Thursday, May 14, 2009

[THIN] Accessing WI 4.6 on IIS through reverse proxy

I've run into two issues trying to make an internal Web Interface IIS server farm accessible from the Internet via reverse proxy.

The first problem I have is the Web interface (4.6 running on IIS) generates a 401 permanent redirect to its internal hostname when users connect to the base URL of a configured WI site. This fails since the internal hostname is not accessible from the Internet.

The second problem I have is that I get into an infinite loop of redirects if I specify the URL for the full path to the default.htm of the WI site instead of just the base URL when going through the reverse proxy.

Essentially I have a reverse proxy URL https://externalname.company.com/citrix/wi pointed at an internal WI server https://internalname.company.com/wi-csg

If an external user enters https://externalname.company.com/wi then they get a 401 redirect to the internal name of the WI server which fails since the internal name is not directly accessible from the Internet.

If an external user enters https://externalname.company.com/wi/default.htm then they do succeed in getting to the internal WI but something with the auto client detect appears to be putting the user into an infinite loop of auto redirects between the login process and client detection process. You never actually get to the WI login page. - For this I'm questioning if it is because I'm rewriting the path name from /citrix/wi externally to /wi-csg internally.

Has anyone experienced or resolved either of these situations?


Thanks,
Jim


-----Message Disclaimer-----

This e-mail message is intended only for the use of the individual or
entity to which it is addressed, and may contain information that is
privileged, confidential and exempt from disclosure under applicable law.
If you are not the intended recipient, any dissemination, distribution or
copying of this communication is strictly prohibited. If you have
received this communication in error, please notify us immediately by
reply email to Connect@principal.com and delete or destroy all copies of
the original message and attachments thereto. Email sent to or from the
Principal Financial Group or any of its member companies may be retained
as required by law or regulation.

Nothing in this message is intended to constitute an Electronic signature
for purposes of the Uniform Electronic Transactions Act (UETA) or the
Electronic Signatures in Global and National Commerce Act ("E-Sign")
unless a specific statement to the contrary is included in this message.

While this communication may be used to promote or market a transaction
or an idea that is discussed in the publication, it is intended to provide
general information about the subject matter covered and is provided with
the understanding that The Principal is not rendering legal, accounting,
or tax advice. It is not a marketed opinion and may not be used to avoid
penalties under the Internal Revenue Code. You should consult with
appropriate counsel or other advisors on all matters pertaining to legal,
tax, or accounting obligations and requirements.

************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
Follow ThinList on Twitter
http://twitter.com/thinlist
Thin List discussion is now available in blog format at:
http://thinmaillist.blogspot.com
Thinlist MOBILE Feed
http://thinlist.net/mobile
************************************************

No comments: