Advanced HTTP and TCP proxy configuration
The HTTP protocol runs on top of the TCP protocol, but provides extra information about the message destination. For that reason, the two proxies are configured differently.
HTTP traffic includes the destination host and port for the message, and is sent over a TCP connection to a TCP endpoint, that is, a specific host and port. Typically, the HTTP message specifies the same TCP endpoint as the one to which the underlying TCP connection is made. If you change the client configuration to use an HTTP proxy, the TCP connection is made to a different host and port than the one in the HTTP URLs, which means that the TCP endpoint in the message is different from the endpoint being connected to. For example, if an HTTP request is sent to http://192.0.2.1:8080/operation, the request includes "192.0.2.1:8080" in the "Host" header of the HTTP message that is sent to the TCP port 8080 on host 192.0.2.1.
However, if you configure the HTTP client to use a proxy, the underlying TCP connection goes to the TCP endpoint for the proxy, while the messages still contain the original TCP endpoint. For example, if you configure the client to send its messages to a proxy at 198.51.100.1 port 3128, and the client sends a request for http://192.0.2.1:8080/operation, the message still contains "192.0.2.1:8080" in the "Host" header, and now in the "Request-Line" field also. However, this message is now sent over a TCP connection to the proxy at 198.51.100.1:3128. In this way, the HTTP proxy can receive messages on a single port and can forward those messages to many different services based on the destination information in the message.
<forward>
statements in the proxy configuration file, RTCP_install_dir/httptcp/registration.xml. In the following
example, 198.51.100.1 is the IP address of the proxy. Any traffic sent to port 3333 on the proxy
is forwarded to port 80 at
www.example.com:<forward bind ="198.51.100.1:3333" destination="www.example.com:80"/>
You must therefore change the client configuration file whenever you add a new destination for proxy traffic. This restriction does not apply to HTTP proxies.
To understand how port numbers are handled differently in the HTTP proxy and the TCP proxy, assume that you have two services, one at 192.0.2.1:8080 and one at 192.0.2.1:8081, and a proxy that is running on 198.51.100.1. (If the two services differed in IP address rather than in port number, this example would be the same except for the appropriate IP address for each service.) If these two services expect HTTP traffic, a single HTTP proxy port (such as 3128) is opened, and requests for both TCP endpoints can be sent to that port. When the HTTP proxy sees that a message is addressed to 192.0.2.1:8080, the proxy either redirects the message to that address or applies any rules that it has for that service. The same procedure applies to 192.0.2.1:8081, using the same proxy port.
<forward>
elements in the configuration
file:<forward bind ="198.51.100.1:3333" destination="192.0.2.1:8080"/>
<forward bind ="198.51.100.1:3334" destination="192.0.2.1:8081"/>
The client
configuration for the first service changes from "192.0.2.1:8080" to "198.51.100.1:3333" and for
the second service from "192.0.2.1:8081" to "198.51.100.1:3334". The client sends a message (TCP
packet) to the first service at 198.51.100.1:3333. The proxy receives it on that port (3333), but
does not know what data is being sent over that TCP connection. All it knows is that the
connection was made to port 3333. Therefore the proxy consults its configuration and sees that
traffic to that port must be forwarded to 192.0.2.1:8080 (or that a rule for that service must be
applied to it). type
attribute to the rule that specifies HTTP, as in the
following
example:<forward bind ="198.51.100.1:3333" destination="192.0.2.1:8080" type="HTTP"/>
<forward>
element to be able to send traffic to the
live system. For example, assume a client needs to connect to a service on 192.0.2.1:8080 and
uses a reverse HTTP proxy on 198.51.100.1:3333. Before the client can use the proxy, the client
configuration for that service must be changed from a URL such as http://192.0.2.1:8080/operation
to http://198.51.100.1:3333/operation. A request that is sent to that new URL reaches the proxy.
The request message contains the TCP endpoint for the proxy (198.51.100.1:3333) in the "Host"
header rather than the address of the live system because the client is not aware that it is
sending the message to a proxy rather than a normal server. This simplified client role defines
the nature of a reverse proxy. Thus the proxy uses the <forward>
elements
to know that a request that comes in on port 3333 requires one of the following actions:- The request must be redirected to the live system at 192.0.2.1:8080, and the Host header in the message must be updated to specify that live system.
- Any rules for that service must be applied to the message, such as routing it to a stub instead.
In conclusion, for efficiency and ease of configuration, use the standard HTTP proxy whenever possible. When you cannot, use the reverse proxy. Use the TCP proxy when you work with TCP traffic that is not HTTP.