The HTTP Proxy Server functions as a standard HTTP proxy server, usable from the browser or from an application.
By using special plugins, the proxy is able to modify request/response contents – e.g. to add WS-Security to outgoing webservice calls, or to verify WS-Security signature on responses.
These plugins have full access to the content going both ways, and can modify anything they need.
Note that by design, SSL requests passing through the proxy go through it unmodified and cannot be manipulated, since it would require man-in-the-middle “attacks” on the SSL protocol in order to access the data.
This limitation only exist when the proxy is used as a real HTTP proxy server, but a way to work around it is to connect to the proxy as if it is a webserver, then the SSL will be negotiated between the application and the proxy, and again between the proxy and the endpoint, so the data will be available in decrypted to the plugins.
Example of usage as HTTP Proxy:
- Application sends “CONNECT ws.endpoint.com:443 HTTP/1.1\r\n\r\n” to the proxy.
- The proxy establishes a connection to ws.endpoint.com, and then tunnels the data through it.
- The SSL negotiation takes place between the application calling the proxy and ws.endpoint.com directly.
Example of usage as a HTTP server:
- Application connects to the HTTP proxy, negotiates SSL with it.
- Application sends “GET /service HTTP/1.1\r\nHost: ws.endpoint.com\r\n\r\n”
- The HTTP proxy connects to ws.endpoint.com and all data is available to the plugins.
Note that this requires the application to trust the SSL certificate used by the HTTP proxy server.