You configure reverse proxy rules at the global-portal reverse-proxy-rules level. For more details on the command structure, see Configuring Rules Using UPL.
When configuring reverse proxy rules, you need to specify the following:
Parameter |
Description |
---|---|
PASS OK |
Action to create a rule using UPL. |
enabled |
Enable/disable a rule:
|
name |
Name of the reverse proxy rule. Example: name("Reverse proxy rule example"). |
desc |
A description of the rule. Example: desc("Reverse proxy rule example set via CLI"). |
profile |
Reverse proxy server for UserGate to forward requests to. Example: profile("Reverse proxy server example"). |
url.port |
Port on which UserGate will listen for inbound requests, e.g. url.port = 80. |
is_https |
HTTPS support:
|
ssl_profile |
SSL profile. Specified when using HTTPS: ssl_profile("Default SSL profile"). For more details about working with SSL profiles using the CLI, see Configuring SSL Profiles. |
certificate |
The certificate used to support HTTPS connections. Specify when using HTTPS: certificate("Certificate example"). |
cert_auth_enabled |
Authentication via certificate:
|
src.zone |
Traffic source zone. Example of setting source zone: src.zone = Untrusted. For more details about configuring zones using the CLI, see Zones. |
src.ip |
Add source IP address or domain lists. Example for IP addresses: src.ip = lib.network(). Specify the list name in parentheses. For more details about how to create and configure IP address lists using CLI, see Configuring IP addresses. Example for domains: src.ip = lib.url(). Specify the URL to which necessary domains were added in parentheses. For more details about how to create and configure URL lists using the CLI, see Configuring URL lists. |
src.geoip |
Source GeoIP. Specify a country code (for example, src.geoip = AE). Click here for the list of ISO 3166-1 country codes. Important! There is a limit on the number of GeoIPs that can be specified: the number cannot exceed 15. |
user |
Users and user groups for which the reverse proxy rule applies. You can only add users if authentication via certificate is enabled. To add LDAP groups and users, you need to have a correctly configured LDAP connector (for more information about configuring LDAP connectors via the CLI, see Configuring LDAP connectors). The following line describes how to add a local user (local_user) and group (Local Group), a user (example.local\AD_user), and an LDAP group (AD group):
user = (local_user, "CN=Local Group, DC=LOCAL", "example.loc\\AD_user", "CN=AD group, OU=Example, DC= example, DC=loc") The Active Directory domain example.loc has been already configured. When adding LDAP users and groups, you can specify a list of paths on the server, starting from which the system will search for users and groups. |
dst.ip |
One of the external IP addresses of the UserGate server, which is available from the Internet and is the destination for the external client traffic. To specify an IP address list: dst.ip = lib.network(). Specify the list name in parentheses. For more details about how to create and configure IP address lists using CLI, see Configuring IP addresses. To specify a domain list: dst.ip = lib.url(). Specify the URL to which the necessary domains were added in parentheses. For more details about how to create and configure URL lists using the CLI, see Configuring URL lists. |
dst.geoip |
Destination GeoIP. Specify a country code (for example, dst.geoip = AE). Click here for the list of ISO 3166-1 country codes. Important! There is a limit on the number of GeoIPs that can be specified: the number cannot exceed 15. |
request.header.User-Agent |
The user browser useragents for which this rule will be applied. To specify a useragent: request.header.User-Agent = lib.useragent(). Provide the useragent browser category in parentheses. For more details about how to create and configure your own lists using CLI, see Configuring useragents. |
rewrite_path |
Substitute a URL domain and/or path in the user request. For example, this allows requests at http://www.example.com/path1 to be converted into requests at http://www.example.loc/path2. To do this: rewrite_path("http://www.example.com/path1", "http://www.example.loc/path2"). |