Inwards Forwarding for HTTP Requests
In order to send data to a profile via HTTP/HTTPS, a dedicated URL needs to be used. The schematic structure of the URL is:
|
http(s)://<URL_or_IP_server_and_port>/<URL context>/<URL suffix> |
Incoming HTTP requests are handled by the Integration Server on the DMZ server. By default, the DMZ server reacts to HTTP requests whose URL path begins with the URL context /forward. This default can be overridden in file ./etc/startup_dmz.xml using the parameters servletContext and servletPath (see table in section Parameters).
In the following, we assume that the standard is used, so servletContext and servletPath are not defined. In this case, servletContext=/forward and servletPath=/* are used.
In addition to the context /forward, configuration in ./etc/startup_dmz.xml can also be used to allow further HTTP paths to be forwarded inwards.
|
URL Context |
Condition 1 |
Condition 2 |
Recommended Forwarding Rule in ./etc/forward.properties |
|
/dw/Request |
addStandardServlet=true |
|
/dw/Request/*=http://<inner>/dw/Request |
|
/dw/trigger |
addStandardServlet=true |
|
/dw/trigger/*=http://<inner>/dw/trigger |
|
/dw/request |
addStandardServlet=true |
|
/dw/request/*=http://<inner>/dw/Request |
|
/dw/Trigger |
addStandardServlet=true |
|
/dw/Trigger/*=http://<inner>/dw/trigger |
|
/partner |
addStandardServlet=true |
handleAS2=false |
/partner/AS2Retrieve/*=http://<inner>/partner/AS2Retrieve |
|
/forward |
<always> |
|
|
In the table, <inner> is the IP address or the DNS name of the inner Lobster_data, and possibly the port number. If the HTTPS connector is active on this system, forwarding can also take place via HTTPS. Since the connection from the DMZ server to the internal Lobster_data takes place in a protected network part, however, a further encryption via HTTPS is normally not necessary.
If the DMZ server has multiple connectors (port 80, 443, and so on) within ./etc/hub.xml, all requests that arrive via one of the connectors and correspond to a forward rule are routed according to the rule. On the target system <inner>, it is no longer possible to distinguish whether the original request used the HTTP or HTTPS protocol.
These paths (table) can be used additionally and independently of the path /forward if the specified conditions in the configuration (./etc/startup_dmz.xml) are fulfilled. The path /partner/* is not taken over from the HttpForwardServlet for /partner/*, but from the AS2Service on the DMZ server. See also section AS2 on DMZ Server.
The forwarding does not take effect until a corresponding forwarding rule exists for the path or a subpath. In the forwarding rule, it is not necessary to forward the entire context, you can also specify individual subpaths. This way, you can control whether all profiles with HTTP Input Agents can receive data via HTTP upload via the DMZ server, or only individually selected profiles. A forwarding rule whose left part does not match one of the specified paths is not effective. In the following, the forwarding rules are explained in more detail using the context /forward.
Forwarding Rules (file ./etc/forward.properties)
Now you have to define if and where the incoming HTTP requests are forwarded to. For example, requests for a Lobster_data profile are forwarded to the inner server. This is defined in the file ./etc/forward.properties.
Each line of this file represents an independent rule. The left side (source context), to the left of the equals sign, must be unique. A rule only works if there is an active HttpForwardServlet for the source context (see table above).
.../forward/*=http://www.google.de/forward/images/*=http://www.google.de/images/forward/intl/de_de/images/*=http://www.google.de/intl/de_de/images/forward/E/*=http://www.lobster.de...#Forward to inner Lobster_ data/forward/example/*=http://192.168.213.80/dw/Request/urlsuffix/example...Note: Changes to the file ./etc/forward.properties are recognised during runtime and are reevaluated. A restart is not necessary. For diagnostic purposes, the HTTP request log and the server log can be evaluated under ./logs. Caution: The times in the request log are in the time zone UTC, the times in the server log are in the system time zone.
The following table shows examples where incoming HTTP requests are forwarded to using the demonstrated configuration.
|
Incoming HTTP Request |
Forwarded HTTP Request |
|
http://www.xyz.com/forward/example |
http://www.google.de/example |
|
http://www.xyz.com/forward/images/example.jpg |
http://www.google.de/images/example.jpg |
|
http://www.xyz.com/forward/intl/de_de/images/example.jpg |
http://www.google.de/intl/de_de/images/example.jpg |
|
http://www.xyz.com/forward/E/index.html |
http://www.lobster.de/index.html |
|
http://www.xyz.com/forward/example/file.txt |
http://192.168.213.80/dw/Request/urlsuffix/example/file.txt |
|
http://www.xyz.com/noforward/ |
No forwarding. |
Note: In order to use URL paths with Lobster_data standard contexts
to trigger a profile (default context /dw/trigger/)
for an HTTP request (default context /dw/Request/)
for an AS2 reception (default context /partner/AS2Retrieve/)
, you can set up the CommunicationForwardManager using the entry addStandardServlets in file ./etc/startup_dmz.xml (see section Parameters for Class 'CommunicationForwardManager'). See the following listing .
<Call name="addApplication"> <Arg> <New class="com.ebd.hub.datawizard.app.CommunicationForwardManager">... <!-- Add /dw/Trigger, /dw/Request (also in lowercase) and /partner servlets on demand --> <Call name="addStandardServlets"><Arg type="boolean">True</Arg></Call>... </New> </Arg></Call>For internal forwarding, the file ./etc/forward.properties could then contain the following, for example.
/dw/Request/*=http://<inner_server_and_port>/dw/RequestNote: It is possible to tunnel HTTP(S) requests via the MessageService. To do so, insert the following option into configuration file ./etc/startup_dmz.xml on the DMZ server . The configuration file ./etc/forward.properties must also be adjusted (as described above) in this case.
<Set name="tunnelHttp">true</Set>Note: The HttpForwardServlet is also used in HTTP or HTTPS Response Routes of a profile to send via DMZ. This is independent of the configuration described here.