Handling Server redirects when it is fronted by a proxy

If you are deploying your web servers in a production environment,  You may need to proxy them with some proxy server or load balancer. But,  when your web servers need to do some redirect, You may see misleading browser urls (internal server urls), If proxy server can not handle them properly. Most of the proxy server are supported for reverse proxy concept that it would intercept the redirects from web servers and modify the location headers.  If you are working with Apache HTTP Server, you would have probably come up with configuration called ProxyPassReverse.

Actually ProxyPassReverse is an important parameter when you are configuring the Apache HTTP Sever. The ProxyPassReverse is used to change the location header sent by the Servers (Server cluster) to Apache HTTP Server, before Apache sends it to the browser. For example; Say, we have installed Apache Server in https://soasecurity.org and Apache Server proxies an internal server that is running at https://node1:9443/. When request is received to https://soasecurity.org, it would successfully send to internal server which is at https://node1:9443. Say; Internal Server tries to redirect the browser to,  Say  /new_location/, then it will respond with a redirect and a location header of  https://node1:9443/new_location/. (as internal server is only aware about its server url  and not aware about proxy server’s url)  Therefore, if this request directly send to the browser, Browser tries to send response to https://node1:9443/new_location/. But this location can not be identify the browsers, As node1:9443 is an internal server details,  and gets an error.

What ProxyPassReverse does,  It intercepts location headers, and rewrites them so that they match what the Apache server. i.e https://soasecurity.org.  You must have following configuration

ProxyPassReverse / https://node1:9443/

Then Apache Server would rewrite the location header  https://node1:9443/new_location/ to  https://soasecurity.org/new_location/  before sending the response back to the browser. Therefore browser would need to send response to https://soasecurity.org/new_location/  which would works fine.

Discuss this article on Stack Overflow

Leave a Reply

Your email address will not be published. Required fields are marked *