Advanced Settings for Masking the Station Proxy URL

You can configure a public (regular) station behind the reverse proxy server to mask the station proxy URL and ports. This configuration lets you use an identifier instead of the actual hostname and port number. These settings are optional.

This task shows you how to:

Mask the Station URL with an Alias
Mask the Station Ports with an Alias
Mask the Station URL and Ports

Before you begin:

When the client web app (browser) communicates with this station normally, the HTTPS URL seen by the end-user contains the actual hostname (IP address) of the station and the port number where the Results Analytics servant and file monitoring service are listening. With the configurations described here, you can define an identifier to mask the actual hostname/IP and port by using the station properties fiper.station.exposedname and fiper.station.exposedports.

Based on the values you set in these properties, the station constructs a proxified URL, which is then communicated to the client app browser. The client uses this proxified URL to make requests for the station services (Results Analytics data and file monitoring).

If you do not set fiper.station.exposedname to an identifier, the internal station name or IP address is used in the proxified URL. The default value of fiper.station.exposedports is "8080-8085" which are the defaults used by the Results Analytics servant. The file monitoring service uses ports 1010-1015 by default.

A ProxyPassMatch rule directive is required to map the traffic between client web apps and the public station.

You can choose any of three configurations described below, depending on the level of abstraction desired for the proxy URL and ports.

Mask the Station URL with an Alias

Set the station properties.
1. Set fiper.station.exposedname to an identifier (alias):
```
fiper.station.exposedname=StationAlias
```
  Each station with an exposedname alias must have a matching rule in the reverse proxy configuration.
2. Set fiper.station.exposedports to the ports you want:
```
fiper.station.exposedports=<port-range>
```
  For example: fiper.station.exposedports=56000-56100
Configure the corresponding reverse proxy rules.
```
ProxyPassMatch /StationAlias(:[0-9]+)/([a-zA-Z0-9\S]+) http://station.domain.com$1/$2
```
In this case, $1 in the rerouted URL is replaced by the port captured by the regular expression [0-9]+ , $2 is filled with the rest of the URL, and StationAlias maps to station.domain.com. An example of the resulting proxified URL is:
https://hostname.domain.com:446/StationAlias:8080/Advise/ping?caseID=4736.47061.1280.9430&_t=149384520431

For example, if fiper.station.exposedname=MyStation, the ProxyPassMatch rule in italics below should be added:

Listen 446
<VirtualHost *:446>
  SSLEngine on	
  ProxyPreserveHost Off
  ServerAlias *domain.com
  ProxyPass        /SMAExeServer-REST http://myproxyserver.domain.com:port/SMAExeServer-REST
  ProxyPassReverse /SMAExeServer-REST http://myproxyserver.domain.com:port/SMAExeServer-REST
  ProxyPassMatch   /MyStation(:[0-9]+)/([a-zA-Z0-9\S]+) http://station.domain.com$1/$2
  RequestHeader set x-forwarded-port "446"
</VirtualHost>

Mask the Station Ports with an Alias

In this configuration, a ProxyPassMatch redirection rule is needed for each port.

Set fiper.station.exposedports to use an identifier (alias) that the reverse proxy uses to mask the ports:
```
fiper.station.exposedports=<port-range>:alias
```
For example: fiper.station.exposedports=8080-8085:bluto
Configure the corresponding reverse proxy rules.
```
ProxyPassMatch   /([a-zA-Z0-9\S]+:)alias0/([a-zA-Z0-9\S]+) http://$18080/$2
ProxyPassMatch   /([a-zA-Z0-9\S]+:)alias1/([a-zA-Z0-9\S]+) http://$18081/$2
etc.
```
Proxy rules should exist for all port numbers defined in the fiper.station.exposedports property.
In this case, where $1 in the rerouted URL is substituted with the station.domain.com captured by the regular expression [a-zA-Z0-9\S]+ , $2 is filled with the rest of the URL and alias0 would map to 8080. An example of the resulting proxified URL is:
https://hostname.domain.com:446/hostname.domain.com:alias0/Advise/ping?caseID=4736.47061.1280.9430&_t=149384520431

For example, if fiper.station.exposedports=8080-8085:bluto, the ProxyPassMatch rules in italics below should be added:

Listen 446
<VirtualHost *:446>
  SSLEngine on
  ProxyPreserveHost Off
  ServerAlias *domain.com
  ProxyPass        /SMAExeServer-REST http://myproxyserver.domain.com:port/SMAExeServer-REST
  ProxyPassReverse /SMAExeServer-REST http://myproxyserver.domain.com:port/SMAExeServer-REST
  ProxyPassMatch   /([a-zA-Z0-9\S]+:)bluto0/([a-zA-Z0-9\S]+) http://$18080/$2
  ProxyPassMatch   /([a-zA-Z0-9\S]+:)bluto1/([a-zA-Z0-9\S]+) http://$18081/$2
  ProxyPassMatch   /([a-zA-Z0-9\S]+:)bluto2/([a-zA-Z0-9\S]+) http://$18082/$2
  ProxyPassMatch   /([a-zA-Z0-9\S]+:)bluto3/([a-zA-Z0-9\S]+) http://$18083/$2
  ProxyPassMatch   /([a-zA-Z0-9\S]+:)bluto4/([a-zA-Z0-9\S]+) http://$18084/$2
  ProxyPassMatch   /([a-zA-Z0-9\S]+:)bluto5/([a-zA-Z0-9\S]+) http://$18085/$2
  RequestHeader set x-forwarded-port "446"
</VirtualHost>

Mask the Station URL and Ports

This configuration combines the previous two techniques. Both the station URL and ports are masked with aliases, and each unique station and its respective port number requires a ProxyPassMatch rule.

Set the station properties.
1. Set fiper.station.exposedname to an identifier that the reverse proxy uses to map to the station:
```
fiper.station.exposedname=StationAlias
```
  Each station with an exposedname alias must have a matching rule in the reverse proxy configuration.
2. Set fiper.station.exposedports to an identifier that the reverse proxy uses to mask the ports:
```
fiper.station.exposedports=<port-range>:alias
```

Configure the reverse proxy rules.

ProxyPassMatch   /StationAlias(:)alias0/([a-zA-Z0-9\S]+) http://station.domain.com$18080/$2
ProxyPassMatch   /StationAlias(:)alias1/([a-zA-Z0-9\S]+) http://station.domain.com$18081/$2
etc.

where alias0 maps to port 8080 and StationAlias maps to station.domain.com.

Proxy rules should exist for all the remaining aliases as well as each unique StationAlias, as defined by the two station properties in step 1.

In this case, where $1 in the rerouted URL is substituted with : captured by the regular expression ":" and $2 is filled with the rest of the URL, alias0 maps to 8080 and StationAlias maps to station.domain.com. An example of the resulting proxified URL is:

https://hostname.domain.com:446/StationAlias:alias0/Advise/ping?caseID=4736.47061.1280.9430&_t=149384520431

For example, if fiper.station.exposedports=8080-8085:alias and fiper.station.exposedname=MyStation, then the ProxyPassMatch rules in italics below should be added:

Listen 446
<VirtualHost *:446>
  SSLEngine on
  ProxyPreserveHost Off
  ServerAlias *domain.com
  ProxyPass        /SMAExeServer-REST http://myproxyserver.domain.com:port/SMAExeServer-REST
  ProxyPassReverse /SMAExeServer-REST http://myproxyserver.domain.com:port/SMAExeServer-REST
  ProxyPassMatch   /MyStation(:)alias0/([a-zA-Z0-9\S]+) http://station.domain.com$18080/$2
  ProxyPassMatch   /MyStation(:)alias1/([a-zA-Z0-9\S]+) http://station.domain.com$18081/$2
  ProxyPassMatch   /MyStation(:)alias2/([a-zA-Z0-9\S]+) http://station.domain.com$18082/$2
  ProxyPassMatch   /MyStation(:)alias3/([a-zA-Z0-9\S]+) http://station.domain.com$18083/$2
  ProxyPassMatch   /MyStation(:)alias4/([a-zA-Z0-9\S]+) http://station.domain.com$18084/$2
  ProxyPassMatch   /MyStation(:)alias5/([a-zA-Z0-9\S]+) http://station.domain.com$18085/$2
  RequestHeader set x-forwarded-port "446"
</VirtualHost>