Configure the network settings if your DTP infrastructure is deployed to an environment using forward and/or reverse proxies or if a cross-origin resource sharing (CORS) policy is enforced. Forward and reverse proxy servers are commonly used to cache static or frequently-requested files to improve performance. CORS defines which cross-origin request are allowed to improve network security.
Choose Settings from the gear icon menu in Extension Designer or Policy Center and choose Network Settings from the Administration sidebar.
Cross-origin Resource Sharing Configuration
Specify a comma separated list of fully-qualified domain names in the Whitelist field to manually enable network access to DTP Enterprise Pack from different domains.
Cross-origin Resource Sharing (CORS) is a specification for allowing modern web browsers to circumvent the "same-origin policy" and share resources across domains. The same-origin policy is a security mechanism that protects users from malicious content by requiring browser requests to a website to go through the same domain serving the website. Because DTP Enterprise Pack is designed to be an integration point in the Parasoft ecosystem, CORS whitelist functionality has been exposed to allow for 3rd party integrations with DTP Enterprise Pack.
The CORS whitelist can be used to:
- Configure network aliases when DTP Enterprise Pack is running on a machine with multiple hostnames.
- Configure hostnames for 3rd party websites/intranet pages that integrate with DTP Enterprise Pack.
- Configure reverse proxy/load balancer hostnames when DTP Enterprise Pack is behind a complex network configuration (see Reverse Proxy). Reverse proxy settings should be used for end-to-end reverse proxy support, when the reverse proxy settings are used the hostname is automatically added to the whitelist and does not need to be configured manually.
The whitelist should be a comma separated list of hostnames (or origins) that are allowed to make cross-origin requests to DTP Enterprise Pack. You should provide a hostname, fully-qualified domain name, or IP address. Do not include the protocol or port.
Click Save when finished.
Enable the Enable forward proxy option and specify the hostname and port of the proxy server. If the proxy server requires authentication, a username and password can be configured to authenticate with the proxy server.
Enabling the proxy server sends all HTTP(S) requests through the proxy.
- You can specify a list of hostnames, fully-qualified domain names, and/or IP addresses in the No Proxy Hosts field to avoid using the proxy for all HTTP(S) requests to those hosts.
- Click Save when finished.
Enable the Enable reverse proxy option and specify the reverse proxy server settings and click Save.
Reverse proxies are sometimes used to ensure high availability or strengthen network security. The network administrator configures the reverse proxy server to forward user requests to where the applications are hosted. The following diagram shows the basic reverse proxy flow.
Example Reverse Proxy Configuration
Different reverse proxy servers have different implementations. The following example shows how a reverse proxy may be configured on nginx.
In this example,
server listen is configured to port
9443. These ports are configured to forward traffic to DTP, Extension Designer, and Policy Center, respectively, with the
Reverse Proxy Support for WebSockets
See the following documentation to configure your reverse proxy server for WebSockets communication: http://nginx.org/en/docs/http/websocket.html