5 Oracle Database Lite Proxy Support

5.1 Using HTTP Proxy to Communicate From Inside a Firewall

Use the HTTP proxy for clients inside a corporate network that want to connect to a resource on the Internet. As shown in Figure 5-1, the corporate network is protected by a firewall, which blocks direct access from inside the corporate network to the outside world. However, you can configure a proxy server on the firewall to allow designated traffic travel through the firewall.

Figure 5-1 Client Accessing Mobile Server on Internet

Description of the illustration proxy.gif

For example, in order for communication to occur between Web browsers—where the browser is located in the corporate network behind the firewall—and Internet Web servers—where the web server is located on the public Internet—you must configure the proxy settings in the browser. In the same sense, if the Mobile client is located in the corporate intranet and the Mobile Server is located somewhere in the public Internet—where both are separated by a firewall—then the firewall must be configured to let HTTP traffic travel through by means of a proxy server.

To enable communication from the Mobile client to a Mobile Server outside the corporate firewall, do one of two things:

For all Mobile clients other than the Web-to-Go Mobile clients, perform the following when you synchronize using the msync.exe tool:

1. Check the Use Proxy checkbox.

2. Enter the hostname and port number of the proxy server.

For all Web-to-Go Mobile clients, add the proxy server settings as follows in the webtogo.ora file:

[WEBTOGO]
PROXY_SERVER=hostname_proxy_server
PROXY_PORT=port_proxy_server

5.2 Using Reverse Proxy to Communicate from Internet to Intranet

If you are traveling to a customer site and you want to synchronize over the internet to the Mobile Server inside the corporate firewall, use a reverse proxy to communicate. A reverse proxy is used whenever a client outside a corporate network wants to connect to a resource available inside the corporate network, as shown in Figure 5-2. The corporate network is protected by a firewall, which stops the outside world from having direct access with the systems inside the corporate network. However, the reverse proxy lets designated traffic that originates outside the corporate network to reach inside systems.

Figure 5-2 Mobile Client Communicating With Mobile Server Through Firewall Using Reverse Proxy

Description of the illustration revproxy.gif

When you configure the reverse proxy, then the Mobile client communicates directly with the reverse proxy, which turns around and communicates with the Mobile Server. In order for this communication to occur seamlessly, do the following:

1. Configure the Mobile client to communicate with the reverse proxy in one of the two following methods:

   • Download Mobile client software directly from the reverse proxy. If you download the Mobilc client setup.exe program from the reverse proxy from the internet, then the configuration is automatic to point to the reverse proxy when you perform the installation of the Mobile client.

   • Configure the webtogo.ora configuration file for your Mobile client. However, if you installed the Mobile client from within the corporate intranet, you must modify the SERVER_URL parameter in the webtogo.ora configuration file to point to the host/port of the reverse proxy server, as follows:

     SERVER_URL=HTTP://<reverse_proxy_host>:<port>/webtogo
     
     

     If you use the msync.exe to synchronize, then enter the hostname of the reverse proxy in the Server box.

     
     

     Note: If you are planning on using the Mobile client both inside and outside of the corporate internet, you may want to have two SERVER_URL definitions—one for the internal corporate Mobile Server address and one for the reverse proxy address. Then, comment the one that you are not using and uncomment the one that you are using.

     
     

2. Post-installation steps for the client:

   After you configure the client, if the client is a Windows client—such as Windows XP/2000 and Pocket PC devices—then Oracle Database Lite uses the WININET API for SSL over HTTP. The following are known issues when using SSL over HTTP:

   • The HTTP connection may slow down if you have the Auto Detect Proxy enabled in the Internet Explorer. In addition , it may also slow down if you do not have a proxy server in your network. In this case, uncheck the Automatically detect proxy option in the Internet Explorer.

   • For Windows 2000 clients, mSync may hang if you do not have all of the Microsoft patches applied.

   • If your Mobile Server or Reverse Proxy does not have a valid SSL certificate, then the Oracle Database Lite clients may stop working. This is critical if there are errors in Certificate chaining.

3. When setting up the Apache Web Server software for the reverse proxy, use Apache 2.0 or later. In addition, set the following parameter in the httpd.conf configuration file:

   BrowserMatch MSIE AuthDigestEnableQueryStringHack=On
   
   

4. Configure the Mobile Server to accept communication from the reverse proxy.

   Configure the reverse_proxy parameter in the webtogo.ora configuration file on the Mobile Server, as follows:

   [WEBTOGO]
   REVERSE_PROXY=http://<reverse_proxy_hostname>: <port_number>/webtogo
   
   

5. If your server is a Windows XP machine, you must have the Service Pack 2 installed.

6. When you use reverse proxy authentication, you must upper-case the username of the proxy digest.