How do I configure the IBM WebSphere DataPower SOA appliance to forward outgoing requests to an HTTP Proxy Server?
Note: The information contained in this document is being moved to developerWorks Answers located here.The new format will allow you to ask additional questions of the community to better understand the information. This technote will be archived at some point in the near future. Please bookmark the new location.
In order for the DataPower appliance to forward specific outgoing requests to a HTTP Proxy server, a Proxy Policy will have to be defined on the ' XML Manager' -> 'User Agent' (Proxy Policy tab) associated with the service in question. For example, to configure the Web Service Proxy (WS-Proxy) so that all the outgoing requests to an external destination goes through a HTTP Proxy server, the following steps can be used. From the WebGUI:
- Click Control Panel -> Web Service Proxy
- Click to edit the appropriate 'Web Service Proxy' (WS-Proxy).
- Click on the 'Proxy Settings' tab
- Click to edit the 'XML Manager' attached to the WS-Proxy.
- Click to edit the 'User Agent Configuration'.
- On the 'User Agent -> Proxy Policy' tab, define the policies accordingly.
- Apply and save all configuration changes.
In addition to the above steps, if the HTTP Proxy server requires SSL, then a 'SSL Proxy Profile' will have to be added on the ' User Agent -> SSL Proxy Profile' tab. The SSL Proxy Profile must be either a client or two-way profile and will be used by DataPower to establish the SSL connection to the HTTPS Proxy server. Also, if the HTTP Proxy server requires user authentication, define the User Credentials to use on the ' User Agent -> Basic HTTP Authentication' tab.
Also, if you wish to dynamically define the User Credentials to use for the proxy authentication, you can do so by using a stylesheet to set the 'Proxy-Authorization' header. In the stylesheet, you can use 'dp:set-request-header' to set the header. Below is a sample snippet showing the use of 'dp:set-request-header':
<dp:set-request-header name="'Proxy-Authorization'" value="$Proxy-Auth-value"/>
Note for firmware version 3.7.3 and 3.8.0 users: If you are currently running a 3.7.3.x or 3.8.0.x firmware release that is prior to 220.127.116.11 and 18.104.22.168 respectively, be aware of the following APAR fix that was put in the 22.214.171.124 and 126.96.36.199 firmware release and relates to the use of the 'User Agent -> Proxy Policy':
APAR IC62376: AFTER REBOOT, DATAPOWER USER AGENT PROXY PROFILES DO NOT DIRECT OUTGOING HTTP REQUESTS TO THE PROXY HOSTNAME SPECIFIED
For more information on configuring the 'Proxy Policy' on different DataPower services, refer to the Development section of the IBM WebSphere DataPower SOA Appliances product documentation to obtain documentation on the various services.