httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Hasicek <martin.hasi...@gmail.com>
Subject Re: [users@httpd] Citrix behind Apache HTTP reverse proxy sever problem
Date Sun, 07 Oct 2012 16:42:52 GMT
Hi after first look, configuration of apache looks fine. Please try to view
source code of https://proxyserver.domain2.com/citrix/xenapp. Somewhere
should be link, which is relative (like href="./citrix/...") or absolute
(like href="https://proxyserver.domain2.com/citrix/..."). I expect, it is
absolute and this cause your problem (because instead of proxyserver you
have in url your secutiryGW).

Apache proxy has nothing with content which is served by Citrix. It means,
problem is on your side. I'm not so familiar with citrix to point you on
right place, but short google search should solve your problem.

mh

On Sun, Oct 7, 2012 at 6:31 PM, Yuriy Medvedev <ymed@yandex.ru> wrote:

> Hello,
>
>
> I am a Citrix Admin and unfamiliar with Apache.
> Our Apache admins said me that I need to reconfigure my Citrix setup.
> But I think that Apache admins must reconfigure their Apache server. 8)
> I need an impartial judge!
>
>
> We have the next setup:
>
>
> external clients-------> Apache HTTP Server (reverse proxy
> configured)--------->Firewall----->Citrix Secure Gateway (Citrix Web
> Interface on the same server)--------Citrix Farm(Servers with Applications).
>
>
> Apache Server resides in external network, but Citrix Secure Gateway and
> Farm reside in internal network.
> Apache server exposes internal address of Citrix Secure Interface (
> https://secgateway.domain1.com/citrix/xenap) as
> https://proxyserver.domain2.com/citrix/xenapp
> External clients launch programs from Citrix farm using Web interface
> https://proxyserver.domain2.com/citrix/xenapp address.
> Clients use HTTPS to connect to Citrix Secure Gateway.
>
> PROBLEM: When client connects to Citrix Secure Gateway (Web Interface) it
> connects via Apache HTTP server (I see it by meanse of netstat -a command).
> But when client launches any application clicking on Web Interface icon,
> the citrix client is trying to connect to Cirtrix Secure Gateway directly
> omitting the Apache HTTP Server!
> But Cirtrix Secure Gateway IP is behind the firewall and application did
> not launch with error.
> When user launches app via proxy server, the ica-file redirects user to
> secgateway.domain1.com rather then to proxyserver.domain2.com. We must
> open ports on firewall to Secure Gateway too.
> This is a security problem for us. Is it possible to launch apps only via
> one Apache proxy server?
> We need all traffic (ICA and HTTPS) go through Apache! We need a
> possibility to launch apps from XenApp farm by means of connecting Apache
> HTTP server (IBM HTTP Server 7.0) rather then Secure Gateway.
>
>
> Below IBM HTTP Server 7.0 httpd.conf from our Apache admins:
>
>
> Listen 0.0.0.0:443
> <VirtualHost *:443>
> SSLEnable
> #SSLProtocolDisable SSLv2
> SSLClientAuth none
> SSLProxyEngine on
> SSLCipherSpec 34
> SSLCipherSpec 35
> SSLCipherSpec 3A
> SSLCipherSpec 33
> SSLCipherSpec 36
> SSLCipherSpec 39
> SSLCipherSpec 32
> SSLCipherSpec 31
> SSLCipherSpec 30
> #Citrix
> <Location /Citrix>
> order deny,allow
> allow from all
> </Location>
> ProxyPass /Citrix https://secgateway.domain1.com/citrix/xenapp
> ProxyPassReverse /Citrix https://secgateway.domain1.com/citrix/xenapp
> </VirtualHost>
>
> Thank you for any help!
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message