Web Relay / Proxy

Hello All,

I have a scenario that I am trying to provide a solution for - Users access their email (Lotus Notes) via a Citrix infrastructure, which consists of over 100 servers.  They have a Finance server which sits behind a firewall in a DMZ which hosts a website, they receive emails that contain a URL to this website, when they click this link it opens IE within the Citrix session (with the Citrix server IP Address), and at present this does not work as this port 80 or 443 traffic is blocked by the firewall.

Now we do not want to open up the firewall to the hundreds of Citrix server IP addresses, so what I would prefer is to create some sort of web relay, so that we only have to open up the firewall for the relay server rather than the entire Citrix server estate. Is this possible?


Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You could setup a reverse proxy for http/https and only open up communication in the firewall for that server to the dmz server.

Then the citrix servers would access that 1 server.
I'd suggest Apache or IIS for this solution.
vision_onAuthor Commented:
Hello eappiah,

Thanks for your response.  If I were to use IIS to create the reverse proxy, what version of IIS would be required?  I think I only have IIS6 available...

Also would this use the IIS Add-in "Application Request Routing"?


I believe the IIS6 does not have this feature inbuilt or you need some 3rd party modules(?!).
Think (as in not sure) you needed a Microsoft ISA Server to get this function.

Only tested this on IIS7 following some guide I googled but I never actully used it for more then in a very small test case.

I only have "real" experience with Apache (mostly on Linux but also windows , it's the same really).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Expert Spotlight: Joe Anderson (DatabaseMX)

We’ve posted a new Expert Spotlight!  Joe Anderson (DatabaseMX) has been on Experts Exchange since 2006. Learn more about this database architect, guitar aficionado, and Microsoft MVP.

vision_onAuthor Commented:
Yeah thats the conclusion that I have come to, I would need to implement an ISA server, if I can't get IIS 7

For IIS 7 I would also need a Windows 2008 server

Unfortunately Apache is not an option for me in this environment.

Do you have any experience with 3rd party modules that you mention?
Nope, none sorry.

It's always been Apache installs for just that reason! Implementing ISA has always been too expensive and to much work. Might be different nowdays ,have not had any customers running ISA for ages...

There's also other webservers/proxys that are not Apache that can be used but I have no experience at all.

You got Linux? You run Apache
You got Windows? You run IIS7 or Apache.
That's what my "world" looks like.
Being that you're on a windows machine already a more simple solution might be to install CCProxy and run everything through their ultrasimple interface. The program runs for years without a hiccup. I've used it on a remote server without issues since 2006 or thereabouts.
vision_onAuthor Commented:
Hello DangitMarilyn,

Thanks for your response, however, I am unable to install such a product in this environment.
Looks like I will need to install ISA or a 2008 webserver...

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.