Reference13r1:Services/Reverse-Proxy
Jump to navigation
Jump to search
There are also other versions of this article available:
Reference12r1 | Reference13r1 (this version) | Reference13r2
See Reference13r1:Concept_Reverse_Proxy for General information
General Parameters
- H.323/TCP, H.323/TLS
- Ports for incoming H.323 TCP or TLS Connections. Use 1720 and 1300 for the standard ports.
- SIP/TCP, SIP/TLS
- Ports for incoming SIP TCP or TLS Connections. Use 5060 and 5061 for the standard ports.
- LDAP, LDAPs
- Ports for incoming LDAP TCP or TLS Connections. Use 389 and 636 for the Standard ports.
- HTTP, HTTPS
- Ports for incoming HTTP TCP or TLS Connections. Use 80 and 443 for the Standard ports.
- Log Forwarded Requests
- activate protocol dependent logging for successfully forwarded / accepted requests
- Log Rejected Requests
- activate protocol dependent logging for rejected / non-accepted requests
- Blacklist Expiration
- Time in minutes after which an entry put in the blacklist automatically, will be removed from the blacklist.
- Suspicious Requests/min
- Threshold to put an address into the blacklist
- Public NAT router address
- Required for SIP if RP is behind NAT. External SIP clients will receive this value in Route header of SIP messages. You can configure DNS name or IP address and port here.
If not configured, RP writes it's own local IP address and port into Route header of SIP messages. This works only if RP has a public local IP address.
Hosts
List of configured hosts. Click on the host Name to edit or delete. Use new to add new host
- Out
- Destination IP for this rule following by the plain text port
- TLS
- Port for encrypted traffic
- Check Certificate
- If the Check Certificate checkmark is set, for the internal connection TLS is used only if the received certificate matches the user name within the protocol. This way a host receiving a request through the Reverse Proxy using TLS can assume that the connection was authenticated using a valid certificate, which matches the user.
- App Login
- Experimental feature to allow access only if a myApps session has been previously authenticated.
- Default
- This rule will be used if only the Domain without a path or file in the URI was requested. The empty path is then replaced by the specified URL when the request is forwarded (e.g. an entry http://<host>/web/index.htm with the Default check-mark ticked will match only requests with no path and the request is forwarded with the path set to /web/index.htm')'.
- Network
- adddr:network to restrict a configured protocol to certain networks
Counter
Current top ten address with suspicious requests
Addresses
Blacklist/Whitelist addresses