Link to home
Create AccountLog in
Avatar of sysautomation
sysautomation

asked on

Apache Reverse Proxy

On a customer's request I have to create a reverse proxy for following URL on customer's server running Apache on CentOS 6.

URL of the back end is https://94.57.252.195/gateway/order.json

I have added following lines in a virtualhost on Apache:

SSLProxyEngine          On
ProxyPass / https://94.57.252.195/
ProxyPassReverse / https://94.57.252.195/


But when I access http://mydomain/gateway/order.json I get "Bad Request Your browser sent a request that this server could not understand." . No errors in error_logs of Apache.

I would be thankful if someone can help.
Avatar of arnold
arnold
Flag of United States of America image

You are using an ip in the proxy, the response points to the configuration on the web server that it does not have a way to determine what you are looking for.
This often is a setup where default website is not set, unless you request the correct hosted sore, you would get no information.

You have to use a specific name I.e sone reference.sonedomain.com
Once added, your rules will strip the URL to make sure the subsequent links will flow through the proxy.

The other issue, often reverse proxy protects an internal server from direct access, possible attack vector.
You are referencing a public ip, so a request will go over the wan to the ip, the response will flow back that will then be forwarded to the client who made the initial request.
You need to also add the certificate of the remote to your trusted list to avoid having issues.
Avatar of sysautomation
sysautomation

ASKER

https://94.57.252.195/gateway/order.json alreday returns correct result therefore the default website is set and I have also tested replacing the IP with the hostname but it doesn't make any difference.

> You need to also add the certificate of the remote to your trusted list to avoid having issues.

Can you please tell me how can I download the certificate of the remote server and add to my trusted list?
The IP, hostname when viewing the certificate match? You may have to disable certificate verification.
Oh, just looked at your configuration of the reverse proxy, you gave an error
Proxypass and proxypassreverse have to be mirror images of each other
Proxypass / https://destination
Proxypassreverse https://destination /


Look at the Apache logs, including error logs to see what the issue is.
You could potentially enable a more detailed logging before entering the reverse proxy, terminating after to see exactly what is being attempted and what is being received......

The ip has several certificates. The URL on the certificate is an alias yet to another domain/URL.

You might have settings/parameters that do not exist on other system and on these other system an error related to the certificate is the first thing presented.
ASKER CERTIFIED SOLUTION
Avatar of David Favor
David Favor
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account