Passing the requests from app instead of requestor
We have a REST service that gets data from our internal app server (live-app) and we have a reverse proxy (pega-app) our reverse proxy doesn't use VPN but to access internal app server, users need to be on VPN.
while being on reverse proxy (non-VPN) users make call to internal app server via REST service and it fails, is there a way to route this request like requestor <-> reverse proxy <-> internal app instead of requestor <-> internal app.
Pegasystems Inc.
AU
Ensure your requestors (users?) are always using the address of the reverse proxy. If the reverse proxy is permitted access to the internal app, and all users are able to access the reverse proxy then all users requests should be proxied through to the internal app.
In what way does the REST service fail?
If the content returned from the internal app through the reverse proxy includes URLs that are addressed directly to the internal app, and these are the ones "failing" because they expect a non-VPN requestor to go direct to the internal app. One of the reverse proxy's responsibilities is to rewrite these URLs so that the requestor sees URLs that point to the reverse proxy, even if they are generated by the app as 'internal' URLs. If this is the cause of the failure, then that is a misconfiguration of the reverse proxy.
There is also the ability to configure how Pega URLs appear publicly in use cases where the full absolute URL is to be used, such as including links to Pega in email correspondence: https://community.pega.com/knowledgebase/articles/system-administration/85/configuring-public-link-url
You could consider configuring this to reference your reverse proxy URL, however this will mean all channels that trigger responses using this feature will point to the reverse proxy, even where you may prefer/require direct access between the requestor and the internal app.
Ensure your requestors (users?) are always using the address of the reverse proxy. If the reverse proxy is permitted access to the internal app, and all users are able to access the reverse proxy then all users requests should be proxied through to the internal app.
In what way does the REST service fail?
If the content returned from the internal app through the reverse proxy includes URLs that are addressed directly to the internal app, and these are the ones "failing" because they expect a non-VPN requestor to go direct to the internal app. One of the reverse proxy's responsibilities is to rewrite these URLs so that the requestor sees URLs that point to the reverse proxy, even if they are generated by the app as 'internal' URLs. If this is the cause of the failure, then that is a misconfiguration of the reverse proxy.
There is also the ability to configure how Pega URLs appear publicly in use cases where the full absolute URL is to be used, such as including links to Pega in email correspondence: https://community.pega.com/knowledgebase/articles/system-administration/85/configuring-public-link-url
You could consider configuring this to reference your reverse proxy URL, however this will mean all channels that trigger responses using this feature will point to the reverse proxy, even where you may prefer/require direct access between the requestor and the internal app.
This is why ensuring the reverse proxy is performing the URL rewriting is the best place to resolve this issue (assuming that is the problem).