HTTPS HTTP. ProxySG Web Server. Client. ProxySG TechBrief Reverse Proxy with SSL. 1 Technical Brief



Similar documents
ProxySG TechBrief Implementing a Reverse Proxy

Reverse Proxy with SSL - ProxySG Technical Brief

ProxySG TechBrief Downloading & Configuring Web Filter

ProxySG TechBrief Enabling Transparent Authentication

Downloading and Configuring WebFilter

Implementing Exception Pages

LDAP Authentication and Authorization

Blue Coat Security First Steps Solution for Controlling HTTPS

ProxySG TechBrief LDAP Authentication with the ProxySG

Implementing SSL Offload with JAGUAR Ver.1.0

Executive Summary. What is Authentication, Authorization, and Accounting? Why should I perform Authentication, Authorization, and Accounting?

How to configure the Panda GateDefender Performa explicit proxy in a Local User Database or in a LDAP server

Deploying F5 to Replace Microsoft TMG or ISA Server

Deploying the SSL Proxy

Blue Coat Security First Steps Solution for Deploying an Explicit Proxy

Contact Information. Document Number: Document Revision: SSL Proxy Deployment Guide SGOS 5.1.4

DEPLOYMENT GUIDE Version 2.1. Deploying F5 with Microsoft SharePoint 2010

Blue Coat Security First Steps Solution for Integrating Authentication

ProxySG ICAP Integration

Best Practices for Controlling Skype within the Enterprise. Whitepaper

Best Practices for Controlling Skype within the Enterprise > White Paper

DEPLOYMENT GUIDE Version 1.2. Deploying the BIG-IP System v10 with Microsoft IIS 7.0 and 7.5

DEPLOYMENT GUIDE. Deploying F5 for High Availability and Scalability of Microsoft Dynamics 4.0

Configuring Load Balancing

ISA Server Plugins Setup Guide

Reverse Proxy for Trusted Web Environments > White Paper

WAN Optimization for Microsoft SharePoint BPOS >

How To Configure SSL VPN in Cyberoam

Reverse Proxy Guide. Version 2.0 April 2016

This presentation covers virtual application shared services supplied with IBM Workload Deployer version 3.1.

Secure Web Appliance. Reverse Proxy

Reverse Proxy Deployment Guide

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

Blue Coat Systems. Reference Guide. SSL Proxy. For SGOS 5.3.1

Load Balancing. Outlook Web Access. Web Mail Using Equalizer

Blue Coat Systems. Client Manager Redundancy for ProxyClient Deployments

Blue Coat Security First Steps Transparent Proxy Deployments

MultiSite Manager. Using HTTPS and SSL Certificates

Setup Guide Access Manager 3.2 SP3

Security IIS Service Lesson 6

Blue Coat Systems. Reference Guide. SSL Proxy. For SGOS 5.5.x and later

DEPLOYMENT GUIDE Version 1.2. Deploying the BIG-IP System v9.x with Microsoft IIS 7.0 and 7.5

How to Open HTTP or HTTPS traffic to a webserver behind the NetVanta 2000 Series unit (Enhanced OS)

User Identification and Authentication

Integrated SSL Scanning

Web Security Firewall Setup. Administrator Guide

DEPLOYMENT GUIDE DEPLOYING F5 WITH SAP NETWEAVER AND ENTERPRISE SOA

SafeNet Authentication Service

Configuring Citrix NetScaler for IBM WebSphere Application Services

DEPLOYMENT GUIDE Version 1.2. Deploying the BIG-IP system v10 with Microsoft Exchange Outlook Web Access 2007

Deploying the BIG-IP System with Oracle E-Business Suite 11i

Secure Web Service - Hybrid. Policy Server Setup. Release Manual Version 1.01

Resonate Central Dispatch

DEPLOYMENT GUIDE Version 1.2. Deploying F5 with Microsoft Exchange Server 2007

Active Directory Integration with Blue Coat

Pass Through Proxy. How-to. Overview:..1 Why PTP?...1

Secure Web Appliance. SSL Intercept

DEPLOYMENT GUIDE DEPLOYING THE BIG-IP LTM SYSTEM WITH MICROSOFT WINDOWS SERVER 2008 TERMINAL SERVICES

HOW TO CONFIGURE PASS-THRU PROXY FOR ORACLE APPLICATIONS

Table of Contents. Chapter 1: Installing Endpoint Application Control. Chapter 2: Getting Support. Index

Blue Coat Security First Steps. Solution for HTTP Object Caching

Deployment Guide Microsoft IIS 7.0

User Guide. You will be presented with a login screen which will ask you for your username and password.

Websense Web Security Gateway: Integrating the Content Gateway component with Third Party Data Loss Prevention Applications

Deploying the Barracuda Load Balancer with Office Communications Server 2007 R2. Office Communications Server Overview.

Deploying the BIG-IP System v10 with SAP NetWeaver and Enterprise SOA: ERP Central Component (ECC)


Implementing an SSL security on AppliDis Servers running under Windows 2008 Server R2

F5 Big-IP LTM Configuration: HTTPS / WSS Offloading

Citrix Receiver for Mobile Devices Troubleshooting Guide

How To Plan A Desktop Workspace Infrastructure

Application Note. Configuring McAfee Firewall Enterprise for McAfee Web Protection Service

SuperLumin Nemesis. Administration Guide. February 2011

Outlook Profile Setup Guide Exchange 2010 Quick Start and Detailed Instructions

bbc Adobe LiveCycle Data Services Using the F5 BIG-IP LTM Introduction APPLIES TO CONTENTS

Installation and configuration guide

Customer Tips. Xerox Network Scanning HTTP/HTTPS Configuration using Microsoft IIS. for the user. Purpose. Background

Installation Procedure SSL Certificates in IIS 7

DEPLOYMENT GUIDE Version 1.2. Deploying F5 with Oracle E-Business Suite 12

Masters Project Proxy SG

DEPLOYMENT GUIDE Version 1.1. Deploying the BIG-IP LTM v10 with Citrix Presentation Server 4.5

Deploying the BIG-IP System v10 with Oracle Application Server 10g R2

7.0 Self Service Guide

DameWare Server. Administrator Guide

Transparent Cache Switching Using Brocade ServerIron and Blue Coat ProxySG

Integrated Citrix Servers

DEPLOYMENT GUIDE DEPLOYING THE BIG-IP SYSTEM WITH MICROSOFT INTERNET INFORMATION SERVICES (IIS) 7.0

Blue Coat Security First Steps Solution for Integrating Authentication Using LDAP

White Paper. Enterprise IPTV and Video Streaming with the Blue Coat ProxySG >

DEPLOYMENT GUIDE. Deploying the BIG-IP LTM v9.x with Microsoft Windows Server 2008 Terminal Services

SSL Interception on Proxy SG

Application Layer vs. TCP Layer WAN Optimization > White Paper

Technical Note. Configuring Outlook Web Access with Secure WebMail Proxy for eprism

Setup Guide Access Manager Appliance 3.2 SP3

Creating a Secure Web Service In Informatica Data Services

Introduction to Mobile Access Gateway Installation

Facility Connect API: Setup & Troubleshooting. Version 1

CA NetQoS Performance Center

DIGIPASS Authentication for Cisco ASA 5500 Series

IIS Reverse Proxy Implementation

Transcription:

ProxySG TechBrief Reverse Proxy with SSL What is Reverse Proxy with SSL? The Blue Coat ProxySG includes the basis for a robust and flexible reverse proxy solution. In addition to web policy management, content filtering, blocking, Web content virus-scanning and network protection, companies can implement a reverse proxy solution (with SSL) front ending their Web applications for greater security and Web performance. Reverse proxy with the ProxySG provides the following advantages: The ProxySG terminates the session with the client and establishes another session with the Web server thereby offloading this process from the Web server. The Web server only sees the IP address of the ProxySG Granular policies with authentication, authorization and logging can be implemented The ProxySG has built in DOS (Denial of Service) protecting the Web servers from these types of attacks The server identity can be hidden by the ProxySG Increased performance with caching provides an improved Web experience Moreover with SSL, the ProxySG terminates the SSL session with the client and forwards traffic to origin server via HTTP, offloading the Web server of this task. The ProxySG s flexible advanced forwarding architecture coupled with caching provides organizations a best-of-breed solution to leverage their network infrastructure. Why implement Reverse Proxy with SSL with Blue Coat? Reverse proxy with SSL on the Blue Coat ProxySG provides flexibility to network administrators in defining scalable secured Web services. HTTPS connections are terminated on the ProxySG. The ProxySG obtains content (not currently in cache) from the origin server via HTTP. The following diagram presents this design. HTTPS HTTP Client ProxySG Web Server 1 Technical Brief

Implement Reverse Proxy with SSL There are four steps to implement Reverse Proxy with SSL on the ProxySG: 1. Configure the SSL keypair/certificate 2. Configure advanced forwarding hosts 3. Configure advanced forwarding rules 4. Test the configuration Note: In order to prevent the ProxySG from being used as an open proxy you can also implement these steps: 1. The default policy or first layer must be set to DENY 2. After DENY there must be a policy layer to explicitly allow the URLs to be forwarded 3. Then add the forwarding layer Step 1 Configure the SSL keypair/certificate To configure the SSL keyring/certificate, open the Blue Coat Management interface on the ProxySG. Go to Configuration SSL Keyrings as shown in the following example. Click on Create. In this example the keyring is called sslserver. 2 Technical Brief

Click on OK, this will create the public/private key for this new keyring. Now, a certificate needs to be created or imported for this keyring. You could use a self signed certificate (which may cause warnings in the browser) or request a CertificateSigningRequest to a valid CA authority that will return you a signed certificate understood by browsers. To perform these tasks go into the SSL certificates tab. Select the keyring we have just created (sslserver). Click on Create to create the certificate signing request. If you select the certificate signing request, you will need to send that information to a CA authority that will return you a signed certificate to import into the ProxySG. In our example, we will create a self-signed certificate. Click on Create under certificate: 3 Technical Brief

Fill in the corresponding information. Note: the common name is the URL that will be entered by the users this is the name of the hostname of the SSL service Click OK You will see the following: The next step is to assign this keyring to the HTTPS service. In the Blue Coat Management console, go into Services Service Ports as shown here: 4 Technical Brief

Click on create. Select a HTTPS service; choose the port 443 as explicit and select the certificate we have created. 5 Technical Brief

Click on OK and Apply. Step 2 Configure Advanced Forwarding hosts The second step is to define the back end servers to obtain the content from. This is defined in the forwarding hosts section of the configuration. Using the Blue Coat Management console, go to Forwarding Forwarding Hosts as shown in the next example. 6 Technical Brief

Open the text editor and add the following to the forwarding file: fwd_host mywebserver1 <ipaddressofhtewebserver> http=80 server 7 Technical Brief

Click on Install. Step 3 Configure Advanced Forwarding rules The advanced forwarding rules are implemented via the Blue Coat Visual Policy Manager. Open the Visual Policy Manager on the ProxySG as shown here. Create a Forwarding Layer called forwarding Next, create a forwarding rule with the following policy criteria. Examples of each step of this configuration are shown in subsequent screens. Source= any Destination = protocol scheme = https and host : www.foo.com (what users will type in their browsers ie url seen by users) Service = any Action = Select Forwarding Time = any Tracking = none 8 Technical Brief

9 Technical Brief

After you have completed the entry of this information, click on OK. Next, select the Action tab to set the parameters for this step. 10 Technical Brief

Click OK twice. Finally, click on Install Policy to install the policy to the ProxySG. In this example users requesting https://www.foo.com will get content from http://www.bluecoat.com Note: you will need to make sure that www.foo.com resolves to the IP address of your ProxySG. 11 Technical Brief

Step 4 Test your configuration The last step is to validate that reverse proxy with SSL is working. Be sure to resolve www.foo.com to the IP address of your ProxySG and request with a Web browser https://www.foo.com. You will see the www.bluecoat.com site secured. Caveats It is possible that the origin Web server references links to HTTP instead of relative links. This may cause certain pages to reference the origin Web server. In this case you will need to install the following local policy that uses the TwoWayURLRewrite function: <Proxy> url.host=www.foo.com action.bluecoat_server_portal(yes) ; This transformation provides server portaling define url_rewrite bluecoat_portal caseless subst_embedded "https://www.foo.com/" "http://www.bluecoat.com/" end ; This action runs the transform for bluecoat server portaling for http ; content ; Note that the action is responsible for rewriting related headers define action bluecoat_server_portal ; request rewriting 12 Technical Brief

rewrite( url, "^https://www\.foo\.com/(.*)", "http://www.bluecoat.com/$(1)", cache, server ) rewrite( request.header.referer, "^https://www\.foo\.com/(.*)", "http://www.bluecoat.com/$(1)" ) ; response rewriting transform bluecoat_portal end Conclusion The ProxySG provides powerful reverse proxy capabilities allowing an organization to terminate SSL on the ProxySG and make content requests in behalf of the user to the origin server. An enterprise can achieve greater performance and security benefits by implementing a reverse proxy with SSL solution on their network. Copyright 2005 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of Blue Coat Systems, Inc. Specifications are subject to change without notice. Information contained in this document is believed to be accurate and reliable. However, Blue Coat Systems, Inc. assumes no responsibility for its use. Blue Coat is a registered trademark of Blue Coat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property of their respective owners. Contact Blue Coat Systems 1.866.30BCOAT 408.220.2200 Direct 408.220.2250 Fax www.bluecoat.com 13 Technical Brief

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information