• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 529
  • Last Modified:

Web Relay / Proxy

Hello All,

I have a scenario that I am trying to provide a solution for - Users access their email (Lotus Notes) via a Citrix infrastructure, which consists of over 100 servers.  They have a Finance server which sits behind a firewall in a DMZ which hosts a website, they receive emails that contain a URL to this website, when they click this link it opens IE within the Citrix session (with the Citrix server IP Address), and at present this does not work as this port 80 or 443 traffic is blocked by the firewall.

Now we do not want to open up the firewall to the hundreds of Citrix server IP addresses, so what I would prefer is to create some sort of web relay, so that we only have to open up the firewall for the relay server rather than the entire Citrix server estate. Is this possible?

Cheers

V.
0
vision_on
Asked:
vision_on
  • 3
  • 3
1 Solution
 
eappiahCommented:
You could setup a reverse proxy for http/https and only open up communication in the firewall for that server to the dmz server.

Then the citrix servers would access that 1 server.
I'd suggest Apache or IIS for this solution.
0
 
vision_onAuthor Commented:
Hello eappiah,

Thanks for your response.  If I were to use IIS to create the reverse proxy, what version of IIS would be required?  I think I only have IIS6 available...

Also would this use the IIS Add-in "Application Request Routing"?

Cheers

V.
0
 
eappiahCommented:
I believe the IIS6 does not have this feature inbuilt or you need some 3rd party modules(?!).
Think (as in not sure) you needed a Microsoft ISA Server to get this function.

Only tested this on IIS7 following some guide I googled but I never actully used it for more then in a very small test case.

I only have "real" experience with Apache (mostly on Linux but also windows , it's the same really).
0
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

 
vision_onAuthor Commented:
Yeah thats the conclusion that I have come to, I would need to implement an ISA server, if I can't get IIS 7

For IIS 7 I would also need a Windows 2008 server

Unfortunately Apache is not an option for me in this environment.

Do you have any experience with 3rd party modules that you mention?
0
 
eappiahCommented:
Nope, none sorry.

It's always been Apache installs for just that reason! Implementing ISA has always been too expensive and to much work. Might be different nowdays ,have not had any customers running ISA for ages...

There's also other webservers/proxys that are not Apache that can be used but I have no experience at all.

You got Linux? You run Apache
You got Windows? You run IIS7 or Apache.
That's what my "world" looks like.
0
 
DangItMarilynCommented:
Being that you're on a windows machine already a more simple solution might be to install CCProxy and run everything through their ultrasimple interface. The program runs for years without a hiccup. I've used it on a remote server without issues since 2006 or thereabouts.
0
 
vision_onAuthor Commented:
Hello DangitMarilyn,

Thanks for your response, however, I am unable to install such a product in this environment.
Looks like I will need to install ISA or a 2008 webserver...

Cheers
V.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now