How to Configure an Apache Reverse Proxy Server

You can configure an Apache web server to function as a reverse proxy server with any agent. The following process lists the steps for configuring an Apache reverse proxy server:
sm1252sp1
You can configure an Apache web server to function as a reverse proxy server with any
CA Single Sign-On
agent. The following process lists the steps for configuring an Apache reverse proxy server:
Update the Apache Web Server Configuration File
Update the configuration file of Apache web server to make the Apache web server function as a reverse proxy server with a
CA Single Sign-On
agent.
Follow these steps:
  1. Open the httpd.conf file available at the following location:
    /etc/httpd/conf/httpd.conf
  2. Add the following directives to the httpd.conf file:
    ProxyPass
    Allows mapping of remote servers to the local server. The values in this directive use the format 
    /local_virtual_pathpartial_URL_of_remote_server
    . Example:
    ProxyPass /realma/ http://server.example.org/realma/
    ProxyPassReverse
    Allows adjustment of the location header by the Apache server on HTTP redirect responses. The values in this directive use the following format 
    /local_virtual_pathpartial_URL_of_remote_server
    . Example:
    ProxyPassReverse /realma/ http://server.example.org/realma/
  3. For the Apache web server, add the following ProxyPass settings to the configuration file.
    # SiteMinder Administrative UI
    <Location "/iam/siteminder/">
       <IfModule proxy_module>
          ProxyPass http://
    hostname:port
    /iam/siteminder/
          ProxyPassReverse http://
    hostname:port
    /iam/siteminder/
       </IfModule>
    # Alternate unavailable page
      ErrorDocument 503 /siteminderagent/adminui/HTTP_SERVICE_UNAVAILABLE.html
    </Location>
    # CA Styles r5.1.1
    <Location "/castylesr5.1.1/">
       <IfModule proxy_module>
          ProxyPass http://
    hostname:port
    /castylesr5.1.1/
          ProxyPassReverse http://
    hostname:port
    /castylesr5.1.1/
       </IfModule>
    </Location>
    hostname:port
    refers to the host and port of the application server running the Administrative UI.
  4. Uncomment the following line in the configuration file.
    LoadModule proxy_module modules/mod_proxy.so
  5. Save and close the configuration file.
  6. Restart the Apache web server.
Update the Agent Configuration Parameters for an Agent
For Apache-based servers behind the Apache reverse proxy server, update the following agent configuration parameters.
Follow these steps:
  1. Set the
    ProxyAgent 
    parameter to yes. This parameter specifies if a Web Agent is acting as a reverse proxy agent. The default is No.
    When the value of this parameter is yes, the CA Single Sign-On agent on the front-end server preserves the original URL that the user requested in the SM_PROXYREQUEST HTTP header. This header is created whenever protected and unprotected resources are requested. The back-end server can read this header to obtain information about the original URL.
  2. Set the
    ProxyTimeout 
    parameter. This parameter specifies the number of seconds the reverse proxy server waits for the agent that is deployed behind it to respond to a request. The default value is 120 seconds.
  3. (Optional) Set the
    ProxyTrust
     parameter. This parameter instructs the agent on a destination server to trust authorizations received from a CA SSO agent on a proxy server. A destination server is a server that is behind a reverse proxy server. 
    Setting this value to yes increases efficiency because only the agent on the proxy server contacts the Policy Server for authorization. The agent operating on the destination server does 
    not 
    contact the Policy Server again to reauthorize users. The default value is No.
  4. Edit the
    BadURLChars
    parameter by removing all occurrences of the percent character (
    %
    )  from the list:
  5. Set the
    httpsports
    parameter to indicate to the Apache server which port is set up for SSL.
  6. Restart the Apache web server.