cancel
Showing results for 
Search instead for 
Did you mean: 
w.furlan
Level 7

HTTPS to HTTP in reverse proxy configuration

Hi,

Anyone have an idea about how ti configure the WEB gateway to be an SSL terminator in a reverse proxy configuration?

The idea is the following:

clients communicate to rev-proxy via https

rev-proxy communicate to internal web server via http

internal web server replies to rev-proxy via http

rev-proxy replies to client via https

I've tried some configuration changing URL.protocol property but i get in a bed request between rev-proxy and intenaral web server

(tcpdump of traffic from rev-proxy as attachment)

Message was edited by: w.furlan on 3/30/12 5:07:42 AM CDT
0 Kudos
6 Replies
asabban
Level 17

Re: HTTPS to HTTP in reverse proxy configuration

Hello,

I have a very simple reverse proxy example that I am currently preparing for the Online Rule Set Library. I don´t have any documentation yet, but I will attach it for you. It will cause MWG to accept requests on port 80 and port 443. Request to port 80 are immediatly redirected to port 443, so all clients will talk to MWG via HTTPS.

MWG talks to two web servers via HTTP in the backend. My example servers are "web" and "mail". For this to work I am using DNS, so when the client looks up "web" and "mail" it gets an IP address which MWG is listening on. I am using two IP addresses to keep older browser/os versions compatible. When MWG looks up "web" and "mail" it uses the web servers IP address to connect to the server. I have added entries to the /etc/hosts on MWG.

Different scenarios are of course possible, but this is one approach to do it. Maybe you can grab some ideas out of the rules.

Best,

Andre

Nachricht geändert durch asabban on 30.03.12 06:17:39 CDT
0 Kudos
w.furlan
Level 7

Re: HTTPS to HTTP in reverse proxy configuration

Hi Andrea,

Thanks for support, with your policy it works =)

Walter

0 Kudos
asabban
Level 17

Re: HTTPS to HTTP in reverse proxy configuration

Cool, that was easy :-)

Thank you!

Andre

0 Kudos
antnee777
Level 7

Re: HTTPS to HTTP in reverse proxy configuration

Hi Andre, can this reverse proxy policy be used for IPv6 to IPv4 handling ? (I know you like a challenge).

Thanks

Ant.

0 Kudos
asabban
Level 17

Re: HTTPS to HTTP in reverse proxy configuration

Hi Ant,

I have not tried it but I believe it can. You can create a proxy listener which listens on an IPv6 address. When MWG internally forwards the traffic you can forward it to an IPv4 address and hand back the response via the IPv6 proxy listener. You can tell MWG to prefer IPv4 or IPv6 when talking to a destination in the Proxy Settings in the advanced tab.

Unfortunately I don't have an IPv6 test environment but I think it should be possible without a lot of efforts to configure MWG that way.

Best,

Andre

0 Kudos
antnee777
Level 7

Re: HTTPS to HTTP in reverse proxy configuration

Thanks Andre, but the UI (even 7.3.1) does not seem to understand the use of a v6 address in the proxy listener section.

0 Kudos