Sun Java System Web Proxy Server 4.0.2 2005Q4 Administration Guide

Forwarding the Client IP Address to the Server

The Forward Client Credentials page is used to configure the proxy to send client credentials to the remote server.

ProcedureTo configure the proxy to send client IP addresses

Steps
  1. Access the Server Manager and click the Routing tab.

  2. Click the Forward Client Credentials link. The Forward Client Credentials page displays.

  3. Select the resource from the drop-down list or click the Regular Expression button, enter a regular expression and click OK.

  4. Change the following options as required:

    • Client IP Addressing Forwarding. The Proxy Server does not send the client’s IP address to remote servers when making requests for documents. Instead, the proxy acts as the client and sends its IP address to the remote server. However, there are times when you might want to pass on the client’s IP address:

      • If your proxy is one in a chain of internal proxies.

        • If your clients need to access servers that depend on knowing the client’s IP address. You can use templates to send the client’s IP address only to particular servers.

          Select one of the options to configure the proxy to send client IP addresses:

        • Default. Enables the Proxy Server to forward the client’s IP addresses.

        • Blocked. Does not allow the proxy to forward the client’s IP addresses.

        • Enabled Using HTTP Header. You can specify an HTTP header for the proxy to use when forwarding IP addresses. The default HTTP header is named Client-ip, but you can send the IP address in any header you choose.

        Client Proxy Authentication Forwarding. Select one of the options to configure the proxy to send the client’s authentication details:

        • Default. Enables the Proxy Server to forward the client’s authentication details.

        • Blocked. Does not allow the proxy to forward the client’s authentication details.

        • Enabled Using HTTP Header. You can specify an HTTP header for the proxy to use when forwarding authentication details.

        Client Cipher Forwarding. Select one of the options to configure the proxy to send the name of the client’s SSL/TLS cipher suite to remote servers:

        • Default. Enables the Proxy Server to forward the name of the client’s SSL/TLS cipher suite to remote servers.

        • Blocked. Does not allow the proxy to forward the name of the client’s SSL/TLS cipher suite to remote servers.

        • Enabled Using HTTP Header. You can specify an HTTP header for the proxy to use when forwarding the name of the client’s SSL/TLS cipher suite to remote servers. The default HTTP header is named Proxy-cipher, but you can send the name of the client’s SSL/TLS cipher suite in any header you choose.

        Client Keysize Forwarding. Select one of the options to configure the proxy to send the size of the client’s SSL/TLS key to remote servers:

        • Default. Enables the Proxy Server to forward the size of the client’s SSL/TLS key to remote servers.

        • Blocked. Does not allow the proxy to forward the size of the client’s SSL/TLS key to remote servers.

        • Enabled Using HTTP Header. You can specify an HTTP header for the proxy to use when forwarding the size of the client’s SSL/TLS key to remote servers. The default HTTP header is named Proxy-keysize, but you can send the size of the client’s SSL/TLS key in any header you choose.

        Client Secret Keysize Forwarding. Select one of the options to configure the proxy to send the size of the client’s SSL/TLS secret key to remote servers:

        • Default. Enables the Proxy Server to forward the size of the client’s SSL/TLS secret key to remote servers.

        • Blocked. Does not allow the proxy to forward the size of the client’s SSL/TLS secret key to remote servers.

        • Enabled Using HTTP Header. You can specify an HTTP header for the proxy to use when forwarding the size of the client’s SSL/TLS secret key to remote servers. The default HTTP header is named Proxy-secret-keysize, but you can send the size of the client’s SSL/TLS secret key in any header you choose.

        Client SSL Session ID Forwarding. Select one of the options to configure the proxy to send the client’s SSL/TLS session ID to remote servers:

        • Default. Enables the Proxy Server to forward the client’s SSL/TLS session ID to remote servers.

        • Blocked. Does not allow the proxy to forward the client’s SSL/TLS session ID to remote servers.

        • Enabled Using HTTP Header. You can specify an HTTP header for the proxy to use when forwarding the client’s SSL/TLS session ID to remote servers. The default HTTP header is named Proxy-ssl-id, but you can send the client’s SSL/TLS session ID in any header you choose.

        Client Issuer DN Forwarding. Select one of the options to configure the proxy to send the distinguished name of the issuer of the client’s SSL/TLS certificate to remote servers:

        • Default. Enables the Proxy Server to forward the distinguished name of the issuer of the client’s SSL/TLS certificate to remote servers.

        • Blocked. Does not allow the proxy to forward the distinguished name of the issuer of the client’s SSL/TLS certificate to remote servers.

        • Enabled Using HTTP Header. You can specify an HTTP header for the proxy to use when forwarding the distinguished name of the issuer of the client’s SSL/TLS certificate to remote servers. The default HTTP header is named Proxy-issuer-dn, but you can send the name of the issuer of the client’s SSL/TLS certificate in any header you choose.

        Client User DN Forwarding. Select one of the options to configure the proxy to send the distinguished name of the subject of the client’s SSL/TLS certificate to remote servers:

        • Default. Enables the Proxy Server to forward the distinguished name of the subject of the client’s SSL/TLS certificate to remote servers.

        • Blocked. Does not allow the proxy to forward the distinguished name of the subject of the client’s SSL/TLS certificate to remote servers.

        • Enabled Using HTTP Header. You can specify an HTTP header for the proxy to use when forwarding the distinguished name of the subject of the client’s SSL/TLS certificate to remote servers. The default HTTP header is named Proxy-user-dn, but you can send the name of the subject of the client’s SSL/TLS certificate in any header you choose.

        Client SSL/TLS Certificate Forwarding. Select one of the options to configure the proxy to send the client’s SSL/TLS certificate to remote servers:

        • Default. Enables the Proxy Server to forward the client’s SSL/TLS certificate to remote servers.

        • Blocked. Does not allow the proxy to forward the client’s SSL/TLS certificate to remote servers.

        • Enabled Using HTTP Header. You can specify an HTTP header for the proxy to use when forwarding the client’s SSL/TLS certificate to remote servers. The default HTTP header is named Proxy-auth-cert, but you can send the client’s SSL/TLS certificate in any header you choose.

        Client Cache Information Forwarding. Select one of the options to configure the proxy to send information about local cache hits to remote servers:

        • Default. Enables the Proxy Server to forward the information about local cache hits to remote servers.

        • Blocked. Does not allow the proxy to forward the information about local cache hits to remote servers.

        • Enabled Using HTTP Header. You can specify an HTTP header for the proxy to use when forwarding information about local cache hits to remote servers. The default HTTP header is named Cache-info, but you can send the information about local cache hits in any header you choose.

        Set Basic Authentication Credentials. Select one of the options to configure the proxy to send a HTTP request:

        • User. Specify the user to authenticate.

        • Password. Specify the user’s password.

        • Using HTTP Header. You can specify an HTTP header for the proxy to use to communicate the credentials.

  5. Click OK.

  6. Click Restart Required. The Apply Changes page displays.

  7. Click the Restart Proxy Server button to apply the changes.