We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda SSL VPN

How can I use the Reverse Proxy with no paths on my Barracuda SSL VPN?

  • Type: Knowledgebase
  • Date changed: 8 years ago
Solution #00003827

Scope:
This solution applies to Barracuda SSL VPNs, all firmware versions.

Answer:
With the Host-based Reverse Proxy feature, Web sites are proxied by identifying the hostname that has been requested in the host headers and mapping this to a back end Web server. For example, you might define a host header of mymailserver.example.com, when a client launches this resource the hostname of the request is modified so that we can identify the correct resource to forward to.

How does this work?
Let's say you are connecting to the Barracuda SSL VPN through the URL https://sslvpn.example.com. When you launch an Host-based Reverse Proxy resource the browser is immediately redirected to a unique hostname. This hostname can be defined by entering a host header in the configuration (i.e the hostname that will be used for this web forward) or an option can be ticked to use ActiveDNS. ActiveDNS creates a hostname automatically, based on the original. For example https://activeproxy12345.sslvpn.example.com. The Barracuda SSL VPN can then examine the first portion of the connecting URL, in this case activeproxy12345, and match this against the Reverse Proxy Web forwards.

In order to achieve this you either need to configure multiple DNS entries for the host headers you configure, or a wildcard DNS entry. This is achieved by including the wildcard asterisk character * in the hostname in the DNS server configuration.

*.sslvpn.example.com        A    192.168.100.1

Once this is configured any hostname followed by .sslvpn.company.com will resolve to your IP address. This enables the browser to continue communicating with the Barracuda SSL VPN over the custom hostname and identify the correct Web site to forward to.

It is also important to point out here that in order for this feature to work the user must login to the Barracuda SSL VPN using the fully qualified domain name setup in the DNS wildcard entry. You cannot use this feature if you access the service through an IP address or single hostname i.e. https://192.168.100.1 or https://sslvpn.

This only has to be performed once, after the DNS has been configured you can use the Active DNS feature on as many Web sites as you like.

If using the Host Header field instead of wildcard DNS, again this requires that the hostname you set will resolve to the Barracuda SSL VPN server's IP address. In the same way as ActiveDNS the browser will be redirected to this host and the Barracuda SSL VPN will identify the site by its hostname.

As an example, say you configure the host header owa.example.com in a web forward. When the user attempts to access this through the Barracuda SSL VPN, their browser will be redirected from the standard Barracuda SSL VPN URL to https://owa.example.dom. Again it is important that this host resolves to the Barracuda SSL VPN server so that it can proxy the Web site correctly.

This will require that each Web forward setup with a host header must have its own corresponding DNS entry if not using a wildcard DNS entry.

Link to This Page:
https://campus.barracuda.com/solution/50160000000HVB0AAO