01 Nov 2014 16:47
TAGS: apache http https linux proxy
For one my internal projects, I needed a HTTP-to-HTTPS proxy in a way that a client connects to HTTP network inside the trusted network and the server connects through the Internet to the service via HTTPS.
I quickly set this up using Apache. Here's the virtual host file:
<VirtualHost *:8371> ServerName localhost ProxyPreserveHost Off SSLProxyEngine On Header edit Set-Cookie secure;.HttpOnly HttpOnly RewriteEngine On RewriteRule ^/(.*) https://remote-server.com/$1 [P,L] ProxyPassReverse / https://remote-server.com/ </VirtualHost>
You need to enable the following modules for that: proxy, proxy_http, rewrite, headers
Note, above I also mangle the Set-Cookie response headers in a way, that every http-only secure cookie (this means a cookie is transmitted to the server only over a secure transport and is not available on the client side) is converted to a http-only but non-secure.
The rule I produced (convert regexp "secure;.HttpOnly" to just "HttpOnly") may not work for you because I targeted one particular service and the construction of such cookies may be different for the one you want to proxy.
The second note is that, the service you're proxying might actually check the protocol on the client side as well, which we cannot mock on the server-level. I was lucky my service didn't have such checks.