We have a PCS that has been accessed directly via https. That's OK.
Now, we want to access it via a reverse proxy in front (for additional security reasons) with a DNS entry pointing to the reverse proxy's IP that then forwards to the PCS's real external-facing IP address.
This has been set up, however, it does not load the page correctly, we get the generic Pulse Secure header with a "The page you requested could not be found." message instead of the customised home page.
If I append the /admin at the end of the URL, this works fine and I'm brought to the admin login page.
If I access the PCS directly via it's IP address, this works of course.
When accessing directly, the PCS adds /dana-na/auth/url_<randomstring>/welcome.cgi
When accessing via reverse proxy, this doesn't happen.
Should the reverse proxy forward to a special URL like the /dana-na/auth/url_<randomstring>/welcome.cgi or something else?
I presume this is some kind of rewrite.
I did just notice this KB post: https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44291
So I presume it's save to have the full url including the random string as the URL to forward to from the reverse proxy?
Hmm that's a bit of a shame.
In fact, we tried setting it up with forwarding to the full URL with the random string.
It worked for a while.
But now, we get an error with too many redirects...
I'll continue to play around with this. It's a real shame if this isn't supported as I would think it's a pretty common setup when you need further protection / authentication upstream of the PCS.
@tfboy Personally, I have not tried this setup before but if the R.proxy can forward everything (request) and relay the responses back to client, then it would work.