AnsweredAssumed Answered

CA Access Gateway - Forward to destination Tomcat server via AJP protocol

Question asked by dmt953 on May 2, 2017
Latest reply on Aug 18, 2017 by kumsa29

Our current setup with SiteMinder Apache web agent:

 

Can the CA Access Gateway reverse proxy send requests to destination Tomcat server via AJP protocol rather than HTTP?  Currently we have an Apache web server frontend with SiteMinder web agent and this Apache web server act as a reverse proxy server to send to the Tomcat application server:

 

ProxyPass /app ajp://claritysandlb.regence.com:8009/app keepalive=On
ProxyPassReverse /app ajp://claritysandlb:8009/app

 

Due to our firewall and security policies we do not allow our tomcat servers to listen to HTTP but instead only on AJP port.  Moving away from the Apache web agent architecture and into the Access Gateway model we would need Access Gateway to send traffic to directly to the Tomcat app server via AJP protocol rather than HTTP/HTTPS.  Below is my proxy rule that I've tried but this did not work and I am not even sure if this is possible at all with Access Gateway.

 

<!-- Proxy Rules -->
<nete:proxyrules xmlns:nete="SPS Proxy Rule">
   <nete:cond type="host">
      <nete:case value="app.company.com:443">
         <nete:forward>ajp://tomcat.company.com:8009$1</nete:forward>
      </nete:case>
      <nete:default>
         <nete:forward>http://app.company.com$1</nete:forward>
      </nete:default>
   </nete:cond>
</nete:proxyrules>

 

Much appreciate any help.

 

Thanks!

Outcomes