Friday, May 17, 2013

X-Forwarded-Proto

We will take a look at this  x header and the  insertion of the originating protocol for web services.  One big problem with  multi-services web hosts, we have no means to quickly identify the  src of the connection origination method ( http | https )

A weblog typically shows us the client address, user-agent, httpGetMethod and the url. But did the client  come  by the means of http ? or https  secured ?

A  custom  X header can be inserted via the reverse proxy,  that can flag the connection type as being http non-secured or  https secured.

"X-Forwarded-Proto:"

This header  field is being used more and more, by thousands of webservers on planet earth to help id the origination protocol. You can use any modern SLB to insert this field ( i.e  vendors  F5; A10, Radware, LVS, ServerIron )

e.g

request-header-insert X-forwarded-Proto:http
request-header-insert X-forwarded-Proto:https

This additional header value is small, but  beneficial for web site analysis , and for providing details on the client's connection type.

Here's a dump of a  typical http header X-Forwards;

X-Forwarded-For: 10.10.19.11\r\n
X-Forwarded-Proto: http\r\n


The latter is for identifying the connection type.

Ken Felix
Freelance Network/Security Engineer
kfelix   a-t hyperfeed d-o-t com

No comments:

Post a Comment