ProxyManagement

Use the Jython or Jacl scripting languages to manage proxy configurations. Use the commands and parameters in the ProxyManagement group to configure proxy servers for Web modules.

The ProxyManagement includes the following commands:

• createWebModuleProxyConfig
• deleteWebModuleProxyConfig
• getServerSecurityLevel
• setServerSecurityLevel

 

createWebModuleProxyConfig

The createWebModuleProxyConfig command creates a proxy server configuration for a Web module.

Target object

Specify the deployment object that represents the application for which the system creates the Web module proxy configuration.

Required parameters

-deployedObjectProxyConfigName

Name of the Web module of interest. (String)

Optional parameters

-enableProxy

Specifies whether the system enables the proxy server. Specify true to enable the proxy server. (Boolean)

-transportProtocol

Protocol that the proxy server uses to communicate with the Web module. The valid values are HTTP, HTTPS, and ClientProtocol. (String)

Examples...

Batch mode example usage:

• Jacl...

  $AdminTask createWebModuleProxyConfig myApplication {-deployedObjectProxyConfigName 
   MyWebModule -enableProxy true -transportProtocol HTTPS}
  

• Use Jython string:

  AdminTask.createWebModuleProxyConfig('myApplication', '[-deployedObjectProxyConfigName 
   MyWebModule -enableProxy true -transportProtocol HTTPS]')
  

• Use Jython list:

  AdminTask.createWebModuleProxyConfig(myApplication, ['-deployedObjectProxyConfigName', 
   'MyWebModule', '-enableProxy', 'true', '-transportProtocol', 'HTTPS'])
  

Interactive mode example usage:

• Jacl...

  $AdminTask createWebModuleProxyConfig {-interactive}
  

• Jython...

  AdminTask.createWebModuleProxyConfig('-interactive')
  

 

deleteWebModuleProxyConfig

The deleteWebModuleProxyConfig command removes the proxy server configuration for a Web module.

Target object

Specify the deployment object that represents the application from which the system deletes the Web module proxy configuration.

Required parameters

-deployedObjectProxyConfigName

Name of the Web module of interest. (String)

Optional parameters None

Sample output...

The command does not return output.

Examples...

Batch mode example usage:

• Jacl...

  $AdminTask deleteWebModuleProxyConfig myApplication {-deployedObjectProxyConfigName 
   MyWebModule}
  

• Use Jython string:

  AdminTask.deleteWebModuleProxyConfig('myApplication', '[-deployedObjectProxyConfigName 
   MyWebModule]')
  

• Use Jython list:

  AdminTask.deleteWebModuleProxyConfig(myApplication, ['-deployedObjectProxyConfigName', 
   'MyWebModule'])
  

Interactive mode example usage:

• Jacl...

  $AdminTask deleteWebModuleProxyConfig {-interactive}
  

• Jython...

  AdminTask.deleteWebModuleProxyConfig('-interactive')
  

 

getServerSecurityLevel

The getServerSecurityLevel command displays the current security level of the secure proxy server.

Target object

Specify the configuration ID of the secure proxy server of interest.

Optional parameters

-proxyDetailsFormat

Format of the details to display about the security level of the proxy server. Specify levels to display details as a security level for each setting. Specify values to display details as the actual setting for each proxy server. (String)

Sample output...

The command returns the security level of the secure proxy server. If specify the optional parameter, the command displays additional information about the security level of the server of interest.

Examples...

Batch mode example usage:

• Jacl...

  $AdminTask getServerSecurityLevel myProxyServer {-proxyDetailsFormat levels}
  

• Use Jython string:

  AdminTask.getServerSecurityLevel('myProxyServer', '[-proxyDetailsFormat 
   levels]')
  

• Use Jython list:

  AdminTask.getServerSecurityLevel(myProxyServer, ['-proxyDetailsFormat', 
   'levels'])
  

Interactive mode example usage:

• Jacl...

  $AdminTask getServerSecurityLevel {-interactive}
  

• Jython...

  AdminTask.getServerSecurityLevel('-interactive')
  

 

setServerSecurityLevel

The setServerSecurityLevel command modifies the server security level for a secure proxy server.

Target object

Specify the configuration ID of the secure proxy server of interest.

Optional parameters

-proxySecurityLevel

Level of security to apply to the proxy server. Valid values include High, Medium, and Low. (String)We can also use this parameter to specify custom security settings by specifying the security setting ID and value, as defined in the following table:

Table 1. Security settings for the secure proxy server

ID	Description	Valid values
administration	Sets the administration security setting.	Specify local to allow local administration. Specify remote to allow remote administration.
routing	Sets the routing security setting. Using static routing specifies routing is performed through a flat configuration file using routing precedence that is inherent to the ordering of the directives. Requests can also be routed dynamically through a best match mechanism that determines the installed application or routing rule that corresponds to a specific request.	Specify static to use static routing, or specify dynamic to use dynamic routing.
startupPermissions	Sets the startup permissions. The overall security level of the secured proxy server can be hardened by reverting the server process to run as an unprivileged user after startup. Although the secured proxy server must be started as a privileged user, changing the server process to run as an unprivileged user provides additional protection for local operating resources.	Specify unprivileged to run the server process as an unprivileged user, or specify privileged to run the server process as a privileged user.
errorPageHandling	Sets the error page handling. We can define a custom error page for each error code or a group of error codes on errors generated by the proxy server or the appserver. This is done using HTTP status codes in responses to generate uniform customized error pages for the application. For security reasons, we can verify the error pages are read from the local file system instead of being forwarded to a custom remote application.	Specify local to read error pages from the local file system, or specify remote to allow the system to read error pages from remote applications.

Sample output...

The command does not return output.

Examples...

Batch mode example usage:

• Jacl...

  $AdminTask setServerSecurityLevel proxyServerID {-proxySecurityLevel 
   administration=local;routing=static;startupPermissions=unprivileged ;errorPageHandling=local}
  

• Use Jython string:

  AdminTask.setServerSecurityLevel('proxyServerID', '[-proxySecurityLevel 
   administration=local;routing=static;startupPermissions=unprivileged ;errorPageHandling=local]'))
  

• Use Jython list:

  AdminTask.setServerSecurityLevel(proxyServerID, ['-proxySecurityLevel', 
   'administration=local;routing=static;startupPermissions=unprivileged ;errorPageHandling=local'])
  

Interactive mode example usage:

• Jacl...

  $AdminTask setServerSecurityLevel {-interactive}
  

• Jython...

  AdminTask.setServerSecurityLevel('-interactive')
  

---

Related concepts

DMZ Secure Proxy Server for IBM WAS administration options
DMZ Secure Proxy Server for IBM WAS routing considerations
DMZ Secure Proxy Server for IBM WAS start up user permissions
Error handling security considerations for the DMZ Secure Proxy Server for IBM WAS

 

Related tasks

Use AdminTask for scripted administration
Set secure routing for a DMZ Secure Proxy Server for IBM WAS

 

Related

ServerManagement
Commands for AdminTask