?
Solved

I need to route 9iAS forms listener servlet users through a webcache ssl connection - with the forms servers ONLY accepting a connection from webcache, and not users directly.

Posted on 2004-08-31
5
Medium Priority
?
264 Views
Last Modified: 2013-12-01
Hi,

I have a pair of 9iAS R1 Servers running forms listener servlet 6i, and reports over cgi - there is a dozen or so reasons as to why I'm compelled to use this configuration.

Fronting these I have a webcache 9.0.2 box that is correctly configured for SSL.  The webcache SSL port 443 site is mapped to the forms 9iAS boxes on http port 80.

I want my users to connect only to the webcache box, and not to the 9iAS servers.  If possible, I would like to configure these 9iAS servers to receive IP traffic from the webcache box only.  I can do this with IPSec or using a host based firewall such as Zonealarm.

When my users connect to the ssl webcache port, the browser shows the status bar lock icon and a connection is established to one of the 9iAS servers over http. The browser continues to show the icon, but the forms application appears to 'hand off' the connection to the app server.  This is highlighted where I enforce a rule on zonealarm (on the app server) to accept traffic from the webcache ip address only - I get a zonealarm msg box indicating that a request from the users own ip address has been blocked.

My question - is it possible to route all connections through webcache, and channel all user connections through that box to the app servers.

I would very very very grateful if someone could answer this question really fast.

Many thanks

Pat
0
Comment
Question by:pmkenna
  • 2
3 Comments
 
LVL 23

Expert Comment

by:seazodiac
ID: 11984371
that's kind of easy.

You need to configure Oracle Application SErvers in their httpd.conf so that they will filter out all the IPs except the one from Web cache server.


0
 

Author Comment

by:pmkenna
ID: 11985901
Hi,

not so easy I think.  The user's 6i forms session attempts to connect directly to the app server, and not through the webcache.  So though the initial connection to webcache is on ssl, the handed off connection is not.

A solution is to enable ssl on the app servers, but there is a technical reason why I am trying to avoid that.

Pat
0
 
LVL 23

Accepted Solution

by:
seazodiac earned 1000 total points
ID: 11990183
your comments--->The user's 6i forms session attempts to connect directly to the app server, and not through the webcache.  So though the initial connection to webcache is on ssl, the handed off connection is not.

I think only those sessions that don't have cached data in Webcache, will be routed again to App server.  the form data, to some extent , is cached in web cache.



your comments-->A solution is to enable ssl on the app servers, but there is a technical reason why I am trying to avoid that.

Yes, your only solution with Web cache server and app server on different machine is to enable SSL on App server too.

but You don't need enable SSL on app server if you put your Webcache server on the same machine as App server (there is not network traffic)
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Configure Web Service (server application) I. Configure security for Web Services methods First, we need to protect Session bean which implements the service: 1. Open EJB deployment descriptor (ejb-jar.xml) in the EJB project that contains you…
Upgrading Tomcat – There are a couple of methods to upgrade Tomcat is to use The Apache Installer is to download and unzip and run the services.bat remove|install Tomcat6 Because of the App that we are working with, we can only use Tomcat 6.…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Screencast - Getting to Know the Pipeline
Suggested Courses
Course of the Month16 days, 16 hours left to enroll

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question