Configuring Proxy Connections

You can configure the connector to connect through an HTTP or SOCKS proxy server instead of connecting directly to the Database service. When connecting through a proxy server, the connector supports basic authentication and NTLM authentication.

You provide the configuration information to the connector in the connection URL. For more information about the syntax of the connection URL, see Building the Connection URLsee Building the Connection URL on page 1.

Important:

If you are connecting to Database through a proxy server, make sure that the proxy server does not block port 444. The result set streaming API uses port 444 on the Database server for outbound communications. For more information, see UseResultsetStreaming.

To configure an HTTP proxy connection:

Set the UseProxy property to 1.
Set the ProxyHost property to the IP address or host name of your proxy server.
Set the ProxyPort property to the number of the TCP port that the proxy server uses to listen for client connections.
Optionally, to connect to certain hosts directly even when a proxy connection has been configured, set the NonProxyHosts property to a list of the hosts that you want to connect to directly.

When specifying multiple hosts, each host must be separated by a pipe (|). You can specify patterns using asterisks (*) as wildcard characters. For example:

NonProxyHosts=123.255.321.255|*.localhost|176.255.16.*

If the proxy server requires authentication, do the following:
1. Set the ProxyAuth property to 1.
2. Set the ProxyUID property to your user name for accessing the server.
3. Set the ProxyPWD property to your password for accessing the server.
4. To configure the connector to use the NTLM protocol, do the following:
  1. Set the ProxyDomain property to the Windows domain name of the server.
  2. Set the ProxyWorkstation property to the Windows workstation name of the server.
5. To pre-emptively authenticate against the proxy server using basic authentication, set the PreemptiveBasicProxyAuth property to 1.

For example, the following connection URL uses an HTTP proxy server with authentication:

jdbc:database://192.168.203.141:8080;UseProxy=1;ProxyHost=192.168.55.3;ProxyPort=189;ProyAuth=1;ProxyUID=skroob;ProxyPWD=12345

To configure a SOCKS proxy connection:

Set the UseProxy and ProxyType properties to 1.
Set the ProxyHost property to the IP address or host name of your proxy server.
Set the ProxyPort property to the number of the TCP port that the proxy server uses to listen for client connections.

For example, the following connection URL uses a SOCKS proxy server with authentication:

jdbc:database://192.168.203.123:8080;UseProxy=1;ProxyType=1;ProxyHost=localhost;ProxyPort=8754

If the proxy server is configured to intercept SSL-encrypted connections, then in addition to setting the connection properties described above, you must also create a keystore containing the root certificate from the proxy server.

To create a keystore for SSL interception:

From the proxy server, export the root certificate as a .cer file.
On your client machine, use the Java Keytool to create a keystore containing the exported root certificate:
1. In a command-line interface, type the following command, and then press ENTER:
2. When you are prompted to provide a password, type a password for restricting access to the keystore and then press ENTER.
3. When you are prompted to confirm your choices, type y and then press ENTER.
Set the following Java system properties:

javax.net.ssl.trustStore = [KeystorePath]

javax.net.ssl.trustStorePassword = [KeystorePassword]

Where:

[KeystorePath] is the full path and name of the keystore containing the exported root certificate.
[KeystorePassword] is the password for accessing the keystore.

Configuring the Product
Proxy Configuration Options
Proxy Configuration Options
Driver Configuration Options on page 1

Configuring Proxy Connections

Related articles

Was this article helpful?