Which exposes internal servers deprived of an inverted proxy?


Which exposes internal servers deprived of an inverted proxy?

In this tutorial, let’s explain how to include the content of different websites in the main website via the reverse proxy.

Reverse proxy

A proxy server is an intermediate server that transfers content requests from multiple clients to different servers on the Internet.

An inverse proxy server is a type of proxy server that is usually found behind the firewall in a private network and directs customer requests to the appropriate main server. A reverse proxy provides an additional level of abstraction and control to ensure the flow of network traffic between customers and servers.

  • Load balancing – An inverse proxy server can act as a load balancing device in front of your main servers and distribute customer requests over a group of servers.
  • Web acceleration – Reverse proxies can compress incoming and outgoing data, as well as cache commonly requested content, both of which accelerate the flow of traffic between customers and servers. They can also perform additional tasks such as SSL encryption to lighten the load on your web servers, thereby improving their performance.
  • Security and anonymity – By intercepting requests for your backend servers, a reverse proxy server protects their identities and acts as an additional defense against security attacks. This also guarantees that several servers are accessible from a single URL

Apache httpd (as well as most other web servers) can act as an inverse proxy server, also known as a “gateway” server.

In this case, httpd himself does not generate or host the data, but rather the content is obtained by one or more backend servers, which normally do not have a direct connection to the external network.

The httpd receives a request from a client, the request itself is through one of these backend servers, which then manages the request, generates the content, then returns this content to httpd, which then generates the actual HTTP response to the customer.

mod_proxy – the main Apache module for proxy connections; it allows Apache to act as a gateway to the servers of underlying applications.

mod_proxy_http – which adds support for HTTP connections by proxy.

mod_proxy_balance – which adds load balancing functionalities for several backend servers.

mod_proxy_ftp – which adds support for FTP connections by proxy

mod_proxy_connect – which adds support for the SSL tunnel

mod_proxy_ajp – which adds support for the AJP protocol

mod_proxy_html – Rewrite HTML links to make sure they are addressable from client networks in a proxy context.

mod_proxy_http2 – which adds support for the HTTP / 2 protocol

Let’s see how to include the content of the different backend servers to return the response to the client.

Reverse proxy to include the content of different backend :

The reverse proxy can be used to include the content of the different main servers / websites and exposed to the client via a single domain.

Here, we use the proxy_http to reverse the demand proxy to different main servers / websites depending on the path of demand, other proxy modules can be used depending on your use cases (the proxy_http module helps connect any activated URL via http / https) .

The end user accesses the myexample.com domain, the Apache Reverse Proxy server sending the request to different backend servers (proxy to different websites) depending on the root of the context of the request. The end user will not see the details of the main server, the internal links will be changed to myexample.com so that the end user will only see myexample.com and all content will be requested via the same myexample.com domain.

  • If the user accesses subresources from / test1, the reverse proxy extracts the main server resource internally 1 and responds the data to the end user, before responding to the proxy server, rewrite internal links.
  • If the user accesses subresources from / test2, the reverse proxy extracts the main server 2 resource internally and responds the data to the end user, before responding to the proxy server, rewrite internal links.
  • If the user accesses other resources, the reverse proxy extracts the main server 3 resource internally and responds the data to the end user, before responding to the proxy server rewrites internal links.

Activate the mod_proxy, the mod_proxy_http and the modules in httpd.conf

LoadModule proxy_module modules / mod_proxy.so
LoadModule proxy_http_module modules / mod_proxy_http.so
LoadModule proxy_html_module modules / mod_proxy_html.so

ProxyHTMLEnable – A simple switch to activate or deactivate the proxy_html filter, the proxy_html module provides an output filter to rewrite HTML links in a proxy situation, to ensure that links work for users outside the proxy

ProxyPassMatch – This directive allows remote servers to be mapped in the space of the local server, uses regular expressions instead of a simple prefix match

ProxyPassReverse – This directive allows Apache httpd to adjust the URL in the Rental, Content-Locationand the URIheads of HTTP redirect responses to the name of the incoming server

ProxyHTMLURLMap – This is the key directive for rewriting HTML links. When analyzing a document, each time a link target corresponds to from-pattern, the corresponding part will be rewritten in to-pattern (this helps to resolve the following requests via the reverse proxy)

Now by accessing http://myexample.com/test1/, the request is transmitted by inverse proxy internally to the main server1 (8080)

Internal CSS links and other links are rewritten

Internal CSS links and other links are rewritten

Internal CSS links and other links are rewritten

Some additional configurations related to the proxy

SSLProxyEngine – This directive changes the use of the SSL / TLS protocol engine to connect to the proxy backend.

ProxyPassReverseCookieDomain – Adjusts the domain chain in Set-Cookie headers from an inverse proxy server

ProxyPassReverseCookiePath – Adjusts the Path string in Set-Cookie headers from an inverse proxy server

ProxyPreserveHost – Use the incoming host HTTP request header for the proxy query

This reverse proxy will help in several scenarios to display the content of different sites (main server) via a single domain to the end user. This approach can be used when migrating websites from one platform to another platform, the inherited platform can host some of the content paths via the reverse proxy until the platform is completely migrated to the new platform.


Leave a Reply

Your email address will not be published.