Web Proxy

Last update:2023-11-29 15:53:18

1. Usage Scenario

This page configures the web proxy for browser access and watermark policy.

Customers can add web proxy for users to visit their applications (http/https/ssh*/rdp* based applications ) via browser. Browser access can be used for users who are not convenient to install ESA client, like:

  • 3rd party partner users
  • part time staffs
  • contractors

With the proxy configured, when users access the application via browser, the URL visited will be a proxied URL instead of real address. In this way, we can protect application address from been exposed.

2. Operation Steps

1) Go to Web Security Gateway–>Basic Configuration to configure your web proxy server.

2) For security access, we recommend customers to use your own certificate and domain for web access.
Here are the steps:

  • Config a domain and upload certificate. We suggest to use 4-level domain name, For example: alex.esa.ABC.com. ABC refers to your company name.
  • Contact CDNetworks technical service to config CNAME to ESA platform. After configuration, CDNetworks technical service will return the CNAME domain, for example: nsesa.cdnetworks.com
  • On your name server, CNAME or NS your domain: *.esa.ABC.com or .esa.ABC.com (depends on your NS format) to nsesa.cdnetworks.com
  • After configuration completed, please send the alex.esa.ABC.com URL to your users.

There are two options for Proxy Authentication:
Secure authentication (recommended): means account authentication is required when user access login via web browser
Free authentication: means no account authentication is needed to access applications. This may be used in scenarios like API access.

Self-Service Configuration for China Premium Service Onboarding

3) User login: Copy the proxy URL: alex.esa.ABC.com to browser and then you will get ESA login page.
Self-Service Configuration for China Premium Service Onboarding

After login to ESA via URL, when user visit the application, for example: ERP, the actual visiting URL will be erp.esa.ABC.com. Users are visiting the proxied domain instead of real domain. By doing this, we can shield your applications from been exposed to Internet.

Is the content of this document helpful to you?
Yes
I have suggestion
Submitted successfully! Thank you very much for your feedback, we will continue to strive to do better!