Connecting through proxy servers  Using reverse proxies

Chapter 12: Deploying Applications Around Proxies and Firewalls

Using Web proxies

Web proxies typically act as a gateway for outgoing connections from a group of workstations. Web proxies can be used to enhance network security, for example, a proxy may constrain which servers clients can connect to and which protocols may be used, and log outgoing connections. Web proxies may also be used to improve network performance, by caching the results of frequently executed Web requests. Web proxies are also referred to as HTTP-connect-based proxies. Figure 12-1 illustrates how clients connect to servers through a Web proxy:

Figure 12-1: Connecting through a Web proxy

Clients connect to EAServer through a Web proxy as follows:

  1. Using the HTTP protocol The client connects over the Internet to the Web proxy, embedding the destination server address inside a specially formatted HTTP connect request.

  2. The Web proxy connects to the host and port indicated in the initial HTTP connect request.

  3. Subsequent traffic is forwarded unchanged between the client and server until the connection is closed.

Java applets can use the built-in proxy configuration provided by Web browsers such as Netscape Navigator. See your Web browser’s documentation for information on configuring proxy addresses. For applets running in a Web browser, HTTP and HTTPS-tunnelled IIOP connections automatically use the browser’s proxy connection settings. HTTP-tunnelled IIOP connections go through the browser’s configured HTTP proxy. HTTPS-tunnelled IIOP connections go through the browser’s configured secure proxy.

Other applications must specify the Web proxy address by setting the Web proxy host and port in the properties described below.


Properties that affect Web proxy use

Table 12-1 describes the client properties that configure connections that must be opened through a Web proxy. You must set these properties in addition to any properties that you would set to connect directly to EAServer.

Table 12-1: Properties that affect Web proxy use

C++/ActiveX/ PowerBuilder property

CORBA property

EJB property

Specifies

ORBWebProxyHost or environment variable JAG_WEBPROXYHOST

com.sybase.CORBA. WebProxyHost

com.sybase.ejb. WebProxyHost

Specifies the host name or IP address of the Web proxy server. Does not apply to Java applets running in a Web browser, which use the proxy address specified by the browser’s proxy configuration. There is no default for this property, and you must specify both the host name and port number properties.

ORBWebProxyPort or environment variable JAG_WEBPROXYPORT

com.sybase.CORBA. WebProxyPort

com.sybase.ejb. WebProxyPort

Specifies the port number at which the Web proxy server accepts connections. Does not apply to Java applets running in a Web browser, which use the proxy address specified by the browser’s proxy configuration. There is no default for this property, and you must specify both the host name and port properties.

ORBHttp or environment variable JAG_HTTP

com.sybase.CORBA. http

com.sybase.ejb. http

By default, the client ORB attempts to open IIOP connections, then attempts an HTTP-tunnelled connection if plain IIOP fails. Since Web proxy connections require HTTP tunnelling, set this to true to eliminate the performance overhead of trying plain IIOP connections before trying HTTP-tunnelled IIOP.

ORBHttpExtraHeader or environment variable JAG_HTTPEXTRAHEADER

com.sybase.CORBA. HttpExtraHeader

com.sybase.ejb. HttpExtraHeader

An optional setting to specify what extra information is appended to the header of each HTTP packet sent to the Web proxy server. There is no need to set this property unless your HTTP proxy server has special protocol requirements. By default, the following line is appended to each packet:

User-agent: Jaguar/major.minor

where major and minor are the major and minor version numbers of your EAServer client software, respectively.

You can set this property to specify text to be included at the end of each HTTP header. If multiple lines are included in the setting, they must be separated by carriage return and line feed characters. If the setting does not include a “User-agent: ” line, then the default setting above is included in the HTTP header.

N/A.

com.sybase.CORBA. useJSSE

com.sybase.ejb. useJSSE

Use the Java Secure Sockets Extension (JSSE) classes for secure HTTP tunnelled (HTTPS protocol) connections. JSSE provides an alternative to the built-in SSL implementations when secure connections are needed from an applet running in a Web browser. Additional configuration may be required to use this option. See “Using Java Secure Socket Extension classes” for more information.





Copyright © 2005. Sybase Inc. All rights reserved. Using reverse proxies