Implementing Secure Proxy's HTTP proxying capabilities
This section describes IBM Secure Proxy’s enhanced http proxying capabilities, that allow Secure Proxy to pass requests off to backend http servers for further processing.
IBM Secure Proxy now also includes HTTP host header and client IP address in requests it forwards to the back-end servers to ensure source IP address (of Client) is made available to the backend servers.
Secure Proxy implements this feature in the following two ways:
- HTTP host header is forwarded in the Forwarded header
hostfield and X-Forwarded-host header. - Client IP address is forwarded in the Forwarded header
forfield and X-Forwarded-For header.
The following section describes how secure proxy adapter adjusts or sets the headers to render Secure Proxy’s proxying capabilities:
Forwarded header
The
for, host, by fields in this header value are determined and updated by the
Http Proxy Adapter as follows:- The
forparameter value is set to the client IP address as determined by the TCP connection. - The
byparameter value is set to the host name or IP address as derived from Fully Qualified Domain Name (FQDN) in the SSO properties. If SSO is not configured, the host name or IP value is derived from adapter propertyproxy.host.name.or.ip. The host parameter is updated with the host header value received from the client - The host parameter value is used in the context of PEM systems and also by servers on the back-end needing to access the actual client IP address.
X-Forwarded-For header
- The
X-Forwarded-Forheader value is set to the for parameter value as derived in Forwarded header in step 1. - This accommodates Servers that may not be processed by the Forwarded header.
X-Forwarded-Host
- The
X-Forwarded-Hostheader value is set to the host parameter value as derived in Forwarded header in step 1. - This accommodates Servers that may not be processed by the Forwarded header.