WinGate Forums

[leyokumio]

Dear Sir / Madam
Our company is desired to use WINGATE as a proxy server to route user to another server if he/she doesn't have privilege to get access on our default server.
However, when I setup a lab to test these web server reverse function. I
Setup as follows:
Host A using window Xp and had install wingate using proxy server service and web service (accept HTTP request using port 8080) It also has upstream proxy too.
PC A trying to get access to Host A and it suppose to reverse to Host B
Host B is a Window 2008 R2 server with IIS on (accept HTTP request using port 80)

ts return an error "SSLTunnelling connect to host B (ip xx.xx.xx.xx):80 failed - bad response from HTTP server"
question 2 how to get another trial month after 30 days trial

[MattP]

Hi,

Do you need to reverse proxy in this case? You could just set the IIS server as the upstream proxy in the Connections tab in the WWW proxy and WinGate will forward the request to that server. You could use a Web Access Control rule to specify which users have access to the WinGate proxy, those that do will have their request forwarded to the IIS server via the WinGate WWW proxy, those that don't will get a request denied message.

We'll be happy to extend your trial, can you email sales@wingate.com with your Trial ID please?

Thanks,

Matt

[leyokumio]

It could be done if we are just independent department. However, we are a small session under a big company. We have proxy control via internet.
Eveyone has to through this proxy before getting out the internet. Also, our company's server have to serve people from our remote office (It could be different subnets). Problem is the uptream proxy must set our department's proxy to be able to get thru internet and we just have to route our staff without priviledge to another IIS server.
When wingate reversed from the major server to another IIS server, might it use another connection besides SSL tunneling. I have read relevant information
that protocol may not support by IIS. Also, our company major website are using ASP but not CGI or PHP, will it work if I just route to html pages.
I am not insist to do reverse function, any methods will do if it can solve my problem.
I have read your least update which talking about SSL tunneling fixed. However, I try to update to latest ver. It could not let me to do that.

[adrien]

Hi

With flow-chart policy, per request you can control connection mechanism for upstream. With an enterprise license there is a connection control item in policy. In all licenses you can alternatively use script to set:

* upstream connection method
* server and port
* credentials

etc

Regards

Adrien de Croy

[leyokumio]

Thx for your suggestion. How about the reverse func. If it can just select on a pull list is much more easier than figure it out how to set constraint to upstream server. We are not suppose to interrupt any traffic that are not in our control . Also, it is not our proxy server which is under networking team.
We are definitely need the routing function that can reverse some users that is not welcome by us and this action will not intervene their proxy.

[leyokumio]

Firstly, I have to apologize that I have misleaded you about our company needed reverse function. In fact that, we have to redirect a range of ip to disallow them to go to our web services and redirect them to another serever. Therefore, we need a proxy server. After your reply, I have tried the web server tag and redirection and it works fine. However, I still need to figure it out how to use wingate to restrict a range of IP to get access to our web service and redirect them to another server.
here is my case:
Host A contains a web service and restraint to a group of users or ip s to get access; (installed Wingate on this server)
Host B is a window server that Wingate redirect to
The rest is internet or intranet PC's users that want to get access to this service.
Only way we could do is to ask our users to set the proxy as a host A.
After all. the upsteam's proxy on Host A must set to be a proxy server that is not in control by us.
Which topic I should study? Since wingate's online documentation doesn't have a case study I could follow.
I have read that the HTTP proxy Server service automatically registered several events and they are controlled by policies. Does it means I can change the policy to restrict a range of IP or few group of users to get access to our server that has a web service.
Appreciated

[leyokumio]

Dear Sir
I am so frustrated on redirection of the unauthenicated users or range of IPs users since the web server tag only provides me to select one action when received http request. I could guess I can control the proxy respose event by modifying the policy to let user who are authorized to get into the server and the rest of unauthorized user will redirect to another site/ server. Now, I just can put all the http request to the redirected server. Also, is there anyway i can get a list of event's explanation or more in dept documentation?
Appreciated
Leo

[adrien]

Hi Leo

when you say redirect a bunch of users to another server, do you envisage doing that by

a) an http redirect (302 or 301 response with a new URL) which causes the client to re-request to a different server; or
b) pipe the request through to the different server (e.g. reverse proxy)

Sorry, it's still not clear to me exactly what you're trying to do.

if users on the internet will be using WinGAte to access the service, they won't want to set proxy configuration. So WinGate in this case will be a reverse proxy, and the client will just connect to the external IP, and be piped to the web app.

If the client is in the wrong IP range you could divert to another back end server or redirect to a URL.

So for reverse proxy, the event to work on is ServerRequest, since fundamentally that is the type of request that WinGate is processing.

If you have policy logic where you will divert any requests from a certain IP to somewhere else, you could do that in the Request event.

Probably ProxyRequest and ConnectRequest events should be denied (connect to a deny result).

When you talk about users vs IP addresses, does that mean the users will auth to the reverse proxy? You can control this with flow-chart policy as well.

It may be best if we connect to your system to help you set this up.

Regards

Adrien

[leyokumio]

Dear Sir
Solely, follow your rules, I set the proxy request's event if it match with certain IP patterns it will divert to my another server without a service and It came out fine. However, the case ip pattern can't be matched should allow access the server to use a services. But it returned SSL tunneling connection problem. It just like I am doing reverse function.
In fact my set up has to include third party as a upstream proxy the port is 8080 and all my setup set to listen 8080. If I didn't set that it will not happen correctly even divert function.
After all, I just wanna route some internal ips that are unwelcome from us to another server.
Any suggestion?
Appreciated

[leyokumio]

Dear Sir
Also, if the case allow is happened what will be happened. When I just set up web server tab in the proxy services to serve its provide a folder destination and the filename for me to fill in but in this case allow it doesn't have a place to fill in filename and path.

[leyokumio]

In another word, I just wanna know if incoming proxy request's policy hits the result that was set to be "ALLOW". It will screw and don't have response.
Afterwards, it will have this message

Network Error
Destination website server error. Please try again later or contact the destination website server administrator.
The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time.

How could I set to be able to see my default page since if I set the web server tab to serve, it can let me set the folder and filename.

plx help me out