HTTP Proxy Support

MediationZone can be configured to route outgoing HTTP traffic through an HTTP proxy. This is commonly required in networking environments where the execution context has limited access to the internet. Proxy configuration has to be performed on each Execution Context (EC) that is required to route HTTP traffic through a proxy.

Proxy support is available for:

  • HTTP APL functions

  • HTTP Batch agent

  • GCP PubSub Subscriber agent

  • GCP PubSub Publisher agent

  • GCP BigQuery agent

  • HTTP/2 Client agent

  • Salesforce Streaming agent

This chapter has the following sections:

Configuring Proxy Support

Standard Java system properties are used to configure MediationZone to route HTTP traffic through an HTTP proxy. These properties must be configured at the Execution Context (EC) level for all execution contexts. Refer to proxy properties here: https://infozone.atlassian.net/wiki/spaces/MD9/pages/4866484.

At least one of these properties has to be set to use HTTP Proxy:

  • http.proxyHost

  • https.proxyHost

It is often necessary to provide a list of destinations that should not be routed through the proxy. This list can be configured using the proxy property http.nonProxyHosts. Note that this property, despite the name, applies to both http and https traffic.

Currently, only HTTP/1.1 has been verified to route through an HTTP proxy.

Authenticating the Proxy

MediationZone supports basic authentication to HTTP proxy. The username and password are configured using system properties. Refer to the proxy properties here: https://infozone.atlassian.net/wiki/spaces/MD9/pages/4866484.

Some JDK versions support a system property that is used to disable certain proxy authentication schemes. This is controlled by two system properties:

  • jdk.http.auth.proxying.disabledSchemes – for HTTP traffic

  • jdk.http.auth.tunneling.disabledSchemes – for HTTPS traffic

These properties contain a list of authentication schemes that are disabled. In particular, in some JDK versions default jdk.http.auth.tunneling.disabledSchemes to “Basic" which has the effect of disabling basic authentication by default. To use basic authentication, you may need to set one or both of following system properties to ensure that they do not include “Basic". See the example configuration below.

Example Configuration

Here is an example of how to configure the system properties to use an HTTP Proxy.

Use the following command to edit the system properties.

mzsh topo open ec1

config {     classpath {}     jvmargs {         args=[]         maxMetaspace=[             "-XX:MaxMetaspaceSize=196M"         ]     }     properties {         mz.webserver.xframeoptions=DENY         pico.groups=""         ec.backlog.dir="/Users/mzadmin/mz9/mz9HttpProxy/tmp"         ec.webserver.port=9090         http.proxyHost=192.168.205.4         http.proxyPort=3128         https.proxyHost=192.168.205.4         https.proxyPort=3128         http.proxyUser=test         http.proxyPassword=DR-4-D999C75BC7A3C4AF1B4DAA7F134EEED9         https.proxyUser=test         https.proxyPassword=DR-4-D999C75BC7A3C4AF1B4DAA7F134EEED9         http.nonProxyHosts="localhost|*.foo.com"         jdk.http.auth.proxying.disabledSchemes=""         jdk.http.auth.tunneling.disabledSchemes=""     }     vendor-jvmargs {         hp {}         sun {}     } }