Apache as forward/reverse proxy server

Apache HTTPD and NGINX are some of the famous names in the world of open source for proxy solutions. What exactly does the term web proxy mean? It is something of a cross between the web server and a web client. It can be thought of as an intermediary system that sits between clients and normal web servers in order to facilitate or streamline the process of retrieving web pages. This configuration is often referred as a three-3-tier model also.

A forward proxy takes the request of the client and forwards the request to the destination based on configuration. It can be used to bypass firewall restrictions. On other hand, a reverse proxy takes requests from the internet and forward these requests to one of the web servers.

For an example, I will list three computers connected to the internet. ( credit: stackoverflow.com )

  • X = your computer, or "client" computer on the internet
  • Y = the proxy web site, proxy.example.org
  • Z = the web site you want to visit, www.example.net

Normally, one would connect directly from X --> Z

In the forward proxy, Y will connect to Z ( Y --> Z ) on behalf of X, which chains as followsX-->Y-->Z.
However, in some scenarios ( reverse proxy ), it is better for the administrator of Z to restrict or disallow direct access and force visitors to go through Y first. So, as before, we have data being retrieved by Y --> Z on behalf of X, which chains as followsX-->Y-->Z.
What is different this time compared to a "forward proxy," is that this time the user X does not know he is accessing Z, because the user X only sees he is communicating with Y.
The server Z is invisible to clients and only the reverse proxy Y is visible externally. A reverse proxy requires no (proxy) configuration on the client side.

Reasons why X would want to use a forward proxy server:
Here is a (very) partial list of uses of a forward proxy server.
X is unable to access Z directly because
I) Someone with administrative authority over X's internet connection has decided to block all access to site Z
a ) The Storm Worm virus is spreading by tricking people into visiting familypostcards2008.com, so the system administrator has blocked access to the site to prevent users from inadvertently infecting themselves.
b) Employees at a large company have been wasting too much time on facebook.com, so management wants access blocked during business hours.

II) The administrator of Z has blocked X.
a) The administrator of Z has noticed hacking attempts coming from X, so the administrator has decided to block X's IP address (and/or netrange).
b) Z is a forum website. X is spamming the forum. Z blocks X.

Reasons why Z would want to set up a reverse proxy server:
1) Z wants to force all traffic to its web site to pass through Y first.
a) Z has a large web site that millions of people want to see, but a single web server cannot handle all the traffic. So Z sets up many servers and puts a reverse proxy on the internet that will send users to the server closest to them when they try to visit Z. This is part of how the Content Distribution Network (CDN) concept works.
Examples:Apple Trailers uses Akamai
Jquery.com hosts its javascript files using CloudFront CDN (sample).
2) The administrator of Z is worried about retaliation for content hosted on the server and does not want to expose the main server directly to the public.
a) Owners of Spam brands such as "Canadian Pharmacy" appear to have thousands of servers, while in reality having most websites hosted on far fewer servers. Additionally, abuse complaints about the spam will only shut down the public servers, not the main server. ( credit for this example goes to https://bit.ly/2IrsnlJ  )

Back to our main topic. Apache as forward/ reverse proxy. We will be using Ubuntu as OS for installing Apache Server.

Start with Apache Server installation

# apt install apache2 # On Ubuntu

Lets create a new Apache configuration file ( my-locallab.local.conf ). You can also edit the default Apache configuration file, but not recommended.

<virtualhost *:80>
ServerName my-locallab.local # YOUR DOMAIN NAME
ServerAlias www.my-locallab.local
ServerAdmin webmaster@my-locallab.local
ProxyRequests Off
ProxyPass / http://TOMCAT-SERVER-IP:8080/
ProxyPassReverse / http://TOMCAT-SERVER-IP:8080/ # YOUR TOMCAT IP ADDRESS

Run the following command to test syntax validity

# apache2ctl configtest # On Ubuntu

Restart Apache service using following command

# service apache2 restart # On ubuntu

Anup Chhetri

IT system administrator

You may also like...

error: Content is protected !!