Applies To:Show Versions
- 16.0.0, 15.1.0
Configuring Rewrite Profiles for Portal Access
About rewrite profiles for Portal Access
Portal access rewrite profile Portal Access settings
Client Cache setting
Caches nothing. This provides the slowest client performance and is the most secure.
Uses the unmodified cache headers from the backend server.
About split tunneling with rewrite profiles
- Access Policy Manager matches the URI to the expressions specified on theBypasslist first. If an expression matches, then the URI is bypassed and links are not rewritten.
- If the URI does not match theBypasslist, then it is compared to theRewritelist. If the URI matches the expressions specified on theRewritelist, the URI links are rewritten. If there are no matches, links are not rewritten.
- If the URI does not match anything on theBypassorRewritelists, and if the host name in the URI is a short name, not a fully qualified domain name, then links for that URI are rewritten.
Portal access rewrite profile JavaPatcher settings
Trusted Certificate Authorities
Select the certificate authority to use for Java app link rewriting from the list of predefined Certificate authorities on the system, to use with Java app rewriting.
Select the Java app signer to use for app re-signing, from a list of existing signers on the system. Select None if the app is unsigned.
Select the private key from a list of existing keys on the system for Java app re-signing. Select None if the app is unsigned or does not require a signing key.
Signing Key Pass Phrase
To encrypt the private signing key with a passphrase, type the private key pass phrase.
Certificate Revocation List (CRL)
Select the CRL from the list, if one is defined on the system.
Portal access rewrite profile URI translation settings
Select this option to rewrite headers in Request Settings.
Insert X-Forwarded For Header
Select this option to add the X-Forwarded For (XFF) header, to specify the originating IP address of the client.
Insert X-Forwarded Proto Header
Select this option to add the X-Forwarded Proto header, to specify the originating protocol of the client.
Insert X-Forwarded Host Header
Select this option to add the X-Forwarded Host header, to specify the originating host of the client.
Select this option to rewrite headers in the response.
Select this option to rewrite links in content in the response.
Creating a rewrite profile
- Click.The Rewrite Profile List screen opens.
- ClickCreate New Profile.The Create New Profile Rewrite screen opens.
- In theNamefield, type a name for the rewrite profile.
- From theParent Profilelist, select a parent profile.For Portal Access, you should select the/Common/rewriteor/Common/rewrite-portalprofile as the parent. The new rewrite profile inherits theClient Caching Typesetting from the parent profile.
- From theRewrite Modelist, selectPortal (Access).
- On the left side, click the Portal (Access) link.
- From theClient Caching Typelist, select the caching option.
- To enable split tunneling for portal access connections, selectSplit Tunnelingfrom the list.Split tunneling provides two options to access your web page:RewriteandBypass. If you enable split tunneling, Access Policy Manager presents only web pages that satisfy one of these filters. Others are blocked (although a blocked public site may still be available outside the webtop). If you do not use split tunneling, Access Policy Manager processes all portal access URLs through the rewriting engine. You can specify a URL pattern using the following syntax:scheme: //host[:port]/path. You can also use wildcards such as the asterisk ( * ) to denote any sequence of characters and the question mark ( ? ) for any single character. Access Policy Manager rewrites links in all pages specified forRewrite.
- Rewrite- Rewrites URLs. When you use this option, Access Policy Manager controls the redirection of the URL. Use this option to access URLs inside the network. Type a URL match pattern for the sites where you need to create the reverse-proxy and click theAdd to Rewrite Listbutton.
- Bypass- Directly accesses the URL and leaves the URL unmodified. Use this option to speed up serving public sites. Type a URL match pattern for URLs to be accessed directly, bypassing the rewrite engine, and click theAdd to Bypass Listbutton.
- To configure Java patching, clickJavaPatcher Settings. Configure the Java Patcher options for verification and re-signing of signed applets.
- To configure theTrusted Certificate Authorities, from the list select a CA against which to verify signed applets signatures.
- To configure aSigner,from the list select a certificate to use for re-signing.
- To configure aSigning Key, from the list select a corresponding private key for re-signing.
- To set aSigning Key Pass Phrase, type a passphrase with which to encrypt the private key.
- To select aCertificate Revocation List (CRL), from the list select a CRL with which to check certificate validity.
- To configure URI Translation request and response settings, underURI TranslationselectSettings.
- Configure translation settings.
- ClickOKto complete the rewrite profile.