Set IIS forward proxy for iraware.com

    Introduction

    Epicode’s cloud licensing server is accessible at www.iraware.com

    All server instances running Epicode’s software will need to allow access to the above URL(or static IP: 3.214.113.223) on TCP port 443.

    In cases where customer infosec policies do not allow each server to access the Epicode licensing server, one can setup a HTTP Forward Proxy on a web server within the network and route the license requests via that. In this case, only the proxy server will need to have access to Epicode licensing server.

    Note that the feature of using a proxy to licensing server is only supported in iradialer version 1.3.8 and above. The configuration change to be done on the iradialer/iracpa server is mentioned below.
    This document explains the process of setting up HTTP forward proxy on IIS.

    Prerequisites

    Once the above IIS modules are installed, the same should be visible in the Home page in the IIS Manager as highlighted in the image below.

    Create PowerShell script

    Create a powershell script configure_iraware_proxy.ps1 in a suitable location. Open it with Notepad or any text editor and copy the content below to it.


    Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST'  -filter "system.webServer/proxy" -name "enabled" -value "True"
    $site = "iis:\sites\Default Web Site"
    $filterRoot = "system.webServer/rewrite/rules/rule[@name='epicode$_']"
    Clear-WebConfiguration -pspath $site -filter $filterRoot
    Add-WebConfigurationProperty -pspath $site -filter "system.webServer/rewrite/rules" -name "." -value @{name='epicode' + $_ ;patternSyntax='Regular Expressions';stopProcessing='True'}
    Set-WebConfigurationProperty -pspath $site -filter "$filterRoot/match" -name "url" -value "iralic/(.*)"
    Set-WebConfigurationProperty -pspath $site -filter "$filterRoot/conditions" -name "logicalGrouping" -value "MatchAll"
    Set-WebConfigurationProperty -pspath $site -filter "$filterRoot/action" -name "type" -value "Rewrite"
    Set-WebConfigurationProperty -pspath $site -filter "$filterRoot/action" -name "url" -value "https://www.iraware.com/{R:1}"


    The above script tells IIS to act as a proxy for all HTTP and HTTPS requests where the URL path starts with “iralic/” and forward the request and it’s payload to https://www.iraware.com.

    Run PowerShell script

    Open an Administrative PowerShell and change the directory to where the previous file was created.

    Run the command below to set the Execution Policy to RemoteSigned for the current powershell window so that we can run the script created earlier. Enter “Y” when prompted.

    Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process

    Now we are ready to run the configure_iraware_proxy.ps1 script. If the file is located in D:\Epi, the execution command will look as follows:

    PS D:\Epi> .\configure_iraware_proxy.ps1

    In order to confirm the successful installation, open IIS Manager and Click on Sites -> Default Web Site. Double click on “URL Rewrite” and you should see a rule named “epicode” added.

    Config change on iradialer/iracpa server

    Open the IraPass configuration file and add the attribute proxy_url to the xml tag common_settings. The file path is as below:

    Debian

    /opt/epi/conf/txpass.xml

    Windows

    C:\Program Files\EpiCode\IraDialer\IraPass.xml

    The value of the new attribute proxy_url will be the url to reach IIS the server/s where you ran the above mentioned steps to create a URL Rewrite rule. The url scheme will be http or https depending on whether or not you have installed a certificate on IIS. Append /iralic/license to the base URL.

    Example URL: https://your.domain.com/iralic/license

    File change example

    <?xml version="1.0"?>
    <!DOCTYPE TxIVR SYSTEM "TxPass.conf.dtd">
    <configuration name="TxPass">
      <common_settings home_directory="d:\epiinstall" redis_cred_filename="d:\epiinstall\conf\redis.json" service_role="TxPass" log_level="4" proxy_url="https://your.domain.com/iralic/license">
        <subscription destination="IraCpa" table="100_LicenseIssued" dest_type="id"/>
        <subscription destination="mod_iradialer" table="100_LicenseIssued" dest_type="id"/>
    </common_settings>
    </configuration>

    Save the changes and restart irapass service for the configuration change to take effect. On Windows, go to “Services”, search for IraPass and restart it. On Debian, run the command below.

    sudo service irapass restart

    Published