handling x_forwarded_proto with Nginx as backend to HAproxy

Maxim Dounin mdounin at mdounin.ru
Mon Apr 15 22:06:30 UTC 2013


Hello!

On Mon, Apr 15, 2013 at 10:42:30PM +0100, Francis Daly wrote:

> On Mon, Apr 15, 2013 at 05:35:27PM -0400, jaychris wrote:
> 
> Hi there,
> 
> >  I was using the X_FORWARDED_PROTO header to make some decisions on the
> > backend when I was using Apache, but it doesn't look like Nginx is handling
> > the header currently:
> > 
> > client sent invalid header line: "X_FORWARDED_PROTO: http" while reading
> > client request headers,
> 
> "_" is not a valid character in a http header.
> 
> http://nginx.org/r/ignore_invalid_headers or maybe
> http://nginx.org/r/underscores_in_headers

Strictly speaking, "_" isn't invalid, but it's not something nginx 
allows by default due to security problems it might create - as 
it's indistinguishable from "-" in CGI-like headers 
representation.

It is possible to allow the header in question using directives 
mentioned, but better solution would be to use X-Forwarded-Proto 
rather than X_FORWARDED_PROTO.

-- 
Maxim Dounin
http://nginx.org/en/donation.html



More information about the nginx mailing list