes on http port 80.
I want my users to connect only to the webcache box, and not to the 9iAS servers. If possible, I would like to configure these 9iAS servers to receive IP traffic from the webcache box only. I can do this with IPSec or using a host based firewall such as Zonealarm.
When my users connect to the ssl webcache port, the browser shows the status bar lock icon and a connection is established to one of the 9iAS servers over http. The browser continues to show the icon, but the forms application appears to 'hand off' the connection to the app server. This is highlighted where I enforce a rule on zonealarm (on the app server) to accept traffic from the webcache ip address only - I get a zonealarm msg box indicating that a request from the users own ip address has been blocked.
My question - is it possible to route all connections through webcache, and channel all user connections through that box to the app servers.
I would very very very grateful if someone could answer this question really fast.
Many thanks
Pat
I have a pair of 9iAS R1 Servers running forms listener servlet 6i, and reports over cgi - there is a dozen or so reasons as to why I'm compelled to use this configuration.
Fronting these I have a webcache 9.0.2 box that is correctly configured for SSL. The webcache SSL port 443 site is mapped to the forms 9iAS boxes on http port 80.
I want my users to connect only to the webcache box, and not to the 9iAS servers. If possible, I would like to configure these 9iAS servers to receive IP traffic from the webcache box only. I can do this with IPSec or using a host based firewall such as Zonealarm.
When my users connect to the ssl webcache port, the browser shows the status bar lock icon and a connection is established to one of the 9iAS servers over http. The browser continues to show the icon, but the forms application appears to 'hand off' the connection to the app server. This is highlighted where I enforce a rule on zonealarm (on the app server) to accept traffic from the webcache ip address only - I get a zonealarm msg box indicating that a request from the users own ip address has been blocked.
My question - is it possible to route all connections through webcache, and channel all user connections through that box to the app servers.
I would very very very grateful if someone could answer this question really fast.
Many thanks
Pat
ASKER
Hi,
not so easy I think. The user's 6i forms session attempts to connect directly to the app server, and not through the webcache. So though the initial connection to webcache is on ssl, the handed off connection is not.
A solution is to enable ssl on the app servers, but there is a technical reason why I am trying to avoid that.
Pat
not so easy I think. The user's 6i forms session attempts to connect directly to the app server, and not through the webcache. So though the initial connection to webcache is on ssl, the handed off connection is not.
A solution is to enable ssl on the app servers, but there is a technical reason why I am trying to avoid that.
Pat
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You need to configure Oracle Application SErvers in their httpd.conf so that they will filter out all the IPs except the one from Web cache server.