Configuring a HTTP(S) reverse proxy or TCP port forwarding

The reverse proxy capability allows applications that are unable to configure HTTP(S) forward proxying to address the proxy directly and have it forward these requests to a configured destination, which is also applicable for forwarding TCP-based communications.

Note: For an explanation of when to use a reverse proxy versus a standard proxy, see Virtualizing HTTP.

About this task

Typically, you can configure the settings in the client to route HTTP and HTTPS traffic through the proxy (forward proxying). In some cases, the client cannot be configured with the proxy settings, and a reverse proxy approach can be used. In such cases, the client is directly configured with the proxy as the end point that in turn defines the final destination. You can do this by configuring the forwarding rule in the proxy that directs the traffic that arrives on a specific port to the final destination.

Procedure

  1. Find the destination URI used by the client.
  2. Using any text editor, open the registration.xml file that is available in Quality_Server_installation_directory/httptcp location.
  3. In the registration.xml file, add the TCP forward rule for the destination URI and specify the proxy port for recording the HTTP or HTTPS traffic for the client.
    • Example of TCP forward rule for HTTP: <forward bind ="198.51.100.1:3333" destination ="www.example.com:80" type="http"/>
    • Example of TCP forward rule for HTTPS: <forward bind ="198.51.100.1:3334" destination ="www.example.com:443" type="https"/>
    • Example of TCP forward rule for TCP: <forward bind ="198.51.100.1:3333" destination ="www.example.com:80"/>
    Note: The host name or the IP address that is specified for the bind attribute determines which network interface the proxy listens on.
    • IP address: Binds to the specified adapter
    • 0.0.0.0: Binds to all the addresses/adapters on the machine. Specify this value if you do not know the specific hostname or IP that the machine is listening on
    • localhost: Allows connections only from the local machine
    Note: type attribute values that are available for TCP-based transports are listed in the comments in the registration.xml file for the proxy. Those values include: ims, imsconnect, ipic, and mqtt.
  4. Optional: If your destination URI uses HTTPS, but you want to configure your client to send its traffic to the proxy without encryption (that is, through plain HTTP) then use an HTTP to HTTPS forward rule. The proxy then directs the HTTP traffic that arrives on a specific port to the final HTTPS destination. In the registration.xml file, add the HTTP to HTTPS forward rule for the destination URI, specify the proxy port for recording the HTTP traffic for the client and specify the destination type to be HTTPS.
    • Example of HTTP to HTTPS forward rule: <forward bind ="localhost:2000" destination ="www.example.com:443" type="http" destinationType="https"/>

    This example shows a plain text connection to localhost port 2000 to relay traffic to the secure example site.

  5. In the registration.xml file, set the disableConnectForwarding attribute value to "true".
  6. Configure the client to use the defined proxy host and the port as the final destination.
  7. Restart the proxy. See Starting and stopping the HTTP/TCP proxy.