IBM Security Verify

Hi All,
I have website url is pointing to the reverse proxy, I have created a virtual host junction for this website. But when you hit the url it gives Reverseproxy login page after authentication it is showing reverse proxy default page. How do i make sure it picking up the virtual host junction and reaching the respective application server.
Thanks.

------------------------------
Vasanthakumar Chandrasekaran
------------------------------

Hello,

There isn't really any special configuration you need to do.  If the incoming Host header matches the Virtual Host specified for the Virtual Host Junction then the request will be forwarded to that junction server.

If you are hitting WebSEAL on port other than default (443 for HTTPS) then this would need to be included in the Virtual Host <vh>:<port>

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------

Original Message:
Sent: Mon January 27, 2020 09:11 AM
From: Vasanthakumar Chandrasekaran
Subject: Virtual Host Junction not picking up in Webseal

Hi All,
I have website url is pointing to the reverse proxy, I have created a virtual host junction for this website. But when you hit the url it gives Reverseproxy login page after authentication it is showing reverse proxy default page. How do i make sure it picking up the virtual host junction and reaching the respective application server.
Thanks.

------------------------------
Vasanthakumar Chandrasekaran
------------------------------

Thanks Jon. I am also wondering the same it a simple virtualhost configuration but not directing to the application server. Question arises to me when it provides login page and after authentication it shows default webseal page, wondering why it is not picking up the virtual host junction though website name is https://abc.com and virtual host also i referred as abc.com so it can match with hostheaders of the request. Application server and ISAM all in internal network, Do i have to create a static route and enable match-vhj-first options? or any other options.

------------------------------
Vasanthakumar Chandrasekaran
------------------------------

Original Message:
Sent: Mon January 27, 2020 09:28 AM
From: Jon Harry
Subject: Virtual Host Junction not picking up in Webseal

Hello,

There isn't really any special configuration you need to do.  If the incoming Host header matches the Virtual Host specified for the Virtual Host Junction then the request will be forwarded to that junction server.

If you are hitting WebSEAL on port other than default (443 for HTTPS) then this would need to be included in the Virtual Host <vh>:<port>

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Mon January 27, 2020 09:11 AM
From: Vasanthakumar Chandrasekaran
Subject: Virtual Host Junction not picking up in Webseal

Hi All,
I have website url is pointing to the reverse proxy, I have created a virtual host junction for this website. But when you hit the url it gives Reverseproxy login page after authentication it is showing reverse proxy default page. How do i make sure it picking up the virtual host junction and reaching the respective application server.
Thanks.

------------------------------
Vasanthakumar Chandrasekaran
------------------------------

Hi Vasanthakumar,

Is the junction type SSL? If your virtual host junction is for HTTPS then this should be an SSL junction.

Static route should not be required.  match-vhj-first should not matter when you're requesting the root object of the junction /.

Final thought.  If Virtual Host Junction is https://abc.com, make sure that you see this URL in the browser at all stages.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------

Original Message:
Sent: Mon January 27, 2020 10:23 AM
From: Vasanthakumar Chandrasekaran
Subject: Virtual Host Junction not picking up in Webseal

Thanks Jon. I am also wondering the same it a simple virtualhost configuration but not directing to the application server. Question arises to me when it provides login page and after authentication it shows default webseal page, wondering why it is not picking up the virtual host junction though website name is https://abc.com and virtual host also i referred as abc.com so it can match with hostheaders of the request. Application server and ISAM all in internal network, Do i have to create a static route and enable match-vhj-first options? or any other options.

------------------------------
Vasanthakumar Chandrasekaran

Original Message:
Sent: Mon January 27, 2020 09:28 AM
From: Jon Harry
Subject: Virtual Host Junction not picking up in Webseal

Hello,

There isn't really any special configuration you need to do.  If the incoming Host header matches the Virtual Host specified for the Virtual Host Junction then the request will be forwarded to that junction server.

If you are hitting WebSEAL on port other than default (443 for HTTPS) then this would need to be included in the Virtual Host <vh>:<port>

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Mon January 27, 2020 09:11 AM
From: Vasanthakumar Chandrasekaran
Subject: Virtual Host Junction not picking up in Webseal

Hi All,
I have website url is pointing to the reverse proxy, I have created a virtual host junction for this website. But when you hit the url it gives Reverseproxy login page after authentication it is showing reverse proxy default page. How do i make sure it picking up the virtual host junction and reaching the respective application server.
Thanks.

------------------------------
Vasanthakumar Chandrasekaran
------------------------------

Hey Jon, I requested via http, http://abc.com i can see it picks up the virtualhost junction but occurs some server error 500 internal server error. I think it is reaching backend server now.

------------------------------
Vasanthakumar Chandrasekaran
------------------------------

Original Message:
Sent: Mon January 27, 2020 11:11 AM
From: Jon Harry
Subject: Virtual Host Junction not picking up in Webseal

Hi Vasanthakumar,

Is the junction type SSL? If your virtual host junction is for HTTPS then this should be an SSL junction.

Static route should not be required.  match-vhj-first should not matter when you're requesting the root object of the junction /.

Final thought.  If Virtual Host Junction is https://abc.com, make sure that you see this URL in the browser at all stages.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Mon January 27, 2020 10:23 AM
From: Vasanthakumar Chandrasekaran
Subject: Virtual Host Junction not picking up in Webseal

Thanks Jon. I am also wondering the same it a simple virtualhost configuration but not directing to the application server. Question arises to me when it provides login page and after authentication it shows default webseal page, wondering why it is not picking up the virtual host junction though website name is https://abc.com and virtual host also i referred as abc.com so it can match with hostheaders of the request. Application server and ISAM all in internal network, Do i have to create a static route and enable match-vhj-first options? or any other options.

------------------------------
Vasanthakumar Chandrasekaran

Original Message:
Sent: Mon January 27, 2020 09:28 AM
From: Jon Harry
Subject: Virtual Host Junction not picking up in Webseal

Hello,

There isn't really any special configuration you need to do.  If the incoming Host header matches the Virtual Host specified for the Virtual Host Junction then the request will be forwarded to that junction server.

If you are hitting WebSEAL on port other than default (443 for HTTPS) then this would need to be included in the Virtual Host <vh>:<port>

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Mon January 27, 2020 09:11 AM
From: Vasanthakumar Chandrasekaran
Subject: Virtual Host Junction not picking up in Webseal

Hi All,
I have website url is pointing to the reverse proxy, I have created a virtual host junction for this website. But when you hit the url it gives Reverseproxy login page after authentication it is showing reverse proxy default page. How do i make sure it picking up the virtual host junction and reaching the respective application server.
Thanks.

------------------------------
Vasanthakumar Chandrasekaran
------------------------------

HI

Is the 500 sent by backend or webseal?

did you change the junction to work on http (port 80)?

you need to take a snippet of pdweb.debug and review on how the redirection is happening 

make sure no other junction has same VHJ , <vhj:port> combination


https://www.ibm.com/support/pages/enabling-debug-and-snoop-trace-web-gateway-appliance

What is your current setting for : match-vhj-first










------------------------------
Tushar
Tushar
------------------------------

Original Message:
Sent: Mon January 27, 2020 12:44 PM
From: Vasanthakumar Chandrasekaran
Subject: Virtual Host Junction not picking up in Webseal

Hey Jon, I requested via http, http://abc.com i can see it picks up the virtualhost junction but occurs some server error 500 internal server error. I think it is reaching backend server now.

------------------------------
Vasanthakumar Chandrasekaran

Original Message:
Sent: Mon January 27, 2020 11:11 AM
From: Jon Harry
Subject: Virtual Host Junction not picking up in Webseal

Hi Vasanthakumar,

Is the junction type SSL? If your virtual host junction is for HTTPS then this should be an SSL junction.

Static route should not be required.  match-vhj-first should not matter when you're requesting the root object of the junction /.

Final thought.  If Virtual Host Junction is https://abc.com, make sure that you see this URL in the browser at all stages.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Mon January 27, 2020 10:23 AM
From: Vasanthakumar Chandrasekaran
Subject: Virtual Host Junction not picking up in Webseal

Thanks Jon. I am also wondering the same it a simple virtualhost configuration but not directing to the application server. Question arises to me when it provides login page and after authentication it shows default webseal page, wondering why it is not picking up the virtual host junction though website name is https://abc.com and virtual host also i referred as abc.com so it can match with hostheaders of the request. Application server and ISAM all in internal network, Do i have to create a static route and enable match-vhj-first options? or any other options.

------------------------------
Vasanthakumar Chandrasekaran

Original Message:
Sent: Mon January 27, 2020 09:28 AM
From: Jon Harry
Subject: Virtual Host Junction not picking up in Webseal

Hello,

There isn't really any special configuration you need to do.  If the incoming Host header matches the Virtual Host specified for the Virtual Host Junction then the request will be forwarded to that junction server.

If you are hitting WebSEAL on port other than default (443 for HTTPS) then this would need to be included in the Virtual Host <vh>:<port>

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Mon January 27, 2020 09:11 AM
From: Vasanthakumar Chandrasekaran
Subject: Virtual Host Junction not picking up in Webseal

Hi All,
I have website url is pointing to the reverse proxy, I have created a virtual host junction for this website. But when you hit the url it gives Reverseproxy login page after authentication it is showing reverse proxy default page. How do i make sure it picking up the virtual host junction and reaching the respective application server.
Thanks.

------------------------------
Vasanthakumar Chandrasekaran
------------------------------

Hey Tushar,
Yes, with http url it works for me now.
RP http is disabled, Virtual host has been created for application where backend application server communicates with 80 port only. Intially i thought only junction communication is 80, so till webseal we will use 443 after authentication let it use 80 for backend. I was wrong, when i have enabled http of webseal server and accessed with http url of the application it worked. Thanks.

------------------------------
Vasanthakumar Chandrasekaran
------------------------------

Original Message:
Sent: Wed January 29, 2020 12:19 AM
From: Tushar Prasad
Subject: Virtual Host Junction not picking up in Webseal

HI

Is the 500 sent by backend or webseal?

did you change the junction to work on http (port 80)?

you need to take a snippet of pdweb.debug and review on how the redirection is happening 

make sure no other junction has same VHJ , <vhj:port> combination


https://www.ibm.com/support/pages/enabling-debug-and-snoop-trace-web-gateway-appliance

What is your current setting for : match-vhj-first










------------------------------
Tushar
Tushar

Original Message:
Sent: Mon January 27, 2020 12:44 PM
From: Vasanthakumar Chandrasekaran
Subject: Virtual Host Junction not picking up in Webseal

Hey Jon, I requested via http, http://abc.com i can see it picks up the virtualhost junction but occurs some server error 500 internal server error. I think it is reaching backend server now.

------------------------------
Vasanthakumar Chandrasekaran

Original Message:
Sent: Mon January 27, 2020 11:11 AM
From: Jon Harry
Subject: Virtual Host Junction not picking up in Webseal

Hi Vasanthakumar,

Is the junction type SSL? If your virtual host junction is for HTTPS then this should be an SSL junction.

Static route should not be required.  match-vhj-first should not matter when you're requesting the root object of the junction /.

Final thought.  If Virtual Host Junction is https://abc.com, make sure that you see this URL in the browser at all stages.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Mon January 27, 2020 10:23 AM
From: Vasanthakumar Chandrasekaran
Subject: Virtual Host Junction not picking up in Webseal

Thanks Jon. I am also wondering the same it a simple virtualhost configuration but not directing to the application server. Question arises to me when it provides login page and after authentication it shows default webseal page, wondering why it is not picking up the virtual host junction though website name is https://abc.com and virtual host also i referred as abc.com so it can match with hostheaders of the request. Application server and ISAM all in internal network, Do i have to create a static route and enable match-vhj-first options? or any other options.

------------------------------
Vasanthakumar Chandrasekaran

Original Message:
Sent: Mon January 27, 2020 09:28 AM
From: Jon Harry
Subject: Virtual Host Junction not picking up in Webseal

Hello,

There isn't really any special configuration you need to do.  If the incoming Host header matches the Virtual Host specified for the Virtual Host Junction then the request will be forwarded to that junction server.

If you are hitting WebSEAL on port other than default (443 for HTTPS) then this would need to be included in the Virtual Host <vh>:<port>

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Mon January 27, 2020 09:11 AM
From: Vasanthakumar Chandrasekaran
Subject: Virtual Host Junction not picking up in Webseal

Hi All,
I have website url is pointing to the reverse proxy, I have created a virtual host junction for this website. But when you hit the url it gives Reverseproxy login page after authentication it is showing reverse proxy default page. How do i make sure it picking up the virtual host junction and reaching the respective application server.
Thanks.

------------------------------
Vasanthakumar Chandrasekaran
------------------------------