Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[WebappSecure/Mykonos] How to configure WebappSecure to protect multiple applications/webservers

0

0

Article ID: KB28842 KB Last Updated: 07 Apr 2014Version: 1.0
Summary:
The KB describes in detail on protecting multiple applications/webservers through WebappSecure (JWAS)
Symptoms:
Need to protect multiple webservers through WebappSecure. For example, this KB describes the steps to add the webservers called “webappsecure.com” and “server.com”, both are hosted on different ip addresses.
Cause:

Solution:
WebappSecure can be configured to protect multiple backend applications/webservers, below are the steps in details that can walk us through the procedure:

1. On the WebappSecure WebUI, go to Configuration -->Applications and click on “Add New Application” to create a new application


2. Run the wizard by providing the required information in Step1

3. In Step2, select the drop down under “suggestions” and select the appropriate regex template, below example shows that the second in list has been chosen as highlighted. Click on “Use Suggestion” tab to have the Host Regex field filled automatically.


4. Modify the Host Regex to match the webserver or application name, below screenshot shows an example for the webserver “webappsecure.com”


5. In step3, change the number of backend servers to 1 and click next

6. In Step4, configure the backend webserver details like port information, ip address etc and complete the wizard

7. Similarly add another application ie., another webserver that needs to be protected

8. Finally, the application page will look like this


9. Looking at individual applications, we can see that the regex matches specifically to the webserver domain




10. Make a change in DNS server (or the load balancer depending on network topology)  to map the webservers names to resolve to webappsecure ip address. To validate, ping each of the backendserver name and the response should come from JWAS (WebappSecure) IP address. Below screnshot shows that ping to www.server.com and www.webappsecure.com has the response coming from JWAS IP 172.22.151.88




11. Perform a quick test by accessing URLs like http://www.server.com/.htpasswd and http://www.webappsecure.com/.htaccess and notice that the incidents are triggered on dashboard. As soon the user gets the fake .htaccess and .htpasswd file, it indicates that the webservers are being reverse proxied by JWAS, ie. being protected by JWAS.


12. Open the individual incidents and look at the incident details and the URL which triggered the incident, this shows that both the webservers which are hosted on diferent ip addresses are being protected by JWAS




NOTE:
- Define global backend to ensure that any requests without the “host” header and / or that go to the bare IP will be serviced.
- Make sure to configure the host regex correctly for the application so that right website is serviced and proxied

Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search