- X-Forwarded-For, X-Forwarded-Prot, X-Forwarded-Host, X-Forwarded-Port
- Forwarded (params: for, by, proto)
- Via
- X-Real-IP
-
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded
-
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
-
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host
-
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
- X-Forwarded-For: appends
- X-Forwarded-Proto: stripped
For TCP load balancing, client address is preserved so no headers are modified. For application-level load balancing, headers are added.
http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/x-forwarded-headers.html
- X-Forwarded: appends
- X-Forwarded-Proto: add or append (unclear)
- X-Forwarded-Port: add or append (unclear)
https://forums.aws.amazon.com/thread.jspa?messageID=738145
Application Load Balancer does pass "x-forwarded-for/x-forwarded-proto/x-forwarded-port" information with the request.
https://nghttp2.org/documentation/nghttpx.1.html
Highly configurable.
- X-Forwarded-For: append, strip or ignore (obfuscated by default)
- X-Forwarded-Proto: add or append (unclear) (obfuscated by default)
- Forwarded: append, strip, etc (obfuscated)
- Via: append, ignore, etc
http://nginx.org/en/docs/http/ngx_http_realip_module.html
- X-Forwarded-For: append, replace, rewrite with trusted, etc
- X-Real-IP: ???
-
X-Forwarded-For: append, scriptable
-
X-Forwarded-Port: scriptable (append or replace)
-
X-Forwarded-Proto: scriptable (append or replace)
-
X-Forwarded-For: set or appended (unclear)
-
X-Forwarded-Proto: set (unclear if actually supported, mentioned some places but not in official support article)
-
CF-Connecting-IP: set
-
Cf-Visitor: set with JSON structure containing protocol
https://httpd.apache.org/docs/2.4/mod/mod_proxy.html
- X-Forwarded-For: append
- X-Forwarded-Host: append
- X-Forwarded-Proto: append
https://cloud.google.com/compute/docs/load-balancing/http/
- Via: add or append (unclear)
- X-Forwarded-Proto: set (probably doesn't append)
- X-Forwarded-For: appends
No header modifications?
- https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#4-option%20forwardfor
- http://www.serverphorums.com/read.php?10,357873
Adds new X-Forwarded-For header to the end of the first request. Need to tell it to close the connection to the backend server on every request to force the header into every request. Doesn't add X-Forwarded-Proto, etc unless set manually, e.g. http-request add-header X-Forwarded-Proto https if { ssl_fc }
.
- http://blog.haproxy.com/2012/06/05/preserve-source-ip-address-despite-reverse-proxies/
- http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
The problem appears when haproxy runs with keep-alive on the side towards the client. The Stunnel patch will only add the X-Forwarded-For header to the first request of each connection and all subsequent requests will not have it. One solution could be to improve the patch to make it support keep-alive and parse all forwarded data, whether they're announced with a Content-Length or with a Transfer-Encoding, taking care of special methods such as HEAD which announce data without transfering them, etc... In fact, it would require implementing a full HTTP stack in Stunnel. It would then become a lot more complex, a lot less reliable and would not anymore be the "dumb proxy" that fits every purposes.
https://www.playframework.com/documentation/2.5.x/HTTPServer#Configuring-trusted-proxies