I can't find the solution to my request, here is what I want to do :
The HTTPS stream arrives on my server from my client's site (of which I do not have the certificate): https://clientwebsite.com
Afterwards I want to send this HTTPS stream to a website that doesn't accept HTTPS. So I send it in HTTP : http://api-website.com
My problem is... I don't know and I don't find how I can do that with Apache on Centos 7
Could someone help me please ?
I'm very happy with Pound as my reverse HTTPS/HTTP proxy
Related
I have a apache server with http2 support and a proxy. When I send a curl request via proxy the http protocol falls back to http1.1, can someone tell me if there is any config changes I need to make or it works that way itself?
Can someone help how to direct HTTP to HTTPS? and Am having an SSL certificate on my Solaris(UNIX) server.
this is my initial server name HTTP://rsdev.mt.att.com:8001/ once we entering it is going through this URL https://rsdev.mt.att.com:8801/cgi-bin/bounce?http://rsdev.mt.att.com:8001/cgi-bin/esprMgr
don't know what is happening here.
But I want my URL to be secure.
Please help me to resolve.
I setup haproxy as reverse proxy in our organization . we want when the client request for some web site like lenovo or oracle or etc. …the request must be passed through our reverse proxy server .(because our client set our dns server and i defined reverse proxy’s ip as those such domain in our dns server). i using SSL passthrough .but i have some problem in this case.
1- some time haproxy doesnt work fine and have problem to load right certificate.for example when i want to see www.amazon.com haproxy load wrong certificate(SSL_ERROR_BAD_CERT_DOMAIN) so firefox prevent to load website. in this case i have www.intel.com in haproxy config so haproxy getting confused and load www.amazon.com with intel certificate website.
2-I want all sub domain of website like *.oracle.com or *.lenovo.com passed through our reverse proxy so we don’t need to register sub domains of website one by one in haproxy server .
i try with -reg or matching pattern method but all of them need to final destination.
3- some time redirection cant work properly and we facing http to https redirection error .(some time client enter lenovo.com or intel.com (means http requesting).to over come this problem i defined http frontend and redirect all request to https except one hypothetical request by acl . but my issue some time appear.
This is simple done by req_ssl_sni and writing simple acl to forward request but attention to just write single forntend and backend ,because multi frontend and backend cause a confusing in haproxy.
I have an Apache server in front of a Websocket Tomcat server, and I would like to restrict access to secure websockets only (wss://).
How can I achieve that in Apache configuration ?
One thing that I do not understand is that even if I block port 80 (not 443) on AWS, it is still possible for me to connect to my unsecured ws via Simple WebSocket Client, whereas a telnet myHost 80 is logically failing...
Actually, configuring Apache with SSL is enough : it will redirect all HTTP traffic to HTTPS.
I did not figure out that quickly, but I can only connect with WS protocol only after I have been redirected by the browser with a simple HTTP request to HTTPS. And then, when I try to connect with WS, looking at Chrome Developer tools, I can see in request headers that the final endpoint is WSS.
So, in Simple WebSocket Client, I am actually silently redirected to WSS endpoint when trying to connect with insecure WS. As I said previously, this silent redirection is enabled only after a HTTP to HTTPS redirection on a simple call in the browser. You can check it by closing your browser and trying to reconnect in WS via Simple WebSocket Client : you will get a 403 HTTP error.
I've setup the standard GCP load balancer to point to my instance group. It talks over the same port on the instance. I would like to redirect http to https. I would normally do this in nginx or apache on the instance but that won't work since its https already from the load balancer.
Is there a way to rewrite the url similar to if I was using nginx and apache to load balance in GCP's Load Balancer? or should I forward http and https to the instance and have the instance handle the rewrite as I normally would. I'm new to GCP thanks in advance.
You can set it up the same way as Nginx does. When you see traffic on a port which is not https, you redirect it to HTTPs.
To do this, you can use X-Forwarded-Proto header which contains the protocol using which the traffic came in. On your server, you can simply look for traffic that has http header and upgrade that request to HTTPS.
Most commonly used way is to use 301 redirect, but that is not a great practice. One should use HTTP 426 upgrade request header.
Read more: Is HTTP status code 426 Upgrade Required only meant signal an upgrade to a secure channel is required?
RFC doc: https://www.rfc-editor.org/rfc/rfc2616#section-14.42