12.11.2. Configuring reverse proxy rules

You configure reverse proxy rules at the global-portal reverse-proxy-rules level. For more details on the command structure, see Configuring Rules Using UPL.

When configuring reverse proxy rules, you need to specify the following:

Parameter	Description
PASS OK	Action to create a rule using UPL.
enabled	Enable/disable a rule: enabled(yes) or enabled(true). enabled(no) or enabled(false).
name	Name of the reverse proxy rule. Example: name("Reverse proxy rule example").
desc	A description of the rule. Example: desc("Reverse proxy rule example set via CLI").
profile	Reverse proxy server for UserGate to forward requests to. Example: profile("Reverse proxy server example").
url.port	Port on which UserGate will listen for inbound requests, e.g. url.port = 80.
is_https	HTTPS support: is_https(yes) or is_https(true): use HTTPS. is_https(no) or is_https(false): do not use HTTPS.
ssl_profile	SSL profile. Specified when using HTTPS: ssl_profile("Default SSL profile"). For more details about working with SSL profiles using the CLI, see Configuring SSL Profiles.
certificate	The certificate used to support HTTPS connections. Specify when using HTTPS: certificate("Certificate example").
cert_auth_enabled	Authentication via certificate: cert_auth_enabled(yes) or cert_auth_enabled(true): enable authentication by certificate. cert_auth_enabled(no) or cert_auth_enabled(false): disable authentication by certificate.
src.zone	Traffic source zone. Example of setting source zone: src.zone = Untrusted. For more details about configuring zones using the CLI, see Zones.
src.ip	Add source IP address or domain lists. Example for IP addresses: src.ip = lib.network(). Specify the list name in parentheses. For more details about how to create and configure IP address lists using CLI, see Configuring IP addresses. Example for domains: src.ip = lib.url(). Specify the URL to which necessary domains were added in parentheses. For more details about how to create and configure URL lists using the CLI, see Configuring URL lists.
src.geoip	Source GeoIP. Specify a country code (for example, src.geoip = AE). Click here for the list of ISO 3166-1 country codes. Important! There is a limit on the number of GeoIPs that can be specified: the number cannot exceed 15.
user	Users and user groups for which the reverse proxy rule applies. You can only add users if authentication via certificate is enabled. To add LDAP groups and users, you need to have a correctly configured LDAP connector (for more information about configuring LDAP connectors via the CLI, see Configuring LDAP connectors). The following line describes how to add a local user (local_user) and group (Local Group), a user (example.local\AD_user), and an LDAP group (AD group): user = (local_user, "CN=Local Group, DC=LOCAL", "example.loc\\AD_user", "CN=AD group, OU=Example, DC= example, DC=loc") The Active Directory domain example.loc has been already configured. When adding LDAP users and groups, you can specify a list of paths on the server, starting from which the system will search for users and groups.
dst.ip	One of the external IP addresses of the UserGate server, which is available from the Internet and is the destination for the external client traffic. To specify an IP address list: dst.ip = lib.network(). Specify the list name in parentheses. For more details about how to create and configure IP address lists using CLI, see Configuring IP addresses. To specify a domain list: dst.ip = lib.url(). Specify the URL to which the necessary domains were added in parentheses. For more details about how to create and configure URL lists using the CLI, see Configuring URL lists.
dst.geoip	Destination GeoIP. Specify a country code (for example, dst.geoip = AE). Click here for the list of ISO 3166-1 country codes. Important! There is a limit on the number of GeoIPs that can be specified: the number cannot exceed 15.
request.header.User-Agent	The user browser useragents for which this rule will be applied. To specify a useragent: request.header.User-Agent = lib.useragent(). Provide the useragent browser category in parentheses. For more details about how to create and configure your own lists using CLI, see Configuring useragents.
rewrite_path	Substitute a URL domain and/or path in the user request. For example, this allows requests at http://www.example.com/path1 to be converted into requests at http://www.example.loc/path2. To do this: rewrite_path("http://www.example.com/path1", "http://www.example.loc/path2").