handling x_forwarded_proto with Nginx as backend to HAproxy

Francis Daly francis at daoine.org
Tue Apr 16 08:12:40 UTC 2013

On Tue, Apr 16, 2013 at 02:06:30AM +0400, Maxim Dounin wrote:
> On Mon, Apr 15, 2013 at 10:42:30PM +0100, Francis Daly wrote:
> > On Mon, Apr 15, 2013 at 05:35:27PM -0400, jaychris wrote:

Hi there,

> > > client sent invalid header line: "X_FORWARDED_PROTO: http" while reading
> > > client request headers,
> > 
> > "_" is not a valid character in a http header.

> Strictly speaking, "_" isn't invalid, but it's not something nginx 
> allows by default due to security problems it might create - as 
> it's indistinguishable from "-" in CGI-like headers 
> representation.

Oh, thanks for the correction. I learn something new every day.

(RFC 2616 and its definition of "token", which allows 78 characters,
if I count right. I don't know if there's a beyond-ASCII update to extend
that, but it shouldn't restrict it further.)


Francis Daly        francis at daoine.org

More information about the nginx mailing list