We will take a look at this x header and the insertion of the originating protocol for web services. One big problem with multi-services web hosts, we have no means to quickly identify the src of the connection origination method ( http | https )
A weblog typically shows us the client address, user-agent, httpGetMethod and the url. But did the client come by the means of http ? or https secured ?
A custom X header can be inserted via the reverse proxy, that can flag the connection type as being http non-secured or https secured.
"X-Forwarded-Proto:"
This header field is being used more and more, by thousands of webservers on planet earth to help id the origination protocol. You can use any modern SLB to insert this field ( i.e vendors F5; A10, Radware, LVS, ServerIron )
e.g
request-header-insert X-forwarded-Proto:http
request-header-insert X-forwarded-Proto:https
This additional header value is small, but beneficial for web site analysis , and for providing details on the client's connection type.
Here's a dump of a typical http header X-Forwards;
X-Forwarded-For: 10.10.19.11\r\n
X-Forwarded-Proto: http\r\n
The latter is for identifying the connection type.
Ken Felix
Freelance Network/Security Engineer
kfelix a-t hyperfeed d-o-t com
No comments:
Post a Comment