Using an HTTP-proxy servlet to restrict URLs to external servers

For HCL iNotes® features that send requests either to external servers for external calendar overlays, you must configure an HTTP-proxy servlet to intercept calls and retrieve information from a remote site.

About this task

An HTTP-proxy servlet specifies which sites are allowed and filters out unwanted sites. Then, instead of making a request call to an external server such as a Google server, calls are passed through the HTTP-proxy servlet. If the external server is included as one of the allowed sites in the whitelist rule for proxy servlets in the security policy settings document, then the request is passed on to the external server, and any information received from the external server is also returned.

In HCL Domino® 8.5, the HTTP-proxy servlet was configured by creating a proxy-config.properties file located in the Domino\data\properties directory. This file is no longer supported. Instead, you must create or edit a security settings policy, using the information in this file. Once you have done so, you can delete this file, however leaving it in place will not adversely affect your configuration.

To configure proxies, use a security settings document.

Procedure

  1. From the Domino® Administrator, create or edit a security settings document.
  2. Click the Proxies tab.
  3. Click Edit List.
  4. Enter the following information to create a white-list rule for each site you want to allow.
    Note: If you created a proxy-config.properties file in a previous release, use the information in that file to populate these fields.
    Table 1. Proxies tab fields
    Property Description

    Context

    The path of the request to the proxy server, specifies which proxy the rule is for. Examples include:

    /xsp/proxy/GoogleProxy/
    /xsp/proxy/BasicProxy/

    URL

    Address of the site to which this policy applies.

    This is the target of the proxy.

    Actions

    The set of HTTP actions this policy allows.

    These can be GET, POST, HEAD, PUT, DELETE. The most frequently used are GET and POST.

    Cookies

    Cookies allowed for this site. That is, the cookies that will be passed from the browser to the target URL server.

    Note: Cookies with specified names are always proxied to this site. In addition, any incoming (Set-Cookie response headers) received from the site will also be remembered and eventually sent back on subsequent requests to this site.

    Mime-types

    Content types allowed back from the target server, or use * to allow all.

    Headers

    Headers allowed for this site, or use * to allow all. This attribute determines which headers are forwarded to the target server.

    Note: Cookies are not handled as a standard header. Adding the entry "cookie" in the headers list has no effect.