Jump to content


Photo

Two question about reverse proxies

reverse proxy https

  • Please log in to reply
1 reply to this topic

#1 Graham Starfelt

Graham Starfelt
  • Members
  • 1 posts

Posted 08 February 2016 - 05:09 PM

Hi,

 

I've got a couple questions about reverse proxies: first, is it possible to have the proxy listen only on one specific external IP address? Basically, we'd like to move some of our internally hosted websites behind the reverse proxy, but not all of them. It's unclear to me from the documentation how one would do that.

 

Two, how does the reverse proxy work if the site behind it is already SSL-secured. Can I just pass 443 traffic to the site without having the firewall handle the certificate?

 

Thanks!

-Graham



#2 Steve Vickers

Steve Vickers
  • Barracuda Team Members
  • 45 posts

Posted 09 February 2016 - 04:39 AM

Hi Graham,

 

the reverse proxy service will only listen on the IP addresses you define in the "Service Properties" (N.B. you can only use IP addresses you have already declared in the "Server Properties" for the virtual server.

 

Any proxy, forward or reverse is the termination point for all client connections. So when a client requests an HTTPS/SSL connection that has to be terminated by the reverse proxy and then a new SSL connection established to the server. To do that you have to copy the certificate from the web server or create a new one and install that in the reverse proxy, then tell the reverse proxy to also use/accept SSL. N.B. you may also need to adjust the OP-SRV-VPN rule in the "Host Firewall Rules" so that it either doesn't listen on that IP address or remove HTTPS from the list of services for that rule.