Accessing HTTPS Over HTTP

01 Nov 2014 16:47

For one my internal projects, I needed a HTTP-to-HTTPS proxy in a way that a client connects to HTTP network inside the trusted network and the server connects through the Internet to the service via HTTPS.

I quickly set this up using Apache. Here's the virtual host file:

<VirtualHost *:8371>
        ServerName              localhost
        ProxyPreserveHost       Off
        SSLProxyEngine          On
        Header                  edit Set-Cookie secure;.HttpOnly HttpOnly
        RewriteEngine           On
        RewriteRule             ^/(.*)$1 [P,L]
        ProxyPassReverse        /

You need to enable the following modules for that: proxy, proxy_http, rewrite, headers

Note, above I also mangle the Set-Cookie response headers in a way, that every http-only secure cookie (this means a cookie is transmitted to the server only over a secure transport and is not available on the client side) is converted to a http-only but non-secure.

The rule I produced (convert regexp "secure;.HttpOnly" to just "HttpOnly") may not work for you because I targeted one particular service and the construction of such cookies may be different for the one you want to proxy.

The second note is that, the service you're proxying might actually check the protocol on the client side as well, which we cannot mock on the server-level. I was lucky my service didn't have such checks.

More posts on this topic


Add a New Comment
or Sign in as Wikidot user
(will not be published)
- +
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License