Help

system-wide proxy on iPads

Go to solution
blackholemac
Valued Contributor III

Posted on ‎02-26-2015 10:32 AM

Since the beginning of the year, we have implemented a Global (formerly called system-wide) proxy via a Casper config profile to our 1 to 1 iPads to provide the necessary government-mandated content filtering for students in K-12. The proxy works well in terms of app and content filtering, but now that we are rolling it out more widely, I am noticing something that is making my job a bit more troublesome. All the devices are reporting the address of our proxy server as their IP address in inventory.

When I think about it, that likely makes sense, but I need to see the real device IP addresses and not the proxy IP. Is there any kind of config I can do on the JSS (or Tomcat or MySQL) to help me get the actual IP address of the device? We are using Casper 9.65 running on Windows Server 2008R2. We use LightSpeed as our content filter.

Thank anyone for advice in advance,
blackholemac

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
davidacland
Honored Contributor II
Honored Contributor II

Posted on ‎02-26-2015 02:07 PM

Could you add the JSS as a proxy exception so the iPads go direct?

There's an option in the JSS tomcat settings under load balancing:

"Enable Remote IP Valve
Ensure that the JSS resolves originating IP addresses instead of apparent client IP addresses when behind a load balancer"

I've used this a couple of times when there are multiple tomcat servers behind a load balancer to ensure the clients IP address gets reported, rather than the load balancer IP.

I suppose in this case the proxy is behaving a bit like a load balancer from the JSS's perspective.

View solution in original post

0 Kudos
2 REPLIES 2

Go to solution
davidacland
Honored Contributor II
Honored Contributor II

Posted on ‎02-26-2015 02:07 PM

Could you add the JSS as a proxy exception so the iPads go direct?

There's an option in the JSS tomcat settings under load balancing:

"Enable Remote IP Valve
Ensure that the JSS resolves originating IP addresses instead of apparent client IP addresses when behind a load balancer"

I've used this a couple of times when there are multiple tomcat servers behind a load balancer to ensure the clients IP address gets reported, rather than the load balancer IP.

I suppose in this case the proxy is behaving a bit like a load balancer from the JSS's perspective.

0 Kudos

Go to solution
blackholemac
Valued Contributor III

Posted on ‎02-27-2015 10:04 AM

Enabling Remote Valve worked for now. We had been using the proxy for months previously. I hadn't encountered this until I was churning through the JSS yesterday and noticed a highly unusual amount of devices with the same IP. Checked and that was our proxy port!! I had updated to 9.65 of Casper recently and noticed it after that. Turning on Remote Valve works though. I

I only wonder if that is going to muck things up if we ever need to upscale to load balancing...it is a possibility with our org's growth. If anyone has thoughts on that, I welcome them.

Kind regards,
blackholemac

0 Kudos