Robotecture

Tech explained with easy terms

X-Forwarded-Proto

Robotecture » HTTP » HTTP Headers » X-Forwarded-Proto

X-Forwarded-Proto HTTP Header: What You Need to Know

X-Forwarded-Proto HTTP Header is a de-facto standard header used to identify the protocol (HTTP or HTTPS) that a client used to connect to a proxy or load balancer. It is an important header field that helps servers identify the protocol used between the client and the load balancer. The header is not a part of the HTTP/1.1 standard, but it is widely used by web servers and proxies.

The X-Forwarded-Proto header is particularly useful in load-balanced environments where SSL termination occurs at the load balancer. In this scenario, the client connects to the load balancer over HTTPS, but the connection between the load balancer and the server is over HTTP. Without the X-Forwarded-Proto header, the server would not know that the client had connected over HTTPS, and would treat the request as an HTTP request. This can cause issues with redirects, cookies, and other aspects of web applications that rely on the protocol being used.

What Is the X-Forwarded-Proto HTTP Header?

Definition

The X-Forwarded-Proto (XFP) HTTP header is a de-facto standard header used to identify the protocol (HTTP or HTTPS) that a client used to connect to a proxy server or load balancer. It is a non-standard header, meaning it is not defined by the HTTP/1.1 specification, but it is widely used in practice.

When a client connects to a server through a proxy server or load balancer, the server access logs only contain the protocol used between the server and the proxy or load balancer, but not the protocol used between the client and the proxy or load balancer. This is where the XFP header comes in handy. It allows the server to know whether the client used HTTP or HTTPS to connect to the proxy or load balancer, which can be useful for various purposes, such as redirecting the client to the correct protocol-specific URL.

How It Works

The XFP header is typically set by the proxy server or load balancer in the incoming request to the server. The header value is set to either “http” or “https” depending on the protocol used by the client to connect to the proxy or load balancer. Here’s an example of how the XFP header might look like in an HTTP request:

GET / HTTP/1.1
Host: example.com
X-Forwarded-Proto: https

In this example, the client used HTTPS to connect to the proxy or load balancer, and the XFP header value is set to “https” to indicate this.

It’s worth noting that the XFP header is not a security feature, and it can be easily spoofed by a malicious client. Therefore, it should not be relied upon for authentication or authorization purposes.

Troubleshooting

If you’re having issues with the XFP header not being set correctly, there are a few things you can check:

  • Make sure that your proxy server or load balancer is configured to set the XFP header correctly.
  • Check your server access logs to see if the XFP header is being set correctly by the proxy server or load balancer.
  • If you’re using a CDN, make sure that it is passing through the XFP header correctly.
  • If you’re using a web application firewall (WAF), make sure that it is not stripping the XFP header.

By following these troubleshooting steps, you should be able to identify and fix any issues with the XFP header.

Why Is the X-Forwarded-Proto HTTP Header Important?

The X-Forwarded-Proto HTTP header is an essential part of HTTP communication. It is used to identify the protocol (HTTP or HTTPS) that a client used to connect to a proxy or load balancer. Here are some reasons why this header is important:

Benefits

  • Security: The X-Forwarded-Proto header can help prevent man-in-the-middle attacks by ensuring that the client and server are communicating over a secure protocol.
  • Performance: By identifying the protocol used between the client and the load balancer, the server can optimize its response and reduce latency.
  • Flexibility: The header can be used with any load balancer or proxy that supports it, providing a standardized way to communicate the protocol used.

Use Cases

  • Load Balancing: Load balancers can use the X-Forwarded-Proto header to identify the protocol used by the client and route the request to the appropriate server.
  • Reverse Proxies: Reverse proxies can use the header to communicate the protocol used by the client to the back-end server.
  • CDNs: Content delivery networks can use the header to ensure that the client is served content over the correct protocol.

While the X-Forwarded-Proto header is not a standardized version of the HTTP protocol, it is widely used and supported by many popular web servers and proxies, including Microsoft Front-End-Https, X-Forwarded-Protocol, X-Forwarded-Ssl, and X-Url-Scheme. Load balancers and proxies can add the header to the request and forward it to the server, allowing the server to determine the protocol used by the client.

How to Set X-Forwarded-Proto HTTP Header

When using a load balancer to distribute traffic across multiple servers, it is important to have a way to determine the protocol used between the client and the load balancer. The X-Forwarded-Proto HTTP header provides a solution to this problem. In this section, we will discuss how to configure the X-Forwarded-Proto HTTP header.

Configuration Steps

To configure the X-Forwarded-Proto HTTP header, follow these steps:

  1. Determine the protocol used between the client and the load balancer. This can be either HTTP or HTTPS.
  2. Set the X-Forwarded-Proto HTTP header to the protocol used between the client and the load balancer. The header should be set to either “http” or “https”, depending on the protocol used.
  3. Ensure that the X-Forwarded-Proto HTTP header is passed on to the backend servers. This can be done by configuring the load balancer to include the header in the requests sent to the backend servers.

It is important to note that the X-Forwarded-Proto HTTP header should only be set by the load balancer, and not by the backend servers. This ensures that the header accurately reflects the protocol used between the client and the load balancer.

Elastic Load Balancing

If you are using Elastic Load Balancing (ELB) to distribute traffic across multiple servers, you can configure the X-Forwarded-Proto HTTP header using the following steps:

  1. Open the ELB console and select your load balancer.
  2. Click on the “Listeners” tab and then click on the “Edit” button for the listener you want to configure.
  3. In the “Advanced” section, select the appropriate value for the “Protocol” field. This should be either “HTTP” or “HTTPS”.
  4. In the “HTTP Headers” section, select the “Add” button and add a new header called “X-Forwarded-Proto”. Set the value of the header to either “http” or “https”, depending on the protocol used.
  5. Click on the “Save” button to save your changes.

X-Forwarded-Prefix

If you are using X-Forwarded-Prefix to specify a prefix for your application, you should also set the X-Forwarded-Proto header. This ensures that your application correctly detects the protocol used between the client and the load balancer.

Client IP Addresses

When using the X-Forwarded-Proto HTTP header, it is also important to consider the X-Forwarded-For HTTP header. This header is used to identify the IP address of the client, and is particularly important when using a load balancer.

X-Forwarded-Port

In addition to the X-Forwarded-Proto HTTP header, you may also need to consider the X-Forwarded-Port HTTP header. This header is used to specify the port number used by the client to connect to the load balancer.

Other Proxy HTTP Headers

Forwarded

X-Forwarded-For

X-Forwarded-Host

Via