httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yuriy Medvedev <y...@yandex.ru>
Subject [users@httpd] Citrix behind Apache HTTP reverse proxy sever problem
Date Sun, 07 Oct 2012 16:31:35 GMT
Hello,


I am a Citrix Admin and unfamiliar with Apache. 
Our Apache admins said me that I need to reconfigure my Citrix setup.
But I think that Apache admins must reconfigure their Apache server. 8)
I need an impartial judge!


We have the next setup:


external clients-------> Apache HTTP Server (reverse proxy configured)--------->Firewall----->Citrix
Secure Gateway (Citrix Web Interface on the same server)--------Citrix Farm(Servers with Applications).


Apache Server resides in external network, but Citrix Secure Gateway and Farm reside in internal
network.
Apache server exposes internal address of Citrix Secure Interface (https://secgateway.domain1.com/citrix/xenap)
as https://proxyserver.domain2.com/citrix/xenapp
External clients launch programs from Citrix farm using Web interface https://proxyserver.domain2.com/citrix/xenapp
address.
Clients use HTTPS to connect to Citrix Secure Gateway.

PROBLEM: When client connects to Citrix Secure Gateway (Web Interface) it connects via Apache
HTTP server (I see it by meanse of netstat -a command).
But when client launches any application clicking on Web Interface icon, the citrix client
is trying to connect to Cirtrix Secure Gateway directly omitting the Apache HTTP Server!
But Cirtrix Secure Gateway IP is behind the firewall and application did not launch with error.
When user launches app via proxy server, the ica-file redirects user to secgateway.domain1.com
rather then to proxyserver.domain2.com. We must open ports on firewall to Secure Gateway too.
This is a security problem for us. Is it possible to launch apps only via one Apache proxy
server?
We need all traffic (ICA and HTTPS) go through Apache! We need a possibility to launch apps
from XenApp farm by means of connecting Apache HTTP server (IBM HTTP Server 7.0) rather then
Secure Gateway.


Below IBM HTTP Server 7.0 httpd.conf from our Apache admins:


Listen 0.0.0.0:443
<VirtualHost *:443>
SSLEnable
#SSLProtocolDisable SSLv2
SSLClientAuth none
SSLProxyEngine on
SSLCipherSpec 34
SSLCipherSpec 35
SSLCipherSpec 3A
SSLCipherSpec 33
SSLCipherSpec 36
SSLCipherSpec 39
SSLCipherSpec 32
SSLCipherSpec 31
SSLCipherSpec 30
#Citrix
<Location /Citrix>
order deny,allow
allow from all
</Location>
ProxyPass /Citrix https://secgateway.domain1.com/citrix/xenapp
ProxyPassReverse /Citrix https://secgateway.domain1.com/citrix/xenapp
</VirtualHost>

Thank you for any help!


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message