Reverse Proxy

What is a reverse proxy and how does it work?

Before jumping into the configuration steps, let's talk about what a reverse proxy is. In computer networks, a reverse proxy is a type of proxy server that retrieves resources on behalf of a client (user) from one or more servers (ADSelfService Plus). These resources are then returned to the client as though they originated from the reverse proxy itself. A reverse proxy is used as a strategic point in the network to enforce web application security.

AD360 as a reverse proxy for ADSelfService Plus

AD360 is an integrated identity and access management (IAM) solution for managing user identities, governing access to resources, enforcing security, and ensuring compliance. You can integrate ADSelfService Plus with AD360 to unlock many useful features, including a reverse proxy.

Once you set up reverse proxy through AD360, requests from clients (users) are received by the reverse proxy server (AD360) in the DMZ. The reverse proxy server then forwards those requests to the ADSelfService Plus server in the LAN (or, if needed, can be placed in the DMZ). External machines never make a direct connection to the ADSelfService Plus server. Your firewall will only permit the proxy server to access the ADSelfService Plus server and only through the required port.

Configuration steps

Follow the steps below to set up a reverse proxy server for ADSelfService Plus using ManageEngine AD360.

1. Download and install AD360. Choose Minimal Installation mode during installation.
2. Log in to the AD360 web console as an administrator.
3. Click the Admin → Administration → ADSelfService Plus.
4. Enter the server name, protocol, and port details of the ADSelfService Plus server, and click Integrate.

Once you have integrated ADSelfService Plus with AD360, you an enable a context-based reverse proxy or a port-based reverse proxy or both.

Enabling a context-based reverse proxy

In a context-based reverse proxy, the URL of ADSelfService Plus is given a unique context path. Whenever a user requests access, it's first forwarded to the AD360 server, which then forwards the request to the ADSelfService Plus server based on the context path in the URL. The end user will not know the details of the ADSelfService Plus server.

Follow the steps given below to enable a context-based reverse proxy:

1. Log in to the AD360 web console as an administrator.
2. Navigate to Admin → Administration → Reverse Proxy.
3. Click the Context-based tab, and check the Enable Context-based Reverse Proxy box.

   

4. Select the required protocol and port number from the Protocol and Port drop-down fields respectively. Please make sure that the port number is not being used by another application.
5. Now, enter a context path for ADSelfService Plus under the Context column.
6. Write down the Access URL for ADSelfService Plus. External users can use this URL to access ADSelfService Plus.
7. Click Save Settings.

Enabling a port-based reverse proxy

To enable a port-based reverse proxy, you need to choose a unique port number and protocol for ADSelfService Plus. In this case, a unique port number for the ADSelfService Plus server is mandatory whereas specifying the unique protocol is optional. The hostname remains the same. The AD360 server will forward user requests to the ADSelfService Plus server based on the port number in the URL and the protocol.

Follow the steps given below to enable a port-based reverse proxy:

1. Log in to the AD360 web console as an administrator.
2. Navigate to Admin → Administration → Reverse Proxy.
3. Click the Port Based tab, and check the Enable Port-Based Reverse Proxy box.

   

4. Select a protocol for ADSelfService Plus from the Protocol drop-down.
5. Enter a port number for AD360 and its components in the Port field. Please make sure the port number is not being used by another application.
6. Write down the Access URL for ADSelfService Plus. External users can use this URL to access ADSelfService Plus.
7. Click Save Settings.

The setup for reverse proxy to ADSelfService Plus server using ManageEngine AD360 is now complete.

Important: Once you enable a reverse proxy, please update the Access URL settings in ADSelfService Plus by navigating to Admin → Product Settings → Connection and clicking Configure Access URL.