Table of Contents
Advertisement
Chapter 22: HTTP/HTTPS Proxy
A Ranger Gateway and one or more joined ZoneRangers can provide an HTTP/HTTPS proxy service,
enabling access to web servers located in firewall-partitioned networks, without requiring the firewall to
be configured to pass HTTP or HTTPS.
The following figure provides a high-level overview of an HTTP/HTTPS proxy transaction. Note that
the Management Application Server in this figure is acting as a web browser, and one or more managed
devices may act as web servers.
Figure 22-1. ZoneRanger HTTP/HTTPS
In addition to using HTTP/HTTPS proxy to communicate with managed devices, the HTTP and HTTPS
proxy services can also be used to access the ZoneRanger web interface for joined ZoneRangers.
While the ZoneRanger is able to proxy both HTTP and HTTPS protocols, HTTPS will typically be the
preferred protocol for most applications, because the HTTP protocol may exchange user ID and
password information over an unencrypted TCP connection, and therefore is less secure. As a result,
HTTPS proxy is enabled by default and HTTP is disabled by default for managed devices.
Web browsers can access HTTP and HTTPS Proxy services in a variety of ways, as described in the
following sections.
GVI/RGVI
When using GVI or RGVI, the web browser sends HTTP or HTTPS requests intended for a
managed device to the actual address of the target device, or an address that can be uniquely
mapped to the target device. The management application server is configured with static routing
rules, so that traffic destined for devices located in firewall-partitioned networks is routed to a
virtual interface, which then forwards the traffic to the Ranger Gateway.
When the Ranger Gateway receives the initial TCP connection request for an HTTP or HTTPS
session, it will check the Proxy Access Control configuration to verify that the request should be
allowed, and to identify the proxy service to which the request should be forwarded. The Ranger
Gateway will then consult the Proxy Map service in order to identify a ZoneRanger that is able to
relay the request to the target device. The request is then forwarded to the selected ZoneRanger,
which in turn, establishes a TCP connection to the target device. Once this TCP connection is
established, the ZoneRanger will inform the Ranger Gateway, and the Ranger Gateway will
complete the establishment of the initial TCP connection (i.e. the connection between the web
browser and the Ranger Gateway). From this point on, the Ranger Gateway and selected
ZoneRanger will relay HTTP or HTTPS data between the web browser's TCP connection to the
Ranger Gateway and the ZoneRanger's TCP connection to the target device, until one of the
connections is disconnected.
ZoneRanger 5.5 User's Guide
67
Hide quick links:
Advertisement
Table of Contents
