2

Can someone explain what the "X-Forwarded-Proto2" header is in this HAProxy frontend stanza?:

frontend main *:443
  ...
  reqirep ^(X-Forwarded-Proto:)(.*) X-Forwarded-Proto2:\2
  ...

I understand that HAProxy is injecting a HTTP header. But why is there a 2 at the end of the new string? I'm referring to the number "2" at the end of the header, not the regex backreference.

blindsnowmobile
  • 347
  • 5
  • 15
  • Where did you see this? It looks as if somebody wanted to rename the header `X-Forwarded-Proto:` to `X-Forwarded-Proto2:` for... whatever reason. That's what this would do. – Michael - sqlbot Jun 06 '16 at 22:47
  • On a server that acts as a proxy to a java application. I wasn't sure what to make of it at first, but I think it has something to do with the fact that we have multiple levels of proxying taking place. – blindsnowmobile Jun 08 '16 at 00:05
  • 1
    Possibly added by someone who didn't understand how `X-Forwarded-For:` is supposed to work -- each intermediate proxy appends the incoming address on the end, so you read right-to-left, removing addresses of machines you trust, stopping at the first address (from the right) that's not one of yours. Maybe you have a component that chokes on longish but valid values. (I ran into a system once that blew up of the XFF was > 45 bytes. Naïve coding at its finest, since 3 IP addresses only worked if not all the octets were 3 digits each. Yuck.) But there's no standard reason for this config. – Michael - sqlbot Jun 08 '16 at 04:15

0 Answers0