Hi all
I have a question and hope someone can help.
I would like to use WinGate to help us with the following requirement:
I have an internal server who needs to have access to multiple external servers via multiple (WinGate) proxies. The internal server needs to execute some web service commands to those servers. The application on that server can not be configured to use a proxy. So we would register the web service URLs for the web service like:
https://proxy1_server1/...
https://proxy1_server2/...
https://proxy2_server3/...
That internal server will be able to resolve the names proxy1_server1 to the IP of the proxy. Now I need some functionality on the proxy which redirects https://proxy1_server1/... now to https://real_name_of_external_server1/...
What is the best functionality to realize this scenario?
I assume we will need to use a web proxy, but how can the URL rewrite be done with WinGate?
Or is there a more elegant way of solving this issue?
Any feedback is welcome!
Thanks
Helmut
URL Rewrite
Moderator: Qbik Staff
2 posts
• Page 1 of 1
Re: URL Rewrite
by adrien » Oct 22 14 8:40 am
Hi Helmut
this can be done. What happens is that the servers making the requests will be making requests to WinGate as if it is a web server, so this is handled in the Web Server tab in the WWW proxy. The hosts headers in the requests will be proxy_server1, proxy_server2 etc, so you can use sites in the Web Server tab in the WWW proxy to match these and treat differently.
To re-write the request, you can use flow-chart policy. This allows you to assign new values to Request.Server, etc to build the new requests.
However since it's https, the client will verify the certificate used (which needs to be in the proxy) against the name it thinks it's connecting to, so you may need to
a) use 2-level domain names for the names to resolve to the proxy e.g. proxy1.local, proxy2.local
b) generate a wild-card cert for *.local and load it in the proxy.
c) have the cert trusted by the clients (your servers making the requests)
alternatively generate a certificate which has all the names you're using in the AltSubjectName fields.
An alternative approach might be a Proxifier client on the servers to convert connection requests into proxy requests. This would mean your servers would be configured to connect directly to the destination servers via a SOCKS or HTTP tunneling proxy.
Regards
Adrien de Croy
this can be done. What happens is that the servers making the requests will be making requests to WinGate as if it is a web server, so this is handled in the Web Server tab in the WWW proxy. The hosts headers in the requests will be proxy_server1, proxy_server2 etc, so you can use sites in the Web Server tab in the WWW proxy to match these and treat differently.
To re-write the request, you can use flow-chart policy. This allows you to assign new values to Request.Server, etc to build the new requests.
However since it's https, the client will verify the certificate used (which needs to be in the proxy) against the name it thinks it's connecting to, so you may need to
a) use 2-level domain names for the names to resolve to the proxy e.g. proxy1.local, proxy2.local
b) generate a wild-card cert for *.local and load it in the proxy.
c) have the cert trusted by the clients (your servers making the requests)
alternatively generate a certificate which has all the names you're using in the AltSubjectName fields.
An alternative approach might be a Proxifier client on the servers to convert connection requests into proxy requests. This would mean your servers would be configured to connect directly to the destination servers via a SOCKS or HTTP tunneling proxy.
Regards
Adrien de Croy
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
2 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 8 guests