Ad

Is Setting X-Forwarded-Host Header (fetch API) A Good Way To Let My Reverse Proxy Forward Requests To Corresponding Services?

- 1 answer

My question is basically an extended question to Can you set the Host header using fetch API

I have the same problem that my reverse proxy server (nginx) needs redirect the requests to the corresponding services. Initially I didn't know Host is a forbidden header name, so after read its explanation https://www.rfc-editor.org/rfc/rfc7230#page-44 I had thought I could just set it to different values in my fetch request to let my reverse proxy server differentiate the requests and forward to corresponding service.

Now after google it I think maybe X-Forwarded-Host can do the job, but I can't find enough material for that.

My second question is if Host can't be modified programmatically, who modify/set its value to make it useful ?

BTW, my fetch request is simple,

let response = await fetch(url, // The reverse proxy server address
{
  headers: {
    'X-Forwarded-Host' : "..."
  }
});
Ad

Answer

My second question is if Host can't be modified programmatically, who modify/set its value to make it useful ?

I'm going to address this first because I think the background is important for answering the rest of the question.

The Host header is derived from the URL. Given:

fetch("http://www.example.com/foo/bar")

… the Host header will be www.example.com. This is the same as any other HTTP request. e.g. <img src="http://www.example.com/foo.png"> will trigger a request with Host: www.example.com.

Likewise, the path (GET /foo/bar HTTP/1.1 and scheme (how the client connects to the server in the first place) are also derived from the URL.


I had thought I could just set it to different values in my fetch request to let my reverse proxy server differentiate the requests and forward to corresponding service.

You seem to misunderstand how a reverse proxy works.

The client does not make a request to the reverse proxy and ask it to give you an arbitrary URL (that's how a forward proxy works).

Instead, the person operating the website configures the desired URL to point to the reverse proxy, and then configures the reverse proxy to forward on the requests.

e.g. You might configure your public facing DNS to point www.example.com to the Internet-facing side of the reverse proxy, and then configure the reverse proxy to respond to requests for https://www.example.com/foo/bar by making a request to http://private.on.my.lan:8012/myservice/foo/bar.

Then fetch would just request https://www.example.com/foo/bar and everything else would be handled transparently by the reverse proxy.


Differentating requests is simply done by having different URLs, and possibly different hostnames.

 https://www.example.com/foo/bar
 https://www.example.com/baz
 https://www.example.net/quack
 https://www.example.info/foo/bar

… can all point to the same reverse proxy which can have logic to handle them in different ways.

Ad
source: stackoverflow.com
Ad