Home

 

Configure the AJAX proxy


Overview

By default, the IBM Lotus Connections AJAX proxy is configured to allow cookies, headers or mime.types, and all HTTP actions to be exchanged among the Lotus Connections features. However, from any non-Lotus Connections service, it only allows HTTP GET requests and it prevents all cookies or headers from being directed to the features. To change the traffic that is allowed from other services, explicitly configure it.

This task is not required. Only perform it if you want to allow an external service to do more than retrieve information from the Lotus Connections features.

Rules about which HTTP requests, headers, and cookies are allowed to be redirected to the Lotus Connections features are defined in...

When a Lotus Connections server is started, it reads information about the features from...

..and, based on the rules defined in proxy-config.tpl, configures the proxy to be used by any Web browsers or other servers that send requests to Lotus Connections. For example, if you want to allow one feature, such as Home page, to proxy a widget, but not allow any of the other features to proxy it, create a feature-specific version of proxy-config.tpl and edit that. See Configuring the AJAX proxy for a specific feature for more details.

The Search feature provides a Search-specific Ajax proxy configuration file called...

It is not created from proxy-config.tpl at runtime. See Configuring the Ajax proxy for Search for more details.


Configure the AJAX proxy

  1. Access the common AJAX proxy configuration template file:

    1. Open a command-line window, start the wsadmin tool, and then use the following commands to check out the proxy configuration file:

    2. Network deployments:

        execfile("WAS_HOME/profiles/Dmgr01/config/bin_lc_admin/
         connectionsConfig.py")
        

    3. Check out the configuration file...

        LCConfigService.checkOutProxyConfig("<temp_directory>",
         "cell_name")
        

      where <temp_directory> is a temporary of your choice, and cell_name is the name of the cell where the Lotus Connections feature that uses the global proxy template file is located.

  2. Edit proxy-config.tpl

  3. To explicitly refuse all traffic from a specific site...

      <proxy:policy url="malicious.site.com" acf="none">
          <proxy:actions/>
          <proxy:headers/>
          <proxy:cookies/>
      </proxy:policy>
      

  4. To allow a particular service on your network to display a custom widget...

      <proxy:policy url="http://my.network.com/widget/*" acf="none">
          <proxy:actions>
              <proxy:method>GET</proxy:method>
          </proxy:actions>
          <proxy:headers>
            <proxy:header>User-Agent</proxy:header>
            <proxy:header>Accept.*</proxy:header>
            <proxy:header>Content.*</proxy:header>
            <proxy:header>Authorization.*</proxy:header>
            <proxy:header>If-.*</proxy:header>
            <proxy:header>Pragma</proxy:header>
            <proxy:header>Cache-Control</proxy:header>
          </proxy:headers>
          <proxy:cookies>
              <proxy:cookie>JSESSIONID</proxy:cookie>
          </proxy:cookies>
      </proxy:policy>
      

  5. If a service requires authentication, you can configure it to also allow basic authentication requests by adding a basic-auth-support="true" attribute to the <proxy:policy> element. For example:

      <proxy:policy url="http://my.network.com/service/*" 
                    acf="none" 
                    basic-auth-support="true">
                    ...
      </proxy:policy>
      

    If this attribute is not added, when an unauthenticated request is sent to a service that requires authentication, the service does not display the basic authentication dialog, but returns an HTTP 403 status code instead.

  6. To allow a particular service to run on your network and to pass cookies for LTPA tokens to the features:

      <proxy:policy url="http://my.network.com/service/*" acf="none">
          <proxy:actions>
              <proxy:method>GET</proxy:method>
          </proxy:actions>
          <proxy:headers>
            <proxy:header>User-Agent</proxy:header>
            <proxy:header>Accept.*</proxy:header>
            <proxy:header>Content.*</proxy:header>
            <proxy:header>Authorization.*</proxy:header>
            <proxy:header>If-.*</proxy:header>
            <proxy:header>Pragma</proxy:header>
            <proxy:header>Cache-Control</proxy:header>
          </proxy:headers>
          <proxy:cookies>
            <proxy:cookie>JSESSIONID</proxy:cookie>
            <proxy:cookie>LtpaToken</proxy:cookie>
            <proxy:cookie>LtpaToken2</proxy:cookie>
          </proxy:cookies>
      </proxy:policy>
      

    Specify the headers using regular expressions.

  7. Add any new policy blocks before the default policy setting in the template file. The default policy setting serves as a catch-all for all other requests and looks like this:

      <proxy:policy url="*" acf="none"> 
          <proxy:actions>
            <proxy:method>GET</proxy:method>
          </proxy:actions>
          <proxy:headers/>
          <proxy:cookies/>
      </proxy:policy>
      

    By default, it allows all services to send GET requests to the Lotus Connections features, and it prevents all cookies or headers from being directed to the features.

  8. Specify values for the following proxy configuration properties:

      circular_redirects Specifies that circular redirects are allowed. This property accepts a Boolean value of true or false specified in lower-case letters. If set to true, it supports using a proxy for a site that redirects to the same URL but with different parameters. Such a change is not recognized as a new URL. The default value of this property is true.
      connection-timeout Amount of time before an attempt to connect to a host times out. Specified in milliseconds, the default value of this property is 60,000, which is 1 minute.
      max_circular_redirects Maximum number of times a circular redirect is allowed before the proxy rejects it. Specified as an integer, the default value of this property is 100.
      maxconnectionsperhost Maximum number of simultaneous connections between the proxy and a given host. Specified as an integer, the default value of this property is 20.
      maxtotalconnections Maximum number of simultaneous connections between the proxy and all of the hosts together. Specified as an integer, the default value of this property is 50.
      socket-timeout Amount of time before an attempt to use a socket times out. Specified in milliseconds, the default value of this property is 60,000, which is 1 minute.
      unsigned_ssl_certificate_support Specifies that self-signed SSL certificates are supported. This property accepts a Boolean value of true or false specified in lower-case letters. The default value of this property is true. Change it to false when the system is ready for production.

  9. Save and close the file.

  10. Check proxy-config.tpl in during the same session in which you checked it out...

      LCConfigService.checkInProxyConfig("<temp_directory>", "cell_name")

    where <temp_directory> is the temporary to which you checked out the configuration files, and cell_name is the name of the cell where the feature that uses the common proxy-config.tpl file is located.

  11. Restart the application server hosting Lotus Connections.

 

Related tasks

Security
Supporting Lotus Quickr authenticated feeds
Define trusted and nontrusted Web sites for Communities
Define trusted and nontrusted Web sites for the Home page
Define trusted and nontrusted Web sites for Profiles

+

Search Tips   |   Advanced Search