Skip to content
GProxy
Sign up
Guides 2 Connection Type: 2 views

Apache as Reverse Proxy

Master Apache mod_proxy to set up a reverse proxy. This guide covers essential configuration, load balancing, and security best practices.

Apache can function as a reverse proxy, forwarding client requests to backend servers and returning their responses, by utilizing the mod_proxy module and its related sub-modules.

A reverse proxy acts as an intermediary for client requests, directing them to one or more internal backend servers. It presents a unified interface to the internet while concealing the internal network architecture. Benefits include enhanced security, load balancing, SSL/TLS termination, caching, and simplified backend management.

Enabling mod_proxy

To configure Apache as a reverse proxy, the core mod_proxy module and specific sub-modules must be enabled. These modules provide different protocol support and features.

Essential modules:

  • mod_proxy: The core proxy module.
  • mod_proxy_http: For proxying HTTP and HTTPS traffic.
  • mod_proxy_balancer: Required for load balancing across multiple backend servers.
  • mod_proxy_wstunnel: For WebSocket proxying.
  • mod_ssl: If Apache will handle SSL/TLS termination for client connections.

Enable modules using the a2enmod command on Debian/Ubuntu-based systems, or by uncommenting LoadModule directives in httpd.conf on CentOS/RHEL-based systems:

sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod proxy_balancer
sudo a2enmod proxy_wstunnel
sudo a2enmod ssl
sudo systemctl restart apache2

Basic HTTP Reverse Proxy Configuration

The fundamental directives for a reverse proxy are ProxyPass and ProxyPassReverse. Configuration is typically placed within a <VirtualHost> block or directly in httpd.conf.

<VirtualHost *:80>
    ServerName yourdomain.com
    ProxyRequests Off
    ProxyPreserveHost On

    <Proxy *>
        Require all granted
    </Proxy>

    # Proxy all requests for /app to a backend server
    ProxyPass /app http://backend-app-server:8080/app
    ProxyPassReverse /app http://backend-app-server:8080/app

    # Proxy all requests for the root path / to another backend
    ProxyPass / http://backend-web-server:8000/
    ProxyPassReverse / http://backend-web-server:8000/

    # For SSL/TLS termination at Apache, and forwarding HTTP to backend
    # RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>

Key Directives

  • ProxyRequests Off: This is critical. It disables Apache's forward proxy capabilities, preventing it from acting as an open proxy, which is a significant security risk. For a reverse proxy, this directive should always be set to Off.
  • ProxyPreserveHost On: This directive ensures that the original Host header from the client request is passed to the backend server. If Off, the Host header will be set to the hostname and port of the backend server.
  • ProxyPass [path] [url]: Maps a local URL path (path) to a backend URL (url). Apache intercepts requests matching path and forwards them to url.
    • Example: ProxyPass /app http://backend-app-server:8080/app means a request to http://yourdomain.com/app/page.html is forwarded to http://backend-app-server:8080/app/page.html.
  • ProxyPassReverse [path] [url]: Rewrites Location, Content-Location, and URI headers in HTTP responses from the backend server. This ensures that redirects or links generated by the backend point back to the public-facing proxy URL, preventing clients from being exposed to internal URLs.
  • <Proxy *>: Defines access control for the proxy itself. Require all granted permits all clients to use the proxy. For tighter security, specific IP addresses or networks can be allowed.

Advanced mod_proxy Features

Load Balancing

mod_proxy_balancer allows distributing incoming requests across multiple backend servers, enhancing availability and scalability.

<VirtualHost *:80>
    ServerName app.yourdomain.com
    ProxyRequests Off
    ProxyPreserveHost On

    <Proxy balancer://mycluster>
        BalancerMember http://backend1.internal:8080 route=1 loadfactor=10
        BalancerMember http://backend2.internal:8080 route=2 loadfactor=10
        # Optional: ProxySet for specific balancer settings
        ProxySet lbmethod=byrequests stickysession=JSESSIONID nofailover=Off
        # For session stickiness, the backend must set a cookie like JSESSIONID
    </Proxy>

    ProxyPass / balancer://mycluster/
    ProxyPassReverse / balancer://mycluster/

    <Location "/balancer-manager">
        SetHandler balancer-manager
        Require ip 192.168.1.0/24 # Restrict access to internal network
    </Location>
</VirtualHost>

BalancerMember Attributes

| Attribute | Description

Auto-update: 04.03.2026
All Categories

Advantages of our proxies

25,000+ proxies from 120+ countries

Unlimited Proxies Residential Proxies