Downstream proxy with encryption

In this configuration, a source system calls the proxy, which transmits the request to the destination URL. The reply follows the opposite path. The proxy to destination system communication is encrypted for the request and also for the reply.

Use the following Apache configuration building block.

#SSL sessions are cached to ensure possible reuse across sessions
SSLSessionCache shm:$SSL_CACHE(512000)
SSLSessionCacheTimeout 300

 #Disable forward proxying for security purposes
ProxyRequests Off

 #The reverse proxy listens to the source system on the reverse proxy port.
Listen $PROXY_PORT_NUMBER_HERE

 <VirtualHost *:$PROXY_PORT_NUMBER_HERE>
  <Proxy *>
    Order Deny,Allow
    Deny from all

     # The Virtual Host accepts requests only from the source system
    Allow from $SourceSystem
  </Proxy>

   # The Virtual Hosts associates the packet to the destination URL
  ProxyPass / $DestinationURL

   #Communication is encrypted on the reverse proxy to destination system leg
  SSLProxyEngine on
 
  #The Reverse proxy checks the destination’s certificate
  #using the appropriate Trusted CA’s certificate
  SSLProxyCACertificateFile $DestinationTrustedCACertFile

   #Logs redirected to appropriate location
  ErrorLog $ApacheErrorLog 

 </VirtualHost>