Web Proxy

最終更新日:2023-11-29 15:53:18

1. Usage Scenario

This page configures the web proxy for browser access and watermark policy.

Customers can add web proxy for users to visit their applications (http/https/ssh*/rdp* based applications ) via browser. Browser access can be used for users who are not convenient to install ESA client, like:

  • 3rd party partner users
  • part time staffs
  • contractors

With the proxy configured, when users access the application via browser, the URL visited will be a proxied URL instead of real address. In this way, we can protect application address from been exposed.

2. Operation Steps

1) Go to Web Security Gateway–>Basic Configuration to configure your web proxy server.

2) For security access, we recommend customers to use your own certificate and domain for web access.
Here are the steps:

  • Config a domain and upload certificate. We suggest to use 4-level domain name, For example: alex.esa.ABC.com. ABC refers to your company name.
  • Contact CDNetworks technical service to config CNAME to ESA platform. After configuration, CDNetworks technical service will return the CNAME domain, for example: nsesa.cdnetworks.com
  • On your name server, CNAME or NS your domain: *.esa.ABC.com or .esa.ABC.com (depends on your NS format) to nsesa.cdnetworks.com
  • After configuration completed, please send the alex.esa.ABC.com URL to your users.

There are two options for Proxy Authentication:
Secure authentication (recommended): means account authentication is required when user access login via web browser
Free authentication: means no account authentication is needed to access applications. This may be used in scenarios like API access.

China Premium Service控制台自助配置功能上线

3) User login: Copy the proxy URL: alex.esa.ABC.com to browser and then you will get ESA login page.
China Premium Service控制台自助配置功能上线

After login to ESA via URL, when user visit the application, for example: ERP, the actual visiting URL will be erp.esa.ABC.com. Users are visiting the proxied domain instead of real domain. By doing this, we can shield your applications from been exposed to Internet.