Configuring the Software for Deployment Behind a Web Proxy

Description: When deploying our product behind a web proxy, certain configurations may be required to ensure proper operation, particularly in generating fully qualified URLs that point back to our application.

Categories: Search Appliance, Webinator

Link to this article: Select all

[url=https://forums.thunderstone.com/app.php/kb/viewarticle?a=4&sid=65768cf9f29ac20d4992a98e5a1f6d12]Knowledge Base - Configuring the Software for Deployment Behind a Web Proxy[/url]

When deploying our product behind a web proxy, certain configurations may be required to ensure proper operation, particularly in generating fully qualified URLs that point back to our application.

Transparent Proxies

If the proxy is completely transparent (i.e., it maintains the Host: header and does not add any X-Forwarded-* headers), the software product should function without any additional configuration. The product will continue to generate fully qualified URLs that point back to itself and operate as expected.

Proxies Adding Headers

For proxies that add X-Forwarded-For headers, the following headers should be configured appropriately to ensure the product generates correct URLs and handles requests properly:

Common Header

X-Forwarded-For

Purpose: Tracks the originating IP address of the client connecting through the proxy. It is used for logging and implementing IP-based access restrictions, as well as detecting that the software is running behind a proxy.

Configuration: The proxy should append the client’s IP address to the existing list of addresses in this header. This ensures a complete trace of forwarded clients.

Required Headers

X-Forwarded-Host

Purpose: Indicates the host name that the user sees in their browser.

Example Value: search.example.com

Configuration: The proxy should set this header to the public-facing hostname of the site. This should be set even if the proxy maintains the Host: header.

X-Forwarded-Proto

Purpose: Indicates the protocol (HTTP or HTTPS) that the user sees.

Example Values: http or https

Configuration: This header is especially important if the proxy performs SSL termination and forwards the request to the software product over HTTP. Set this header to reflect the protocol the user perceives.

Considerations for Header Handling

The X-Forwarded-For header should append client IP addresses rather than overwriting them, ensuring the entire chain of forwarding is maintained.

For other X-Forwarded-* headers, ensure that they are either passed through or explicitly set as required so that they reflect the URL the user sees. Verify how your proxy handles header inheritance (e.g., whether existing headers are preserved).

Troubleshooting

If the software product is not generating correct URLs or behavior is inconsistent, verify the following:

The proxy is properly configured to include X-Forwarded-Host, X-Forwarded-Proto, and X-Forwarded-For headers.

The values in these headers match the hostname, protocol, and client IP address visible to the user.

The software product is configured to trust the proxy and use the forwarded headers (if applicable).