Introduction

The Reverse Proxy Plug-in is a NSAPI plug-in designed for use with the Sun Java System Web Server 6.1 SP10 and later Service packs. Same functionality is now provided by 64-bit Reverse Proxy Plug-in (Solaris SPARC Only) which can be used with Sun Java System Web Server 6.1 SP10 and later Service packs.

A reverse proxy is a proxy that appears to be a web server (origin server) to clients but in reality forwards the requests it receives to one or more origin servers. Because a reverse proxy presents itself as an origin server, clients do not need to be configured to use a reverse proxy. By configuring a given reverse proxy to forward requests to multiple similarly configured origin servers, a reverse proxy can operate as an application level software load balancer. In a typical deployment one or more reverse proxies will be deployed between the browsers and the origin servers. Reverse proxy provides additional layer of protection between the public Internet and the origin servers. Web Server can be configured as Reverse Proxy server for any back end application servers.

The Reverse Proxy plug-in can be used in conjunction with the Sun Web Server features such as on-the-fly gzip compression, output filters, advanced Access Control Lists, and so on.

The Reverse Proxy plug-in includes support for the following features:

• HTTP/1.0 and HTTP/1.1 Compliance

• Credential Pass-through

• Authentication to Origin Servers

• Data Encryption

• Session Stickiness

• Simple Load Balancing

• Granular Error Logging

HTTP/1.0 and HTTP/1.1 Compliance

The Reverse Proxy plug-in issues HTTP/1.1 requests to origin servers and will accept HTTP/1.0 responses to requests. It will not upgrade incoming HTTP/1.0 requests to HTTP/1.1 in ways that are incompatible with HTTP/1.0 (for example, it will not add a Transfer-encoding: chunked header to a request).

Credential Pass-through

The Reverse Proxy plug-in passes through basic-auth and digest-auth credentials presented by the client. It encodes client certificates from the client and present them in proprietary headers that an appropriately coded application on the origin server can utilize.

Authentication to Origin Servers

The Reverse Proxy plug-in can be configured to present its own credentials to an origin server. The Reverse Proxy plug-in is capable of presenting basic-auth or utilizing a specified certificate nickname.

Data Encryption

The Reverse Proxy plug-in can utilize SSLv2, SSLv3 and TLS when making requests to origin servers.

Session Stickiness

The Reverse Proxy plug-in can be configured to recognize sticky cookies, and can have the name of the sticky cookies be configured.

Simple Load Balancing

The Reverse Proxy plug-in distributes load to several configured origin servers.

Granular Error Logging

The Reverse Proxy plug-in takes advantage of the Web Server's granular error logging capabilities such as config, failure, warning, fine, finer, and finest. See the Web Server documentation at for more detail.