(v12.0.9111.30500 started 2024-12-11 16:09:49 on VM2)
Keyword PRX ... Forward and reverse Proxy Support:
Forward Proxy (see schema): - The field DestinationIP in the routing table contains a list of groups with allowed nodes (proxy filters), e.g. -- www.aon.at!80,*.xyz.com,10.0.1.10/24 - CONNECT phrase (for https tunneling) and http requests are implemented. - Can be used by remote Application Gateways using the keyword CONNECT to implement source level routing. - For man-in-the-middle support see keyword MIM.
Reverse Proxy (see schema): - The names of the groups listed in the field DestinationIP in the routing table must start with "X_". - The http requests of the clients must contain the http header "Host: host". - host is mapped to the destination node using the specified groups. - The groups consist of a list of entries separated by "," - Each entry consists of "host>destination" to map the requested host to the destination, e.g. - www.xyz.com>abc.xyz.com,store.xyz.com>10.10.1.1,195.1.1.1>10.1.1.1 - if non-standard ports (not http port 80 and not https port 443) are used, the ports must be specified, e.g. -- www.xyz.com:88>abc.xyz.com:90 - as some browsers transmit the port number also for standard ports, specify both formats or use wildcards e.g. -- www.xyz.com>abc.xyz.com:90,www.xyz.com:80>abc.xyz.com:90 -- www.xyz.com*>abc.xyz.com:90 - wildcards may be used, e.g. -- a*.xyz.com>10.1.1.1:90,*>10.1.1.1:91
- Additionally local rules where SourceIP is "incoming" can be addressed, use - "host>local:RuleID" ,e.g. "abc.xyz.com>local:R1"
- This works also with SSL/TLS: In this case the server certificate must contain all DNS names (e.g. a wildcard certificate). - The Reverse Proxy feature can be combined with OTP/TOTP.
Remark: All group table entries must be lowercase!
Keyword for reverse proxy (optional): RDRX:filename[|fill] ... sends file (must be html coded) if reverse proxy destination could not be mapped, the string %Error% will be replaced by an error message. The optional fill string will be inserted into the echoed data. If filenname is not specified the default template will be used.
