Cloud Access Manager 8.1.4 - Security and Best Practice Guide

Folder-to-root mapping

With a folder-to-root mapping the public URL includes a path component, for example:

Public URL Private URL
https://www.acme.com/erp https://erp.acme.prod.local

Folder-to-root mappings allow you to multiplex several applications with a single external hostname, for example:

Public URL Private URL

https://www.acme.com/erp

https://erp.acme.prod.local

https://www.acme.com/mail

https://owa.acme.prod.local

https://www.acme.com/payroll

https://payroll.acme.secure.net

Root-to-root mapping

Root-to-root mappings associate a single dedicated public URL hostname with a corresponding private URL hostname, for example:

Public URL Private URL

https://erp.webapps.acme.com

https://erp.acme.prod.local

https://mail.webapps.acme.com

https://owa.acme.prod.local

https:// payroll.webapps.acme.com

https://payroll.acme.secure.net

Choosing the best mapping strategy

An advantage to using folder-to-root mappings is that the Secure Sockets Layer (SSL) certificate that authenticates the public server can cover all web applications with a single hostname. Using folder-to-root mappings is less expensive than root-to-root mappings, this is because an SSL certificate that authenticates a single hostname is generally cheaper than one which protects multiple hostnames.

However, use of folder-to-root mappings is not recommended for complex web sites, particularly those which rely heavily on client-side scripting to generate dynamic content. When using the folder-to-root approach, the proxy must rewrite relative URLs embedded in the content body, and if an embedded URL is built dynamically by the application, the proxy may need special rules (filters) to rewrite it correctly.

Rewriting relative URLs using folder-to-root

Private URL https://erp.acme.prod.local Public URL https://www.acme.com/erp

/images/home.jp

/erp/images/home.jpg

../scripts/login.js

../erp/scripts/login.js

reports/salesfigures2014.pdf

erp/reports/salesfigures2014.pdf

this.href.location = '/register.aspx';

this.href.location = '/erp/register.aspx';

Related Documents