https - What's the de facto standard for a Reverse Proxy to tell the backend SSL is used?

Question

Welcome To Ask or Share your Answers For Others

https - What's the de facto standard for a Reverse Proxy to tell the backend SSL is used?

1 Answer

深蓝 · Answer 1 · 2021-10-17T00:58:22+0000

The proxy can add extra (or overwrite) headers to requests it receives and passes through to the back-end. These can be used to communicate information to the back-end.

So far I've seen a couple used for forcing the use of https in URL scheme:

X-Forwarded-Protocol: https
X-Forwarded-Ssl: on
X-Url-Scheme: https

And wikipedia also mentions:

# a de facto standard:
X-Forwarded-Proto: https
# Non-standard header used by Microsoft applications and load-balancers:
Front-End-Https: on

This what you should add to the VirtualHost on apache: other proxies should have similar functionality

RequestHeader set X-FORWARDED-PROTOCOL https
RequestHeader set X-Forwarded-Ssl on
# etc.

I think it's best to set them all, or set one that works and remove the other known ones. To prevent evil clients messing with them.

Categories

https - What's the de facto standard for a Reverse Proxy to tell the backend SSL is used?

https - What's the de facto standard for a Reverse Proxy to tell the backend SSL is used?

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags