Forward HTTP requests to a private server

Question

We are currently running a web server on AWS and are thinking to add some RESTful APIs. However, these RESTful APIs will have to call 2 of other internal web services. (by internal I meant, 1 sitting on AWS but only accessible by the web server, the other is a server on-premises with a VPN tunnel to this web server)

My question would be, is there a way to just host those RESTful APIs on those 2 internal web servers? Maybe have the client call the public web server and somehow the public web server would forward or pass-through those calls to the 2 internal servers? That way, we won't have to write and host additional web APIs on the public web server.

Thank you!

Answer 1

My solution was to use the Application Request Routing module + IIS URL Rewrite.

E.g. I have (A) http://publicsite.com and (B) http://privatesite.com where (B) hosts my RESTful APIs.

IIS ARR is configured with Reverse Proxy to rewrite http://publicsite.com/Api/* to route to http://privatesite.com/.

Client would then access, e.g., http://publicsite.com/Api/scores, IIS will then rewrite the request to http://privatesite.com/scores.

I have not yet tested this using HTTPS and I honestly do not know the security impact on this setup. Anyone?

Answer 2

your REST API must be public facing.

In my experience, it is best to have 1 exposed API and have all other resources to be handled on the backend of the API in which those external dependencies are on private subnets, so that way you can reduce the potential for security issues.

Public
    - RESTful API, RPC endpoints
    - Websites, etc
--------------------------------------
Private
    - Databases, queues 
    - VPN-tunnelled servers
    - additional servers / external resources