W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2003

Re: Reverse Proxy Header Munging

From: Mark Nottingham <mnot@mnot.net>
Date: Sun, 12 Oct 2003 22:58:48 -0700
Cc: ietf-http-wg@w3.org
To: "John C. Mallery" <jcma@ai.mit.edu>
Message-Id: <50219F03-FD42-11D7-BBAD-00039396E15A@mnot.net>

They're X- headers; unofficial, albeit oft-used by reverse proxies (aka 
surrogates, gateways, etc.). X-Forwarded-For is quite common; 
X-Forwarded-Host and -Server are, I assume, to account for multiple 
virtual domains and/or multiple gateways in a farm.

As to its behaviour, everything that happens between a gateway and the 
upstream server is between those parties, more or less. These headers 
are pretty straightforward (although there are some potential security 
issues), but there are other issues brought about by using a HTTP 
gateway that's based on proxy software; e.g., those highlighted in
   http://www.research.att.com/~edith/Papers/HTML/usits01/

Cheers,


On Sunday, October 12, 2003, at 08:36  PM, John C. Mallery wrote:

>
> I'd like to here what people think about the behavior of the current 
> Apache reverse proxy, which rewrites the host header and adds the 
> three x-forwarded-* headers.
>
> What is the status of these x-forwarded-* headers?
>
> Are there some specs to which implementations should adhere, or is 
> this an Apache ideosyncracy
> (bug)?
>
> ------------
> Client Headers for 127.0.0.1 (HTTP/1.1)
>
> :HOST =>  "127.0.0.1" 8000
> :ACCEPT => (:* :*)
> :ACCEPT-LANGUAGE => (:EN-US . 1) (:JA . 0.33) (:EN . 0.67)
> :IF-MODIFIED-SINCE => 3187296000
> :USER-AGENT => "Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) 
> AppleWebKit/85.7 (KHTML, like Gecko) Safari/85.5"
> :X-FORWARDED-FOR => "10.1.1.3"
> :X-FORWARDED-HOST => "my.host.com:443"
> :X-FORWARDED-SERVER => "localhost.localdomain"
> :CONNECTION => :CLOSE
Received on Monday, 13 October 2003 01:58:51 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:25 GMT