Layer7 API Management

  • 1.  Any plans for a more robust and feature-rich Reverse Web Proxy functionality in CA API Gateway?

    Posted Feb 01, 2019 04:28 PM

    When comparing the resulting Web API that is created by the Publish Reverse Web Proxy with the features of the mod_proxy module of Apache, you quickly see that there are several critical features missing.

     

    See this documentation for example: mod_proxy_html - Apache HTTP Server Version 2.4 

     

    For example, the importance of selecting not only which tags to replace text in, but also which attributes within those tags to do so. Exemple, you may not want to change the content section of a "a" tag, but rather only the "href" attribute. Also, being able to select content-types for which you shouldn't not do any transformations, i.e. image/* or other binary data types.

     

    You should also be able to specify the part of the URL to transform in case the backend has a different folder path prefix or vice versa (i.e. the API URL is /my/reverse-proxy/app/ but the root of the site it proxies to is /myapp/. You would need to transform /my/reverse-proxy/app/* into /myapp/* and vice versa.

     

    Basically, the wizard should let you pretty much emulate what you can do with the mod_proxy module of Apache Web Server, with the added benefit of being able to add a layer of security on top.

     

    Are there any plans for something like that in future releases?



  • 2.  Re: Any plans for a more robust and feature-rich Reverse Web Proxy functionality in CA API Gateway?

    Broadcom Employee
    Posted Feb 03, 2019 06:56 PM

    Dear ygirouard_stm ,

    I believe the current reverse proxy policy should be able to meet your needs.

    it uses regex assertion to replace hostname string in the whole request body, no matter tag or attribute.

     

    But the default policy assumes you use the whole gateway as a reverse proxy -- it uses url /* , not something like /my/reverse-proxy/app/*

     

    But you can customize the policy to meet your needs. (change the regex expressions)

     

    (For relative paths/link, it could be difficult, sometimes you may have to hard code it, same as using other reverse proxy. it's better if backend uses only absolute path)

     

    Regards,

    Mark



  • 3.  Re: Any plans for a more robust and feature-rich Reverse Web Proxy functionality in CA API Gateway?

    Posted Feb 04, 2019 04:08 PM

    Hi Mark,

     

     

    I believe the current reverse proxy policy should be able to meet your needs.

    it uses regex assertion to replace hostname string in the whole request body, no matter tag or attribute.

     

     

    This is actually a problem. It shouldn't search the entire body. Only certain tag attributes contain URls or domains that are supposed to be replaced by the reverse proxy. You also should avoid to search-replace body content of responses that are not text-based content-types (for example, a PHP page that returns an image). That's why the mod_proxy module of Apache Web Server offers this level of control.

     

    Thanks



  • 4.  Re: Any plans for a more robust and feature-rich Reverse Web Proxy functionality in CA API Gateway?

    Broadcom Employee
    Posted Feb 04, 2019 06:03 PM

    I agree it may not be easy, but it should not be a problem if you find the correct regular expression.