Marat, Thank you again for your response. You are correct, I cannot enumerate all of the targets because we do not know about any of them and they could potentially be any IP or URI reachable by the system.
I spent some time looking at the P option for mod_rewrite but I got the impression that it would only work in the case of the reverse proxy situation. I was not able to get it to work but I wanted to make sure you thought there was potential for that to help with my forward proxy issue before I spent a lot more time on it. -Dan On Tue, Feb 28, 2017 at 11:05 AM, Marat Khalili <m...@rqc.ru> wrote: > Solution using reverse proxy does not require any control over proxied > services, but you'll need to enumerate them all in your proxy > configuration. Proxy will discriminate requests by hostname and port and > forward them to specified services. This will give you additional control > and security at the cost of management overhead. > > If you cannot or wish not enumerate all your target services, looks like > you can use "P" option of mod_rewrite: https://httpd.apache.org/docs/ > 2.4/rewrite/flags.html#flag_p . I do not have much experience with it, > but it might work. > -- > > With Best Regards, > Marat Khalili > > On February 28, 2017 6:39:38 PM GMT+03:00, Daniel Frank < > danthehit...@gmail.com> wrote: >> >> I see how my original question made it sound like a single service. I >> was trying to keep the scenario as simple as possible and probably over >> simplified it. The reality is that the endpoint we will be connecting to >> will be many appliances at many different IPs. >> >> Regarding using a reverse proxy, even if it were one service I dont see >> how the reverse proxy would work since we dont control that service or >> where it is running. Maybe I am misunderstanding how the reverse proxy >> works as well. >> >> Thanks for the response. Regarding the original question, is what I am >> asking possible? >> >> -Dan >> >> On Tue, Feb 28, 2017 at 12:19 AM, Marat Khalili <m...@rqc.ru> wrote: >> >>> Why are you calling it _forward_ proxy if it's only going to connect to >>> one service? Your problem can easily be solved with _reverse_ proxy. >>> >>> -- >>> >>> With Best Regards, >>> Marat Khalili >>> >>> On 28/02/17 02:16, Daniel Frank wrote: >>> >>> All, >>> >>> I am trying to set Apache up as a forward proxy to help solve an issue >>> that we have where an HTTP Client in our application does not support TLS >>> 1.2 but an API that we need to consume only supports TLS 1.2. What I am >>> attempting to do is use Apache to talk HTTPS/TLS 1.2 to the target API but >>> allow my internal client to talk to the proxy over HTTP. >>> >>> I had it in my head that this was what a forward proxy was going to give >>> me so after having set up a forward proxy and configuring my application to >>> use it I was surprised to see that I was getting exactly the same behavior >>> that I was getting when I had no proxy configured (failure of my internal >>> client to speak TLS 1.2). >>> >>> So my question is; can Apache be configured as a FORWARD proxy to speak >>> HTTP with the caller but HTTPS to the callee? >>> >>> I have spent a lot of time searching and I did check the mailing list >>> archives but it's entirely possible that I just dont even know what to >>> search for to get a good answer so if this is a dumb question I sincerely >>> apologize for wasting the groups time. >>> >>> Thanks in advance for any help. >>> >>> -Dan >>> >>> >>> >>
