Bug 61234 - Add X-Forwarded-Proto to backend requests
Summary: Add X-Forwarded-Proto to backend requests
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_proxy (show other bugs)
Version: 2.5-HEAD
Hardware: All All
: P2 normal with 2 votes (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords: PatchAvailable
Depends on:
Blocks:
 
Reported: 2017-06-28 22:26 UTC by Christian Schmidt
Modified: 2020-04-02 12:25 UTC (History)
3 users (show)



Attachments
Add X-Forwarded-Proto (4.45 KB, patch)
2017-06-28 22:26 UTC, Christian Schmidt
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Schmidt 2017-06-28 22:26:26 UTC
Created attachment 35088 [details]
Add X-Forwarded-Proto

In order for backends behind a reverse proxy to reconstruct the original URL requested by the client, mod_proxy needs to pass along not only the Host header (in X-Forwarded-Host) but also the scheme.

With more and more websites adopting https, this is becoming increasingly important.

The de-facto standard header for this purpose is X-Forwarded-Proto. Other variants exist, but this seems to be the predominant name.

The header can be added manually with RequestHeader, but I think it should be added automatically together with the other X-Forwarded-* headers when enabled.

The attached patch adds this feature. I am completely new to Apache httpd development, so please help me get it right.

An alternative to adding support for X-Forwarded-Proto is to support the Forwarded header specified in RFC 7239 (bug #58001). However, I believe both solutions can coexist.
Comment 1 best 2017-06-29 11:49:13 UTC
Nice patch. We would like to have this feature as well.
A current workaround could look like:

RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}

Even better would be to support the Forwarded header (https://tools.ietf.org/html/rfc7239).
Comment 2 best 2017-06-29 11:50:44 UTC
See also: https://bz.apache.org/bugzilla/show_bug.cgi?id=58001
Comment 3 Michael Osipov 2019-02-21 13:13:53 UTC
I'd like to see this too, it is just another wasted line in the httpd.conf.
Comment 4 Michael Osipov 2019-05-28 07:29:43 UTC
Can some committer take a look at it? This change is trivial.
Comment 5 Michael Osipov 2020-04-02 12:25:03 UTC
Graham,

can you take a look? I ran rework the patch to a PR against trunk and 2.4.x.