4 messages in ru.sysoev.nginxRe: Reverse Proxy Load Balancing - pr...| From | Sent On | Attachments |
|---|---|---|
| Dustin Kanske | Mar 9, 2007 3:13 pm | |
| Igor Sysoev | Mar 9, 2007 10:42 pm | |
| Dustin Kanske | Mar 16, 2007 5:42 pm | |
| Igor Sysoev | Mar 31, 2007 1:42 pm |
| Subject: | Re: Reverse Proxy Load Balancing - proxy_set_header | |
|---|---|---|
| From: | Igor Sysoev (is-G...@public.gmane.org) | |
| Date: | Mar 31, 2007 1:42:53 pm | |
| List: | ru.sysoev.nginx | |
On Fri, Mar 16, 2007 at 02:43:08PM -1000, Dustin Kanske wrote:
On Mar 9, 2007, at 8:42 PM, Igor Sysoev wrote:
On Fri, Mar 09, 2007 at 01:13:42PM -1000, Dustin Kanske wrote:
In my nginx config I am attempting to set the values of two request headers using the following configuration:
location / { proxy_set_header X_FORWARDED_PROTO http; proxy_set_header X_SSL_VERIFIED false; }
The goal is to ignore whatever the client sets for these headers, and to pass our defined values on to the upstream cluster.
It appears that these values only get set if the client leaves them out of the request. If the client sets X_SSL_VERIFIED to true, the backend application sees 'true'.
I wanted to clarify that this is the expected behavior and that proxy_set_header cannot be used to override the request header values that a client sets. If this is the case, is there any way to accomplish this?
No, proxy_set_header always resets any client header. Are you shure that you do not mix X_SSL_VERIFIED and X-SSL-VERIFIED ?
Hi Igor,
It appears to be the case that our application was rewriting the dashes to underscores. What really needed to be in nginx was:
location / { proxy_set_header X-FORWARDED-PROTO http; proxy_set_header X-SSL-VERIFIED false; }
What appeared to be happening was that nginx was always setting X_SSL_VERIFIED false, but the users were passing in X-SSL-VERIFIED true, both being in the headers. The application would then change the dashes to underscores and use the 'true' one.
The X_SSL_VERIFIED is invalid header name and nginx by default ignores it and it never goes to backend. But if you set "ignore_invalid_headers off", then such headers may go to the backend, if not overridden.
Could you make a debug log ?
-- Igor Sysoev http://sysoev.ru/en/