Forward proxies provide a single point through which multiple machines send requests to an
external server. They can enforce security policies, log and analyze requests, and perform other
actions so that requests adhere to your business rules.
Using a forward proxy in Apigee hybrid,
you can intercept and manage all egress traffic from your Kubernetes cluster. This includes API
proxy requests to Target Endpoints and communication with *.googleapis.com that the hybrid
runtime makes for its debug and analytics pipeline and for policies like MessageLogging.
To use an HTTP forward proxy between hybrid and the TargetEndpoint, you must configure
the outbound proxy settings in your overrides file. These environment-scoped properties
route target requests from hybrid to the HTTP forward proxy. You also need to ensure
use.proxy is set to "true" for any TargetEndpoint that you want to go through an HTTP
forward proxy. See the bottom of the page for instructions.
To configure a hybrid environment for forwarding proxying, add
the envs.httpProxy property to your overrides file and apply it to the
cluster. For example:
Forward proxying is configured for an environment; all traffic going from API
proxies in that environment to backend targets goes through the specified HTTP
forward proxy. If the traffic for a
specific target of an API proxy should go directly to the backend target, bypassing the forward
proxy, then set the following property in the TargetEndpoint to override the HTTP forward
proxy:
<Property name="use.proxy">false</Property>
For more information on setting the TargetEndpoint properties, including how to configure
the connection to the target endpoint, see Endpoint properties reference.
Set use.proxy to "true" for any TargetEndpoint that you want to go through
an HTTP forward proxy:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eForward proxies allow multiple machines to send requests to an external server through a single point, enabling security policy enforcement, request logging, and analysis.\u003c/p\u003e\n"],["\u003cp\u003eApigee hybrid allows configuration of a forward proxy that sits between API proxies and an external TargetEndpoint, with specific instructions for hybrid setups, which differ from general Apigee functionality.\u003c/p\u003e\n"],["\u003cp\u003eTo use an HTTP forward proxy in Apigee hybrid, configure the \u003ccode\u003eenvs.httpProxy\u003c/code\u003e property in your overrides file with the proxy's scheme, host, and port, ensuring the scheme is HTTP and in uppercase.\u003c/p\u003e\n"],["\u003cp\u003eForward proxying in Apigee hybrid is environment-specific, and all traffic from API proxies in that environment to backend targets goes through it, unless the \u003ccode\u003euse.proxy\u003c/code\u003e property is set to "false" within a specific TargetEndpoint.\u003c/p\u003e\n"],["\u003cp\u003eTo direct traffic through the HTTP forward proxy for a particular TargetEndpoint, the \u003ccode\u003euse.proxy\u003c/code\u003e property must be set to "true" in the TargetEndpoint configuration.\u003c/p\u003e\n"]]],[],null,["# Configure forward proxying for API proxies\n\n| You are currently viewing version 1.14 of the Apigee hybrid documentation. For more information, see [Supported versions](/apigee/docs/hybrid/supported-platforms#supported-versions).\n| **Note:** Both Apigee and Apigee hybrid supporta [forward proxy functionality](/apigee/docs/api-platform/fundamentals/environments-overview#forward-proxy). Use the instructions on this page to configure forward proxies for hybrid rather than the general Apigee functionality.\n\nForward proxies provide a single point through which multiple machines send requests to an\nexternal server. They can enforce security policies, log and analyze requests, and perform other\nactions so that requests adhere to your business rules.\n\nUsing a forward proxy in Apigee hybrid,\nyou can intercept and manage all egress traffic from your Kubernetes cluster. This includes API\nproxy requests to Target Endpoints and communication with `*.googleapis.com` that the hybrid\nruntime makes for its debug and analytics pipeline and for policies like [MessageLogging](/apigee/docs/api-platform/reference/policies/message-logging-policy).\n\nTo use an HTTP forward proxy between hybrid and the TargetEndpoint, you must configure\nthe outbound proxy settings in your overrides file. These environment-scoped properties\nroute target requests from hybrid to the HTTP forward proxy. You also need to ensure\n`use.proxy` is set to \"true\" for any TargetEndpoint that you want to go through an HTTP\nforward proxy. See the bottom of the page for instructions.\n\nTo configure a hybrid environment for forwarding proxying, add\nthe [`envs.httpProxy` property](/apigee/docs/hybrid/v1.14/config-prop-ref#envs) to your overrides file and apply it to the\ncluster. For example: \n\n```text\nenvs:\n - name: test\n httpProxy:\n scheme: HTTP\n host: 10.12.0.47\n port: 3128\n ...\n```\n| **NOTE:** The `scheme` must be HTTP and must be uppercase.\n\nFor details on each of the `envs.httpProxy` configuration properties refer to the\n[Configuration property reference](/apigee/docs/hybrid/v1.14/config-prop-ref#envs).\n\nForward proxying is configured for an environment; all traffic going from API\nproxies in that environment to backend targets goes through the specified HTTP\nforward proxy. If the traffic for a\nspecific target of an API proxy should go directly to the backend target, bypassing the forward\nproxy, then set the following property in the TargetEndpoint to override the HTTP forward\nproxy: \n\n```text\n\u003cProperty name=\"use.proxy\"\u003efalse\u003c/Property\u003e\n```\n\nFor more information on setting the TargetEndpoint properties, including how to configure\nthe connection to the target endpoint, see [Endpoint properties reference](/apigee/docs/api-platform/reference/endpoint-properties-reference).\n\nSet `use.proxy` to \"true\" for any TargetEndpoint that you want to go through\nan HTTP forward proxy: \n\n```text\n\u003cProperty name=\"use.proxy\"\u003etrue\u003c/Property\u003e\n```\n| **Important note on external calls:** Configuring non-API proxy forwarding using [`httpProxy`](/apigee/docs/hybrid/v1.14/config-prop-ref#httpproxy) without also setting [`envs.httpProxy`](/apigee/docs/hybrid/v1.14/config-prop-ref#envs) will not apply the proxy configuration to Apigee Runtime's external calls to services like Pub/Sub or other Google Cloud APIs.\n|\n|\n| If you only specify `httpProxy`, you must also ensure that `*.googleapis.com` is allowlisted for your Apigee Runtime pods to enable connectivity to these services."]]
