Q: Can reverse-proxy act as a general proxy server? #298
-
|
I wanted to check my understanding, and confirm if this scenario is legitimate. My understanding is the difference between a proxy and a reverse-proxy is just semantic - basically where the proxy is located related to the client and the server. I want to point the browser (or application) to the Reverse-Proxy service via proxy configuration. Basically like a 'Fiddler' scenario. The browser's proxy server would point to the reverse-proxy (say, port 5001 for secure), and all the requests would go through the reverse-proxy service. The user would type in the same URL as normal, but be sent through the Reverse-Proxy service instead. Would this generally be expected to work? I know that the client would need to trust the Reverse-Proxy server certificate, similar to having to trust the Fiddler 'root cert'. Can I use the 'reverse-proxy' sample, or would there be a better sample to use for this scenario? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
No, a forward proxy implements a specific protocol with features such as TLS tunneling (CONNECT). Connect and TLS tunneling is not supported by any ASP.NET Core server, so you wouldn't be able to build a full forward proxy. |
Beta Was this translation helpful? Give feedback.
-
|
I suppose that CONNECT support would pass the existing SSL communications through without modification. I tried Squid proxy (which implements CONNECT) to google.ca and saw that the original Google certificate was presented to the browser. In the scenario where responses may need to be modified by the proxy, is it correct that the SSL connection would have to be broken at the proxy, and thus the client would have to trust the intermediate server's certificate? |
Beta Was this translation helpful? Give feedback.
-
Correct. Fiddler is a good example of that, it intercepts traffic for diagnostic purposes, but it can't intercept HTTPS unless you enable trust for the Fiddler certs. |
Beta Was this translation helpful? Give feedback.
No, a forward proxy implements a specific protocol with features such as TLS tunneling (CONNECT). Connect and TLS tunneling is not supported by any ASP.NET Core server, so you wouldn't be able to build a full forward proxy.