1

I am using Apache 2.2 on SUSE 10 with mod_ssl.

My problem: I want to connect a client(supporting only http) to a Server(supporting only HTTPS). So I thought of deploying Apache as a proxy to convert HTTP message to HTTPS message. I will install certificates of server at Apache itself. Note: Client and server here are not normal browser and webserver. These are SOAP based webservices using custom ports( port 80 or 443 is not used)

My intended deployment is like this: Client---------->Apache(proxy)----------->HTTPS Server

My question are: 1) Is this type of deployment possible using Apache? 2) What configuration in apache is needed? 3) Any particular module of apache is neede?

I have already tried "RewriteEngine" and "RewriteRule" as suggested in most of sites. I get following error "302 Found" Error code from Apache server.

Kenny Rasschaert
  • 9,045
  • 3
  • 42
  • 58
user107297
  • 11
  • 1
  • 1
    The answer to the first part is almost certainly yes, but I haven't used Apache for this. I generally find [stunnel](http://www.stunnel.org/) is easier to work with as a simple http to https proxy. – Zoredache Jan 17 '12 at 16:21

1 Answers1

2

You could have Client ---> Apache(proxy) ---> HTTPS Server indeed.

However, you would need Apache Httpd to be configured as a reverse proxy. (A normal HTTP proxy uses CONNECT to handle HTTPS requests: this expects the client to be able to use HTTPS itself, since it just relays the connection). To do this, you would need to use mod_proxy for this (and mod_proxy_http) and use the SSLProxy* directives, as documented in the mod_proxy documentation. (Reverse proxy servers with mod_proxy and SSL are often used the other way around.)

The downside is that it can be quite heavy to set up. Presumably, this HTTPS server uses HTTPS only for a reason: you would want your proxy to be set up as close to your client as possible to avoid to expose the non-HTTP variant of this site to others.

This being said, as @Zoredache said in a comment, tools like stunnel are probably more appropriate for this. You could more easily set this up on the client's machine. If configured to verify the certificate properly, this could provide you with a similar level of security as HTTPS directly in the client. (You would at least need to protect the client machine itself, though.)

One point that comes to mind, is that some HTTPS-specific information might be handled differently, in particular secure cookies, which a browser wouldn't send to the server (since it wouldn't connect over HTTPS): this might not be an issue for a SOAP-based web service.

Bruno
  • 4,099
  • 1
  • 21
  • 37