Topic
8 replies Latest Post - ‏2013-07-01T13:04:19Z by isc-hoa
maxbenDA
maxbenDA
10 Posts
ACCEPTED ANSWER

Pinned topic DataPower and proxy policy

‏2013-05-03T15:34:07Z |

Hi,

I'm trying to connect XML Firewal to a dynamic backend through a Squid Proxy.

I created a new xml manager & user agent to use the proxy policy but it doesn't work :

 

show useragent DFJ.USER.AGENT :

Active User-Agent policies:

identifier ""

max-redirects 8

timeout 300

proxy

url matching expression tai.dev.usa   ( i tried *, .*, (.*), ...)

Remote Address 103.207.1.1

Remote Port 50000

 

in the transaction log : xmlmgr (DFJ.XML.MANAGER) DNS callback cannot resolve host tai.dev.usa : returning error

and i've got no traces in squid log or packet capture.

But it works from curl :

curl --proxy 193.207.1.1:50000 http://tai.dev.usa:9080/foo/bar

 

Ideas ?

 

Thanks for your help

Max

  • isc-hoa
    isc-hoa
    10 Posts
    ACCEPTED ANSWER

    Re: DataPower and proxy policy

    ‏2013-06-27T08:01:38Z  in response to maxbenDA

    Hi all

    I'm facing the same problem:

    My XML Firewall config has an XML-Manager witch contains an User Agent defing a Proxy Policy.

    I tried several URL Matching Expressions (exact URL, * , .* .*) but non of these patterns worked.

    Is it possible to use an outgoing http proxy with a XML-Firewall?

    Thanks for your help!

    Regards

    André

  • HermannSW
    HermannSW
    3144 Posts
    ACCEPTED ANSWER

    Re: DataPower and proxy policy

    ‏2013-06-27T09:43:57Z  in response to maxbenDA

    >  in the transaction log : xmlmgr (DFJ.XML.MANAGER) DNS callback cannot resolve host tai.dev.usa : returning error
    >

    this sounds like "Network->Interface->DNS Settings" in default domain, and there "DNS Servers" tab has not been setup correctly.

    Correct setup can be easily verified by "Control Panel->Troubleshooting->Ping Remote".


    Hermann<myXsltBlog/> <myXsltTweets/> <myCE/>

    • isc-hoa
      isc-hoa
      10 Posts
      ACCEPTED ANSWER

      Re: DataPower and proxy policy

      ‏2013-06-27T11:06:46Z  in response to HermannSW

      Hi Hermann

      This is not a DNS-Problem: In my case, the name of the backend-server can be resolved, but datapower can not connect directly to the backend, because datapower is in an intranet-zone while the backend is in an external network. That's why I have to  to use our corporate-proxy for outgoing traffic.

      I setup a "proxy policy" as descriped above, but my request does not consider this proxy policy. I set up a network-sniffer but can not see a HTTP CONNECT

      BTW: If I'm setting the URL Matching Pattern to "*", The probe is no longer working, and on the proxy I can see connections for "http://127.0.0.1" from datapower. Looks like the internal probe mechanism is considering the proxy policy and therefore tries to connect even to localhost via this proxy.

      Is there an other way to force a outgoing business call to use a proxy-server?

      Thanks for your help!

      Regards

      André

      • maxbenDA
        maxbenDA
        10 Posts
        ACCEPTED ANSWER

        Re: DataPower and proxy policy

        ‏2013-07-01T12:31:10Z  in response to isc-hoa

        Hi André,

        the proxy policy seems works only for the web application firewall service. doesn't work with XMLFW and MPGW.

        I hope that will help you.

        Regards.

        Max

         

         

        • isc-hoa
          isc-hoa
          10 Posts
          ACCEPTED ANSWER

          Re: DataPower and proxy policy

          ‏2013-07-01T12:50:59Z  in response to maxbenDA

          Hi Max

          Did you find another way than "Proxy Policy" to use a proxy with XMLFW or MPGW?

          I just opened a PMR. I will post the answer as soon as I get one.

          Regards

          André

           

           

          • maxbenDA
            maxbenDA
            10 Posts
            ACCEPTED ANSWER

            Re: DataPower and proxy policy

            ‏2013-07-01T12:57:24Z  in response to isc-hoa

            no other solutions for the moment, I planned to open PMR, but i will wait yours ;)

            • isc-hoa
              isc-hoa
              10 Posts
              ACCEPTED ANSWER

              Re: DataPower and proxy policy

              ‏2013-07-01T13:04:19Z  in response to maxbenDA

              Answer from IBM:

              The TechNote "How to configure a service to connect to the backend via a proxy server?" at http://www-01.ibm.com/support/docview.wss?uid=swg21596968 states in its last line:"In case you are using an XML Firewall service, the proxy server setup is made at the service level, via its HTTP Options tab instead of the user agent object."

              The HTTP Options tab can be accessed in the WebGUI via "Control Panel -> Objects -> Service Configuration -> XML Firewall Service -> <Name of XML Firewall> -> HTTP Options".

              Under the HTTP Options Tab, there are two input fields for "Proxy Host" and "Proxy Port"."

               

               

              Updated on 2013-07-02T09:22:38Z at 2013-07-02T09:22:38Z by isc-hoa
    • maxbenDA
      maxbenDA
      10 Posts
      ACCEPTED ANSWER

      Re: DataPower and proxy policy

      ‏2013-07-01T12:37:18Z  in response to HermannSW

      I'm trying to use the proxy as an intermediary. My datapower is not in the same subnet and can't ping the remote server.