Scenario 1: Remote virtual host junctions

Understand the required configuration steps to set up junction support for two remote virtual hosts on a single server is implemented.

The following scenario sets up junction support for two remote virtual hosts on a single back-end server. Refer to the accompanying diagram as you proceed through the steps.

Required architecture:

• By default, the WebSEAL configuration file is set to support all IP addresses:
  [server]
  network-interface = 0.0.0.0

  For this virtual host scenario, WebSEAL (webseal.ibm.com) is configured to use a specific network address:

  [server]
  network-interface = 9.0.0.3

• WebSEAL servers that are protecting two virtual hosts on one back-end junctioned server:
  • Virtual host a.b.com (on server cruz1.ibm.com)
  • Virtual host x.y.com (on server cruz1.ibm.com)

• Direct access to the protected junctioned server (cruz1.ibm.com) is prevented by appropriate firewall protection. The user is not aware of this blocked access. The external DNS used by the browser to look up the virtual host names are configured to point to WebSEAL at IP address 9.0.0.3.

  External DNS
  a.b.com	9.0.0.3
  x.y.com	9.0.0.3

• Virtual host a.b.com accepts HTTP access only.
• Virtual host x.y.com accepts secure HTTPS access.

Procedure:

1. The following pdadmin command creates a virtual host junction named (labeled) vhost-ab-http that responds to the Host: a.b.com header in TCP (HTTP) requests to WebSEAL:
   >pdadmin> server task default-webseald-webseal.ibm.com virtualhost create -t tcp -h cruz1.ibm.com -v a.b.com vhost-ab-http

2. The following command creates a virtual host junction named (labeled) vhost-xy-https that responds to the Host: x.y.com header in SSL (HTTPS) requests to WebSEAL:
   pdadmin> server task default-webseald-webseal.ibm.com virtualhost create -t ssl -h cruz1.ibm.com -v x.y.com vhost-xy-https

3. The client user clicks the following (example) link on an HTML page:
   >http://a.b.com/doc/readme.txt

   The (example) request for this resource appears as follows:

   GET /doc/readme.txt HTTP/1.1
   Host: a.b.com
   User-Agent: Mozilla 4.0 (X; I; Linux-2.0.35i586)
   Accept: image/gif, image/jpeg, */*
   

   DNS determines that communication to the requested server (a.b.com) is routed to the WebSEAL host (9.0.0.3).

   WebSEAL detects the Host header and routes the request across the junction for virtual host a.b.com, on the back-end server cruz1.ibm.com.

Parent topic: Virtual Hosting