If your environment consists of a topology that includes a Web
server, you must configure it as a trusted secure proxy server. By configuring
the secure proxy server, you can inform the on demand router (ODR) that the
Web server is a trusted secure proxy so that the ODR can receive requests.
Before you begin
You must first create an ODR, a proxy with advanced capabilities
that WebSphere® Virtual Enterprise uses to route work
to application server nodes. See Creating ODRs
for
more details.
About this task
A Web server should be configured as a trusted secure proxy because
a trusted security proxy is allowed to pass information such as the virtual
host name, or user identity to the ODR in private HTTP headers. Web servers
read incoming requests to verify which ODR they are routed to. Private headers
received from an untrusted proxy are discarded by the ODR. This configuration
field enables intermediaries other than the ODR server to handle the request
by explicitly telling the ODR that it is to trust them. A trusted security
proxy receives requests prior to the ODR and then forwards requests to the
ODR. For example, when the Web server with the WebSphere Application Web server
plugin forwards requests to the ODR, the Web server must be configured as
a trusted security proxy.
Figure 1. Example topology of a simple WebSphere Virtual Enterprise environment supported configuration
including a Web server
Procedure
- To configure a Web server as a trusted proxy server, in the administrative
console, click Servers > On Demand Routers> on_demand_router_name >
On Demand Router Properties > On Demand Router settings.
- Specify the name of the Web server in the Trusted Security
Proxies. This configuration field enables intermediaries
other than the ODR server to handle the request by explicitly telling the
ODR that it can trust the Web server you specify. Use an internet protocol
or fully-qualified host name in this field. For example, myhost.com or
an IP address such as 10.1.1.1.
- Click Apply.
- Click Save.
Results
Your Web server is now configured as a trusted proxy server.