handling x_forwarded_proto with Nginx as backend to HAproxy
Maxim Dounin
mdounin at mdounin.ru
Mon Apr 15 22:06:30 UTC 2013
Hello!
On Mon, Apr 15, 2013 at 10:42:30PM +0100, Francis Daly wrote:
> On Mon, Apr 15, 2013 at 05:35:27PM -0400, jaychris wrote:
>
> Hi there,
>
> > I was using the X_FORWARDED_PROTO header to make some decisions on the
> > backend when I was using Apache, but it doesn't look like Nginx is handling
> > the header currently:
> >
> > client sent invalid header line: "X_FORWARDED_PROTO: http" while reading
> > client request headers,
>
> "_" is not a valid character in a http header.
>
> http://nginx.org/r/ignore_invalid_headers or maybe
> http://nginx.org/r/underscores_in_headers
Strictly speaking, "_" isn't invalid, but it's not something nginx
allows by default due to security problems it might create - as
it's indistinguishable from "-" in CGI-like headers
representation.
It is possible to allow the header in question using directives
mentioned, but better solution would be to use X-Forwarded-Proto
rather than X_FORWARDED_PROTO.
--
Maxim Dounin
http://nginx.org/en/donation.html
More information about the nginx
mailing list