0

How can I correctly proxy rest api call through another server as if it comes from that server ?

Developers need to talk a a remote rest api on domain sub.xyz.com that is only accessible through domain xyz.com (Access-Control-Allow-Origin). So I though of setting up a http proxy on the server that host domain xyz.com as if the calls come from that domain. However, I do get the following error:

403 Forbidden Access was denied to this resource.
Unauthorized: get_collection failed permission check

The apache httpd config I use:

ProxyRequests Off
ProxyPreserveHost Off
SSLProxyEngine on
ProxyPass /api https://sub.xyz.com/api
ProxyPassReverse /api https://sub.xyz.com/api

How do I set this up correctly such that it works?

edbras
  • 4,145
  • 9
  • 41
  • 78

1 Answers1

0

if you want the front end server name preserved when reaching the backend you should set:

ProxyPreserveHost on

You should probably additionally add:

SSLProxyCheckPeerCN off

and/or

SSLProxyCheckPeerName off

Or the connection will fail in ssl handshake due to contacting the backend with a host name which does not match its certificate CN.

Based on your comments if you want to make the backend also think the proxy is making the requests, maybe you should start removing proxy headers like:

ProxyAddHeaders off

But it really depends on what the backend looks at to determine who is accessing it.

Daniel Ferradal
  • 2,727
  • 1
  • 13
  • 19