Marco Muishout
2004-04-06 13:34:24 UTC
Hi,
We have an international INTRANET web+appserver setup with local clients, local
proxy caches and a central web application server.
* We use the proxy caches on loca lsites to serve static data to local clients,
to relieve WAN link bandwidth and latency issues.
The central app server does only communications coming from the caching proxy
server - the actual client addresses are invisible.
OUR PROBLEM IS that one specific action requires local clients to contact the
central server directly. Because all but this specific communication runs
through the proxy server, this client action is denied by the central appserver
because it does not acknowledge the client IP address (the appserver only talks
to the proxy). Action fails.
I can only think of one way to solve this:
Make the caching fully transparent to the central server - in this case, the
central server thinks it is talking directly to the client. But - proxy traffic
hides all client IP information.
If I would accomplish fooling the central server thinking it is talking to the
client directly (I would be IP spoofing I guess, using mod_ip_forwarding?)
would my client accept responses from the central server while the original
request went to the proxy server? Would my client TCP stack accept that?
Any info is highly appreciated. Customizing the webapp is highly undesireable :-
(
We have an international INTRANET web+appserver setup with local clients, local
proxy caches and a central web application server.
* We use the proxy caches on loca lsites to serve static data to local clients,
to relieve WAN link bandwidth and latency issues.
The central app server does only communications coming from the caching proxy
server - the actual client addresses are invisible.
OUR PROBLEM IS that one specific action requires local clients to contact the
central server directly. Because all but this specific communication runs
through the proxy server, this client action is denied by the central appserver
because it does not acknowledge the client IP address (the appserver only talks
to the proxy). Action fails.
I can only think of one way to solve this:
Make the caching fully transparent to the central server - in this case, the
central server thinks it is talking directly to the client. But - proxy traffic
hides all client IP information.
If I would accomplish fooling the central server thinking it is talking to the
client directly (I would be IP spoofing I guess, using mod_ip_forwarding?)
would my client accept responses from the central server while the original
request went to the proxy server? Would my client TCP stack accept that?
Any info is highly appreciated. Customizing the webapp is highly undesireable :-
(