0

I configured my apache so that it can forward my requests to external URL like google.com, but the reverse proxy doesn't work.

<VirtualHost *:443>
ServerName authtest.com
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
  Order allow,deny
  Allow from All
</Proxy>
<LocationMatch "/google">
  ProxyPass https://www.google.com/
  ProxyPassReverse https://www.google.com/
</LocationMatch>
</VirtualHost>

Is it possible for me to reverse proxy external websites?

Improve this question

2 Answers 2

Reset to default
3

Is it possible for me to reverse proxy external websites?

Yes but with significant downsides.

Note: when I tried your configuration, I got SSL Proxy requested for [...] but not enabled [Hint: SSLProxyEngine] in the logs so I added SSLProxyEngine on.

Host issue

When you make a HTTP/1.1 request to a server, you automatically add the hostname in the request. When you proxy them, you have two possibilites:

[browser] --(Host: authtest.com)--> [apache proxy] --(Host: authtest.com)--> Google

or

[browser] --(Host: authtest.com)--> [apache proxy] --(Host: google.com)--> Google

The first one is what you get with ProxyPreserveHost On. Google servers won't handle requests for authtest.com, you should remove this line.

Even in the second case, you can have issues. ProxyPassReverse will handle redirects but only for the given domain: I'm in France, google.com redirects me to google.fr (a different domain) and the reverse proxy doesn't rewrite the redirect.

An other issue is the referer: if a service sees requests for images/css/js coming from a different web site it may consider it as bandwidth leeching and block them. Now, you need to rewrite the html of the response too (mod_proxy_html will help but it's not a silver bullet).

Path issue

In your example, you proxy <authtest>/google to <google>/. Like above, you need to rewrite the html: absolute links/resources won't work unless your server adds /google everywhere. Same for relative links/resources (but with more edge cases). If you owned the backend server, you could have checked urls in html/css/js files. Here, if the url is built dynamically in the browser using js you can't do anything.

If you can proxy / to / (or /whatever to /whatever) you will avoid a lot of issues here.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you so much for the detailed description. In my project Iam proxy passsing coupleof webistes using the same domain name i.e authTest but different locations like /google to google.com and /fb to facebook. So there is when I'm having issues.
3

Chech this GIT Repo I forked a GIT Repo and customized it to work with scenario:

[browser] --(Host: google.local)--> [apache proxy] --(Host: google.nl)--> Google

The Apache config as follows:

<VirtualHost *:80>
        ServerName google.local
    SSLProxyEngine on
    ProxyRequests Off
    <Proxy *>
        Order allow,deny
        Allow from All
    </Proxy>
        ProxyPass / https://www.google.nl/
        ProxyPassReverse / https://www.google.nl/

        ErrorLog /var/log/apache2/google.local-error.log
        CustomLog /var/log/apache2/google.local-access.log combined

</VirtualHost>
Improve this answer

1 Comment

Thank you for the response. It didnt work in my case, as Iam looking for /google to google.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.