Proxy Services and Nodes

From Exchange Network Wiki

Jump to: navigation, search

Node administrators that operate under a consolidated service delivery program by their state, may be approached by the security folks to place a proxy service in front of his or her node. This sounds good as the proxy services do indeed mask back-end server identities and can also provide SSL Certificates. One function is to prevent too much information from being returned during a fault event, however. At least one vendor (Novell) of proxy and security services, implements this to mean that any level 500 HTTP error is returned as a web page, rather than our EN defined SOAP Fault message. Considerable time and effort can be spent diagnosing this problem but is not something that Novell is changing, for valid reasons. Be aware that this can happen if your security folks approach you.

Also be aware that an incoming request to a proxy server must have the incoming IP address passed to your node application in order for the SSL handshaking to succeed. Look for an X-forward-for parameter. Nodes directly validate to the NAAS, without going through the proxy service on the way out. If you get the proxy IP this validation will fail. Trust me.

Tom Aten Wisconsin DNR

Retrieved from "http://www.exchangenetworkwiki.com/wiki/index.php/Proxy_Services_and_Nodes"
Personal tools