Using Firewalls with Reverse Proxy Servers
Image: Firewall and reverse proxy setup
You can set up a buffer zone in front of the portal web server to prevent unauthorized access to the portal web server and create a more secure environment. A buffer zone is typically configured with a firewall that allows access to a reverse proxy server, which relays incoming requests through a second firewall to the portal web server. This diagram shows this setup:
The configuration is similar to that for configuring a portal running under SSL to use HTTP connections to the PeopleSoft Pure Internet Architecture on the same server; however, you must make these adjustments in the web profile:
|
Web Profile Page |
Field Name |
Field Value |
|---|---|---|
|
Security |
PIA use HTTP Same Server |
Selected. |
|
Virtual Addressing |
Protocol(in the Default Addressing region of the page) |
HTTPS. |
|
Virtual Addressing |
Name(in the Default Addressing region of the page) |
The DNS name of the reverse proxy server, for example, portal.corp.com. |
|
Virtual Addressing |
Port(in the Default Addressing region of the page) |
The port on which the reverse proxy server is listening for HTTPS requests if it's different from the port on which the web server is listening. |
Hosts File Setup
The hosts file on the portal web server must have an entry that directs DNS requests for the content provider server name (the reverse proxy server in the previous example) to the portal web server, for example, 123.456.345.02. This enables the portal to make requests for content that is hosted on the same server directly without going back through the reverse proxy server.
For example:
123.456.345.02 portal.corp.com