About tfboy

tfboy · ‎02-24-2021

Thanks Zanyterp. Hmm that's a bit of a shame. In fact, we tried setting it up with forwarding to the full URL with the random string. It worked for a while. But now, we get an error with too many redirects... I'll continue to play around with this. It's a real shame if this isn't supported as I would think it's a pretty common setup when you need further protection / authentication upstream of the PCS.

tfboy · ‎02-18-2021

I presume this is some kind of rewrite. I did just notice this KB post: https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44291 So I presume it's save to have the full url including the random string as the URL to forward to from the reverse proxy?

tfboy · ‎02-18-2021

We have a PCS that has been accessed directly via https. That's OK. Now, we want to access it via a reverse proxy in front (for additional security reasons) with a DNS entry pointing to the reverse proxy's IP that then forwards to the PCS's real external-facing IP address. This has been set up, however, it does not load the page correctly, we get the generic Pulse Secure header with a " The page you requested could not be found." message instead of the customised home page. If I append the /admin at the end of the URL, this works fine and I'm brought to the admin login page. If I access the PCS directly via it's IP address, this works of course. When accessing directly, the PCS adds /dana-na/auth/url_<randomstring>/welcome.cgi When accessing via reverse proxy, this doesn't happen. Should the reverse proxy forward to a special URL like the /dana-na/auth/url_<randomstring>/welcome.cgi or something else?

Re: PCS behind reverse proxy

Re: PCS behind reverse proxy

PCS behind reverse proxy