Home

 

Restricting proxy access

If your organization has an Internet proxy installed to restrict access to external Web sites, you can configure a proxy to query users for authentication and then allow them access to external feeds.


Many organizations have Internet proxies installed to restrict access from the intranet to external Web sites. Although this does not affect the general functionality of Lotus Connections, features that rely on client-side feed consumption – such as the Feeds page in Communities – are affected by this restriction. This means that users cannot view feeds without authenticating, which may or may not be configured for certain feed sites. You can add a rewrite rule in the Web server to circumvent the proxy provided internally with Communities, and instead use the Internet proxy that is part of your own deployment topology.

To configure a proxy for use with Communities...

  1. Using a text editor, open the httpd.conf file from one of the following directories:

    • AIX

      /usr/IBM/HTTPServer/conf

    • Linux

      /opt/IBM/HTTPServer/conf

    • Microsoft Windows

      C:\IBM\HTTPServer\conf

  2. Add the following rewrite rule to the file to support http (and https, if required) in the corresponding location:

      RewriteRule ^/communities/ajaxProxy/http/(.*)$ http://$1 [L,R] RewriteRule ^/communities/ajaxProxy/https/(.*)$ https://$1 [L,R]
      

    For example:

      LoadModule  acme_ssl_module   modules/mod_acme_ssl.so
      <IfModule mod_acme_ssl.c> Listen 0.0.0.0:443
      <VirtualHost  *:443> ServerName  soln2.servername.acme.com
      #DocumentRoot C:\IBM\HTTPServer\htdocs
      SSLEnable
      <IfModule mod_rewrite.c>
      	RewriteEngine on
      	RewriteMap unescape-chars int:unescape	
      	RewriteRule ^/communities/ajaxProxy/https/(.*)$ https://$1 [L,R] 
      </IfModule>
      </VirtualHost>
      </IfModule>
      SSLDisable
      <IfModule mod_rewrite.c>
      	RewriteEngine on
      	RewriteMap unescape-chars int:unescape
      	RewriteRule ^/communities/ajaxProxy/http/(.*)$ http://$1 [L,R] 
      </IfModule>
      

  3. Save and close the file.

  4. Restart the IBM HTTP Server.

If the corporate proxy requires authentication, the browser might display a pop-up window asking for basic authentication. In addition, after authenticating, Microsoft Internet Explorer might display cross-site scripting warnings.


Securing proxy access


+

Search Tips   |   Advanced Search