[fi-rg] Web Services Firewall Issues
Leon Gommans
lgommans at science.uva.nl
Wed Feb 8 10:48:13 CST 2006
Hallo Frank,
Gian Luca and I are going through your usecase contribution and trying
to understand the issues
with mapping a internal to external EPR's using a SOAP proxy firewall.
Assuming HTTP is the protocol carrying SOAP messages:
Refering to our latest version of the document which was put on the list
is it correct that the firewall in fig 6. does not allow any HTTP
traffic to go thru,
ie. port 80 is blocked.
Assuming the RFC2616 construction of a HTTP URI:
http_URL = "http:" "//" host [ ":" port ] [ abs_path [ "?" query ]]
A SOAP proxy will receive a request for resource addressed by abs_path
on its external address
defined by host[":"port], which it must subsequently forward (preferably
unaltered, but after doing its policy
checks) to an internal Application Server. It must then know to which
internal hosts the request addressed to abs_path
must be forwarded to. Also the internal host address can not be the same
as the external addres (or is there some DNS trick you can play?)
Is this essentially the problem you are describing ?
How are existing SOAP proxy's configured to do such mapping? Is this
something you statically configure ?
Is this something we want to make more dynamic ?
Thanks .. kind regards .. Leon.
More information about the fi-rg
mailing list