BEA and firewall issues


General J2EE: BEA and firewall issues

  1. BEA and firewall issues (1 messages)


    I am using BEA WebLogic 6.0, using JSPs, Servlets and EJBs. My configuration will consist of:

    Outer Firewall-->Apache WebServer--Inner Firewall-->BEA 6.0

    I have a BEA WebLogic plug-in for Apache installed on the Apache Web Server which will redirect requests to the JSPs and Servlets on the BEA WebLogic server inside the inner firewall.

    So my questions:

    1) What protocol does BEA use between the Apache Web Server(with BEA plug-in) and the WebLogic Server - I expect it's a TCP/IP based protocol, but does it have a name?

    2) What firewall ports will have to be opened on the inner firewall to allow this traffic to pass through? Do we only need to open one port and is it determined at design-time (as opposed to dynamically at runtime)?

    3) Finally, does BEA provide any proxy software that will sit on the inner firewall in order to examine the "proprietary" traffic that is passing through? Or perhaps there are 3rd party proxies to help with this security issue?

    4)I would not be comfortable opening up ports on the inner firewall without having some mechanism to examine the TCP/IP packets in detail - do you agree?

    All thoughts greatly appreciated



    Threaded Messages (1)

  2. BEA and firewall issues[ Go to top ]

    Hi Paddy,

    Have you considered using Apache in its proxy mode and not using whatever plugin that is available from WebLogic. This would mean that you can pass standard HTTP traffic from the webserver to the appserver.

    Only downside is that I suspect the performance may not be as good as the weblogic plugin since it will probably use some protocol that transfers a compressed binary representation of the app server generated information whereas the Apache Proxy will simply pass standard uncompressed HTTP from the appserver back to the webserver.

    But the big advantage is that you are only opening the standard port 80 all the way through and you can stick an ethernet sniffer on either side of the firewall to look at the HTTP requests if you are into that kind of thing.

    BTW, you can setup Apache to do caching of static content as it is proxying so your gifs and static HTML pages are cached at the webserver.

    If this is new info drop me a line and I can give you more detail.

    pj. [pj_boyle at hotmail dot com]