Jun 122014
 
Article Apache

In the first place, a distinction needs to be made between forward proxies and reverse proxies.

Forward proxies and reverse proxies

A forward proxy is used to give internet access to computers connected to a intranet, without direct internet access.

On the contrary, a reverse proxy (or gateway) is used to give to computers connected to internet, access to servers connected to a intranet, without direct internet access.

The figure below tries to represent the difference between both types of proxies:

 

forward-reverse-proxies

A forward proxy receives from clients (browsers) connected to the intranet requests for internet pages. The forward proxy is not transparent, because the clients need to be explicitly configured to send their requests through the proxy.

On receiving a request from a client, the forward proxy sends the request to the destination server, retrieves the response and delivers it to the client that made the request.

On the other hand, a reverse proxy is used to give access to servers that are not directly reachable by means of an internet address. The reverse proxy impersonates the destination server by associating, in DNS, the internet hostname of the destination server with its own IP address. On receiving requests from clients, the reverse proxy sends them to the destination server, retrieves the response and delivers it to the client that made the request. But additionally, the reverse proxy may need to modify the URLs that appear in the HTML code retrieved, or in the HTTP header.

Configuring the proxy

For the proxy service to work as expected, we must make sure that the required modules are available and have been enabled:

  • mod_proxy
  • mod_proxy_http
  • mod_proxy_connect (required for SSL connections, i.e., request for URLs using secure http:  https://… )
  • mod_proxy_ftp (for FTP connections)

Forward Proxy

The basic configuration of a forward proxy is done by adding the following directives to the configuration file of the apache web server:

“ProxyRequest On” allows the reception of proxied requests.

The rest of the directives in the sample configuration are used to restrict access to the proxy. It is strongly advisable to setup this kind of restriction, or alternatively restrict access to the server by requesting a validation with username/password. Otherwise the server becomes an “Open Proxy”, that can (and will) be used by any computer connected to internet.

Using non-default ports

The configuration example above uses the default HTTP port 80. We can specify a different port for the proxy service by enclosing the proxy configuration inside a VirtualHost (and adding a “Listen” directive to tell apache to listen for incoming requests on that port). For instance, the following configuration could be used to make the proxy service available on port 50099:

Reverse Proxy

The basic configuration of a reverse proxy is made adding the following directives to the apache configuration file:

The ProxyPass directive specifies the changes that the proxy should perform on incoming requests. In the example, requests starting with “/foo” will be sent to the destination server “internal.example.com”, replacing “/foo” with “/bar”.

In the same way, the ProxyPassReverse specifies the changes that the proxy should perform in the HTTP response header received from the internal server, before forwarding it to the client. Specifically, the proxy server edits the headers “Location”, “Content-Location” and “URI”. In the example configuration above, appearances of “/bar” in these headers will be replaced with “/foo”.

 Posted by at 6:41 pm

 Leave a Reply

(required)

(required)