Bug 61234

Summary: Add X-Forwarded-Proto to backend requests
Product: Apache httpd-2 Reporter: Christian Schmidt <bz.apache.org>
Component: mod_proxyAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: NEW ---    
Severity: normal CC: michaelo, minfrin, ylavic.dev
Priority: P2 Keywords: PatchAvailable
Version: 2.5-HEAD   
Target Milestone: ---   
Hardware: All   
OS: All   
Attachments: Add X-Forwarded-Proto

Description Christian Schmidt 2017-06-28 22:26:26 UTC
Created attachment 35088 [details]
Add X-Forwarded-Proto

In order for backends behind a reverse proxy to reconstruct the original URL requested by the client, mod_proxy needs to pass along not only the Host header (in X-Forwarded-Host) but also the scheme.

With more and more websites adopting https, this is becoming increasingly important.

The de-facto standard header for this purpose is X-Forwarded-Proto. Other variants exist, but this seems to be the predominant name.

The header can be added manually with RequestHeader, but I think it should be added automatically together with the other X-Forwarded-* headers when enabled.

The attached patch adds this feature. I am completely new to Apache httpd development, so please help me get it right.

An alternative to adding support for X-Forwarded-Proto is to support the Forwarded header specified in RFC 7239 (bug #58001). However, I believe both solutions can coexist.
Comment 1 best 2017-06-29 11:49:13 UTC
Nice patch. We would like to have this feature as well.
A current workaround could look like:

RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}

Even better would be to support the Forwarded header (https://tools.ietf.org/html/rfc7239).
Comment 2 best 2017-06-29 11:50:44 UTC
See also: https://bz.apache.org/bugzilla/show_bug.cgi?id=58001
Comment 3 Michael Osipov 2019-02-21 13:13:53 UTC
I'd like to see this too, it is just another wasted line in the httpd.conf.
Comment 4 Michael Osipov 2019-05-28 07:29:43 UTC
Can some committer take a look at it? This change is trivial.
Comment 5 Michael Osipov 2020-04-02 12:25:03 UTC
Graham,

can you take a look? I ran rework the patch to a PR against trunk and 2.4.x.