A reverse HTTPS proxy configuration can prevent clients from uploading unwanted data, such as malware or particular media types, to web servers under the HTTPS protocol.
In this configuration, HTTPS traffic is redirected to an appliance that a proxy is run on. It is inspected and eventually forwarded or blocked, according to the rules implemented on the appliance.
You can configure this in the following ways:
- Set up a Transparent Router.
- Set up a DNS configuration that points directly to the appliance when access to a particular web server is requested.
Redirection to an appliance can also be achieved by configuring proxy-aware connections that rely on the use of CONNECT headers.
However, this method would require an additional network device to assemble these headers for incoming requests. It is therefore not recommended.
In addition to configuring your network, you need to configure the handling of SSL certificates.
Optionally, you can configure additional settings that are not SSL-related to ensure a smooth operation of the reverse HTTPS proxy.