Hello,
I am a Citrix Admin and unfamiliar with Apache. Our Apache admins said me that I need to reconfigure my Citrix setup. But I think that Apache admins must reconfigure their Apache server. 8) I need an impartial judge! We have the next setup: external clients-------> Apache HTTP Server (reverse proxy configured)--------->Firewall----->Citrix Secure Gateway (Citrix Web Interface on the same server)--------Citrix Farm(Servers with Applications). Apache Server resides in external network, but Citrix Secure Gateway and Farm reside in internal network. Apache server exposes internal address of Citrix Secure Interface (https://secgateway.domain1.com/citrix/xenap) as https://proxyserver.domain2.com/citrix/xenapp External clients launch programs from Citrix farm using Web interface https://proxyserver.domain2.com/citrix/xenapp address. Clients use HTTPS to connect to Citrix Secure Gateway. PROBLEM: When client connects to Citrix Secure Gateway (Web Interface) it connects via Apache HTTP server (I see it by meanse of netstat -a command). But when client launches any application clicking on Web Interface icon, the citrix client is trying to connect to Cirtrix Secure Gateway directly omitting the Apache HTTP Server! But Cirtrix Secure Gateway IP is behind the firewall and application did not launch with error. When user launches app via proxy server, the ica-file redirects user to secgateway.domain1.com rather then to proxyserver.domain2.com. We must open ports on firewall to Secure Gateway too. This is a security problem for us. Is it possible to launch apps only via one Apache proxy server? We need all traffic (ICA and HTTPS) go through Apache! We need a possibility to launch apps from XenApp farm by means of connecting Apache HTTP server (IBM HTTP Server 7.0) rather then Secure Gateway. Below IBM HTTP Server 7.0 httpd.conf from our Apache admins: Listen 0.0.0.0:443 <VirtualHost *:443> SSLEnable #SSLProtocolDisable SSLv2 SSLClientAuth none SSLProxyEngine on SSLCipherSpec 34 SSLCipherSpec 35 SSLCipherSpec 3A SSLCipherSpec 33 SSLCipherSpec 36 SSLCipherSpec 39 SSLCipherSpec 32 SSLCipherSpec 31 SSLCipherSpec 30 #Citrix <Location /Citrix> order deny,allow allow from all </Location> ProxyPass /Citrix https://secgateway.domain1.com/citrix/xenapp ProxyPassReverse /Citrix https://secgateway.domain1.com/citrix/xenapp </VirtualHost> Thank you for any help! --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
