Unified Access Gateway uses different variables to differentiate between edge services, configured web proxies, and proxy destination URLs.

Proxy Pattern

Unified Access Gateway uses proxy pattern to forward incoming HTTP requests to the right edge service such as Horizon or one of the configured web reverse proxy instances such as VMware Identity Manager.

Each edge service can have a different pattern. For example, the Proxy Pattern for Horizon could be configured as (/|/view-client(.*)|/portal(.*)|/appblast(.*)) and the pattern for VMware Identity Manager could be configured as (/|/SAAS(.*)|/hc(.*)|/web(.*)|/catalog-portal(.*)).

Note:

View does not work with an enabled web reverse proxy when there is an overlap in the proxy pattern.

Proxy Host Pattern

If there are multiple web reverse proxy instances configured, and there is an overlap in Proxy Patterns, Unified Access Gateway uses the Proxy Host Pattern to differentiate between them. Configure Proxy Host Pattern as the FQDN of the reverse proxy.

For example, a host pattern for Sharepoint could be configured as sharepoint.myco.com and a pattern for JIRA could be configured as jira.myco.com.

Host Entries

Configure this field only if Unified Access Gateway is not able to reach the back end server or application. When you add the IP address and hostname of the back end application to the Host Entries, that information is added to the /etc/hosts file of Unified Access Gateway. This field is common across all the edge service settings.

Proxy Destination URL

This is the back end server application URL of the edge service settings for which Unified Access Gateway is the proxy. For example:

  • For View, the connection server URL is the proxy destination URL.

  • For web reverse proxy, the application URL of the configured web reverse proxy is the proxy destination URL.

Single Reverse Proxy Configuration

When Unified Access Gateway receives a single incoming request with a URI, the proxy pattern is used to decide whether to forward the request or drop it.

Multiple Reverse Proxy Configuration

  1. When Unified Access Gateway is configured as a reverse proxy, and an incoming request arrives with a URI path, Unified Access Gateway uses the proxy pattern to match the correct web reverse proxy instance. If there is a match, the matched pattern is used. If there are multiple matches, then the filtering and matching process is repeated in step 2. If there is no match, the request is dropped and a HTTP 404 is sent back to the client.

  2. The proxy host pattern is used to filter the list that was already filtered in step 1. The HOST header is used to filter the request and find the reverse proxy instance. If there is a match, the matched pattern is used. If there are multiple matches, then the filtering and matching process is repeated in step 3.

  3. The first match from the filtered list in step 2 is used. Note that this may not always be the correct web reverse proxy instance. Therefore, ensure that the combination of proxy pattern and proxy host pattern for a web reverse proxy instance is unique if there are multiple reverse proxies setup in a Unified Access Gateway. Also note that the host name of all the configured reverse proxies should resolve to same IP address as the external address of the Unified Access Gateway instance.

See Configure Reverse Proxy for more information and instructions about configuring a reverse proxy.