Solved

I need to route 9iAS forms listener servlet users through a webcache ssl connection - with the forms servers ONLY accepting a connection from webcache, and not users directly.

Posted on 2004-08-31
5
253 Views
Last Modified: 2013-12-01
Hi,

I have a pair of 9iAS R1 Servers running forms listener servlet 6i, and reports over cgi - there is a dozen or so reasons as to why I'm compelled to use this configuration.

Fronting these I have a webcache 9.0.2 box that is correctly configured for SSL.  The webcache SSL port 443 site is mapped to the forms 9iAS boxes on http port 80.

I want my users to connect only to the webcache box, and not to the 9iAS servers.  If possible, I would like to configure these 9iAS servers to receive IP traffic from the webcache box only.  I can do this with IPSec or using a host based firewall such as Zonealarm.

When my users connect to the ssl webcache port, the browser shows the status bar lock icon and a connection is established to one of the 9iAS servers over http. The browser continues to show the icon, but the forms application appears to 'hand off' the connection to the app server.  This is highlighted where I enforce a rule on zonealarm (on the app server) to accept traffic from the webcache ip address only - I get a zonealarm msg box indicating that a request from the users own ip address has been blocked.

My question - is it possible to route all connections through webcache, and channel all user connections through that box to the app servers.

I would very very very grateful if someone could answer this question really fast.

Many thanks

Pat
0
Comment
Question by:pmkenna
  • 2
5 Comments
 
LVL 23

Expert Comment

by:seazodiac
ID: 11984371
that's kind of easy.

You need to configure Oracle Application SErvers in their httpd.conf so that they will filter out all the IPs except the one from Web cache server.


0
 

Author Comment

by:pmkenna
ID: 11985901
Hi,

not so easy I think.  The user's 6i forms session attempts to connect directly to the app server, and not through the webcache.  So though the initial connection to webcache is on ssl, the handed off connection is not.

A solution is to enable ssl on the app servers, but there is a technical reason why I am trying to avoid that.

Pat
0
 
LVL 23

Accepted Solution

by:
seazodiac earned 250 total points
ID: 11990183
your comments--->The user's 6i forms session attempts to connect directly to the app server, and not through the webcache.  So though the initial connection to webcache is on ssl, the handed off connection is not.

I think only those sessions that don't have cached data in Webcache, will be routed again to App server.  the form data, to some extent , is cached in web cache.



your comments-->A solution is to enable ssl on the app servers, but there is a technical reason why I am trying to avoid that.

Yes, your only solution with Web cache server and app server on different machine is to enable SSL on App server too.

but You don't need enable SSL on app server if you put your Webcache server on the same machine as App server (there is not network traffic)
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
JBoss 6 deployment of war file error 2 134
Session migration 1 105
some methods private some are not 8 212
Multi-threading in Tomcat 4 155
This exercise is about for the following scenario: Dmgr and One node with 2 application server. Each application server contains it owns application. Application server name as follows server1 contains app1 server2 contains app1 Prereq…
This article is about some of the basic and important steps to be used to improve the performance in web-sphere commerce application development. 1) Always leverage the Dyna-caching facility provided by the product 2) Remove the unwanted code …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question