Set up services for an application

These configurations of services for your application are optional and include:

  • Compression. By default Enterprise Application Access compresses all traffic. To disable data compression services, deselect the box.

  • Use control traffic shortcut in application card to configure Access control rules. Add a layer of security that regulates who can view your domain's content.

  • URL rewrite services. Improve site delivery and optimize the content from your applications.

  • Internet Content Adaptation Protocol (ICAP) services. Service Chaining with Internet Content Adaptation Protocol (ICAP).

  • URL path-based services. When applications have specific URL paths that must be treated differently from URL paths to the main application, use URL path-based rules to enable or disable authentication or redirect to a different group of servers.

  1. Log in to the EAA Management Portal.

  2. In the EAA Management Portal navigation menu, select Applications.

  3. On the application card, click Settings, and select SERVICES.

  4. Complete the service configurations.

  5. Click Save and Deploy.

  6. Deploy the application.

Compression

Disable default traffic compression. By default, all traffic is compressed but you can disable data compression on an application.

  1. Log in to EAA Management Portal.

  2. In the EAA Management Portal navigation menu, select Applications.

  3. On the application card, click Settings, and select SERVICES.

  4. Deselect Compression.

  5. Click Save and go to Advanced Settings.

  6. If there are no changes in ADVANCED SETTINGS, click Save and go to Deployment.

  7. Deploy the application.

Use control traffic shortcut in application card to configure access control rules

Add access control rules to application using control traffic shortcut on application card.

To use a shortcut to configure Access control rules for your application, click Control Traffic on the application card.

  1. Log in to the EAA Management Portal.

  2. In the EAA Management Portal navigation menu, select Applications.

  3. On the application card, click Control traffic.
    The access control rules page for the application opens.

  4. Create and edit access control rules.

  5. Click Save and go to Deployment.

  6. Deploy the application.

URL rewrite services

In Enterprise Application Access you can configure URL rewrite rules globally, or by type. Global rewrite rules may apply to all content types and make a general correction to the URL strings. If you use an ‚ÄčAkamai‚Äč domain as the external hostname for an application with absolute URLs, a global rule to rewrite the internal application name to the external application name delivers ease of use content rewriting.

URL rewriting improves site delivery by optimizing the content from your applications. In Enterprise Application Access URL rewrite rules are often necessary when internal and external hostnames for an application differ. For example, some links may try to serve content from the intranet to external users. In this case, the link fails and the application does not serve content. Once the URL path is rewritten, the link goes to the external site and is able to serve the content.

The below table describes five rewrite type options available that apply to either the response or the request to help fix broken links.

Content typeDescription
Content rewriteThe internal path is in the original string and the external path is in the replacement string. Here Enterprise Application Access looks at the response packet to rewrite.
Post body rewriteThere is a body to content that is uploaded and posted in formats such as JSON, XML, or others. For post body rewrite, content is rewritten on its way back to the user from the server. The original string contains the external path and the replacement string contains the internal path. Here Enterprise Application Access looks at the request packet to rewrite.
Query body rewriteA user may use the external path to write content. Here Enterprise Application Access looks at the request packet to rewrite.
Location rewriteHere EAA Client looks at the response packet to rewrite.
Cookie rewriteThis is an uncommon case. Cookies are usually used to maintain the state of the application. If user is unexpectedly logged out of a session, a cookie rewrite rule may help. In this case, the original string carries the internal path and the replacement string carries the external path.

Rewrite groups allow you to apply rewrite rules across distinct applications that are related to one another.

  1. Log in to EAA Management Portal.

  2. In the EAA Management Portal navigation menu, select Applications.

  3. On the application card, click Settings, and select SERVICES.

  4. Enable Services > Rewrite.

  5. Click Add Rule.

  6. Enter a name for the rule and click Create Rule and Configure.

  7. Click Edit Rule for the new rule you added. Complete the rewrite attribute fields.

  8. Click Save Rule.
    To delete the rule, you can click the Delete rule to remove it.

  9. Click Save and go for Deployment.

  10. Deploy the application.

Internet Content Adaptation Protocol (ICAP) services

The Internet Content Adaptation Protocol (ICAP) is designed to offload the processing of Internet-based content to dedicated servers. ICAP helps free up resources and standardize how features are implemented. ICAP is a lightweight protocol for executing a remote procedure call on HTTP messages. It allows ICAP clients to pass HTTP messages to ICAP servers. Enterprise Application Access (EAA) allows administrators to do service chaining with existing, co-located security appliances that support ICAP protocol for further processing of files being sent to and from users. Examples of ICAP servers includes enterprise antivirus appliance, IPS/IDS service, and others.

The ICAP configuration fields are:

  • Service Name. Enter a descriptive name for the service.

  • Host. Enter the host or IP address of the co-located ICAP server to leverage with the Enterprise Application Access Cloud service. This field is optional.

  • Port. Enter the port number used by the ICAP server. The default entry is 1344.

  • Health Check. To turn health checks on the ICAP server off, select OFF from the menu. To turn health checks for the ICAP server on, select either the ICAP protocol or TCP protocol. If you select TCP, health checks run using a TCP-only protocol.

  • HTTP methods. Depending on the application the HTTP method may determine the directionality of the file transfer. For example, a POST may correspond to a file upload and a GET may correspond to the file download. Select the methods to specify the direction for file transfers to forward to the ICAP server for further processing. By default POST is selected.

  • Secure ICAP. Select this option to use the secure version of the ICAP protocol with the EAA connector. This is optional.

  • Max File Size. Enter the maximum file size, in megabytes, that should be sent to the ICAP server for processing. By default, this is set to 500 MB.

  • Exceeds Max File Size. If the file exceeds the maximum file size, select either Deny to reject the file transfer or Ignore to forward the transfer request to the application server without any further processing. By default, this is set to Deny.

Configure Internet Content Adaptation Protocol (ICAP) for an application.

  1. Log in to EAA Management Portal.

  2. In the EAA Management Portal navigation menu, select Applications.

  3. On the application card, click Settings, and select SERVICES.

  4. Enable ICAP, and click Configure Policy.
    Configure ICAP appears.

  5. Complete the ICAP configuration fields as necessary.

  6. Click Save and Back to Configure Services.

  7. Click Save and got to Deployment.

URL path-based services

Applications may have one or more origin servers from which they serve content. These servers can be configured to handle a URL path and allow customers to specify a set of servers for each URL path. When applications have specific URL paths that must be treated differently from URL paths to the main application, use URL path-based rules to enable or disable authentication or redirect to a different group of servers. For example, if your application has a special content page located at http://myapp.com/content that is served from a different server than what the main application is served from, and requires no authentication, you can disable authentication to this URL path and redirect to a separate server group for just the /content URL path.

In Enterprise Application Access URL path-based policies are an advanced configuration setting. Your rule can specify a load balancing group, configure server load balancing, and health check configuration attributes. Configuring URL paths in Enterprise Application Access helps to meet the configuration requirements of the applications themselves. If you do not define URL path-based rules, Enterprise Application Access default is to the main server set given in the application configuration.

  1. Log in to EAA Management Portal.

  2. In the EAA Management Portal navigation menu, select Applications.

  3. On the application card, click Settings, and select SERVICES.

  4. Enable URL path-based policies.

  5. Select Configure Rules >Add Rule.

  6. Enter a name for the rule and a URL path.

  7. Click Create Rule and Configure.

  8. Enter the IP address of the server to redirect traffic to.

  9. Click Additional Attributes.
    Server load balancing and health check configuration attribute fields appear.

  10. Complete the server load balancing settings.
    Make sure the health check configuration information is correct.

  11. Click Save Rule > Back to Configure Services > Save.

  12. Deploy the application.


Did this page help you?