On 5/24/22 12:30, Joakim Erdfelt wrote:
If you are going to use the ForwardedRequestCustomizer do yourself a
favor and _only use the RFC 7239 mode_.
Do not use the X-Forwarded-* headers, they are a giant mess of
conflicting behaviors and rules with no standardization behind them.
Big players interpret the headers differently (Google, vs AWS, vs
Azure, vs haproxy, etc)
Only use the `Forwarded` header, per the
https://tools.ietf.org/html/rfc7239 spec.
You'll eliminate so many support issues just by doing this.
Very cool! I had to look that up. Nice that there is a true standard
for proxy headers. I turned off the X-Forwarded-For header for that
frontend and changed the line in the haproxy config adding
X-Forwarded-Proto to this and it still works:
http-request add-header Forwarded "for=\"%[src]\"; proto=https"
The info I found about using that RFC with haproxy had the proto setting
referencing a variable, but that didn't work. Had to hardcode it to
https. Which is OK, as the frontend only does https.
Thanks,
Shawn
_______________________________________________
jetty-users mailing list
jetty-users@eclipse.org
To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
