Setting X-Forwarded-Proto under Apache 2.4
Solution 1
It's correct to set this directive like
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}
If it doesn't work, you may need to install and enable the module mod_headers
.
Solution 2
Those response headers you are seeing look fine. You should not expect to the X-Forwarded-Proto
header in them.
As you state, that header is set when the request is proxied to the back end. To see that header, you would have to have your backend code look for it and log the value.
It appears that you are setting the header correctly.
Related videos on Youtube
Comments
-
codecowboy almost 2 years
Ive been advised that I need to set the
RequestHeader X-Forwarded-Proto
for anode.js
application (NodeBB) to resolve an issue with sessions / csrf tokens.Here's the relevant excerpt from my apache2 config:
ProxyRequests off <Proxy *> Order allow,deny Allow from all </Proxy> RewriteEngine On RewriteCond %{REQUEST_URI} ^/socket.io [NC] RewriteCond %{QUERY_STRING} transport=websocket [NC] RewriteRule /(.*) ws://127.0.0.1:4566/$1 [P,L] RequestHeader set X-Forwarded-Proto "http" ProxyPass / http://127.0.0.1:4566/ ProxyPassReverse / http://127.0.0.1:4566/
Apache version is 2.4.7
through a debugging proxy I can see the following headers in the response
HTTP/1.1 200 OK Date: Wed, 03 Aug 2016 06:55:15 GMT Server: Apache X-Powered-By: Express X-Frame-Options: SAMEORIGIN Access-Control-Allow-Origin: null Content-Type: text/html; charset=utf-8 ETag: W/"3626-ETnKpHnKC8ul87CmR6NFUg" Vary: Accept-Encoding Content-Encoding: gzip set-cookie: express.sid=s%3AYq3UdEAd4Cbwhc4-pMTrqqEp8ftUDeiu.CdipRmQptJlhnUG8ZhCSYgq%2FpCR0Kdmqx3Lrm5ABiSc; Domain=removed.com; Path=/; Expires=Wed, 17 Aug 2016 06:55:15 GMT; HttpOnly Cache-Control: max-age=0, no-store Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Transfer-Encoding: chunked
I think that is coming from Express js i.e. the node app but my understanding is that the Apache proxy directives should be passing a request header TO express so I'm not sure if I should also see the
X-Forwarded-Proto
header in the response too.-
MrWhite almost 8 years...I assume the problem is that the request header does not appear to being set? What version of Apache are you using?
-
codecowboy almost 8 yearsi think so but haven't managed to prove that yet
-
codecowboy almost 8 yearsupdated question with apache version.
-
-
Stephen Ostermiller almost 7 yearsA code only answer is not very high quality. Please edit your answer to explain the code. How and why does it answer the question? Link to any relevant documentation.
-
BrunoJCM almost 6 yearsJust watch which version of Apache 2.4 are you running.. Some very early ones from 2.4.x branch (common in RH7 and Ubuntu) don't support
expr
yet, so you'll probably need to set constant values. -
jpep1 over 5 yearsHad to remove the quotation marks from
"X-Forwarded-Proto"
resp."X-Forwarded-SSL"
to get it to work …