- From: Mark Nottingham <mnot@mnot.net>
- Date: Sun, 12 Oct 2003 22:58:48 -0700
- To: "John C. Mallery" <jcma@ai.mit.edu>
- Cc: ietf-http-wg@w3.org
They're X- headers; unofficial, albeit oft-used by reverse proxies (aka surrogates, gateways, etc.). X-Forwarded-For is quite common; X-Forwarded-Host and -Server are, I assume, to account for multiple virtual domains and/or multiple gateways in a farm. As to its behaviour, everything that happens between a gateway and the upstream server is between those parties, more or less. These headers are pretty straightforward (although there are some potential security issues), but there are other issues brought about by using a HTTP gateway that's based on proxy software; e.g., those highlighted in http://www.research.att.com/~edith/Papers/HTML/usits01/ Cheers, On Sunday, October 12, 2003, at 08:36 PM, John C. Mallery wrote: > > I'd like to here what people think about the behavior of the current > Apache reverse proxy, which rewrites the host header and adds the > three x-forwarded-* headers. > > What is the status of these x-forwarded-* headers? > > Are there some specs to which implementations should adhere, or is > this an Apache ideosyncracy > (bug)? > > ------------ > Client Headers for 127.0.0.1 (HTTP/1.1) > > :HOST => "127.0.0.1" 8000 > :ACCEPT => (:* :*) > :ACCEPT-LANGUAGE => (:EN-US . 1) (:JA . 0.33) (:EN . 0.67) > :IF-MODIFIED-SINCE => 3187296000 > :USER-AGENT => "Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) > AppleWebKit/85.7 (KHTML, like Gecko) Safari/85.5" > :X-FORWARDED-FOR => "10.1.1.3" > :X-FORWARDED-HOST => "my.host.com:443" > :X-FORWARDED-SERVER => "localhost.localdomain" > :CONNECTION => :CLOSE
Received on Monday, 13 October 2003 01:58:51 UTC