14

I have Apache set up as a load balancer. I wanted to make apache set the X-Forwarded-Proto header, but this doesn't work:

RequestHeader set X-Forwarded-Proto "%{SERVER_PROTOCOL}e"

The header gets set to null. Any idea why?

sysadmin1138
  • 133,124
  • 18
  • 176
  • 300
John Crenshaw
  • 161
  • 1
  • 1
  • 5

4 Answers4

16

Late but still, I've just dealt with the same issue, and this worked for me:

RequestHeader set X_FORWARDED_PROTO 'https' env=HTTPS

The documentation says:

When the RequestHeader directive is used with the add, append, or set argument, a fourth argument may be used to specify conditions under which the action will be taken. If the environment variable specified in the env=... argument exists (or if the environment variable does not exist and env=!... is specified) then the action specified by the RequestHeader directive will take effect. Otherwise, the directive will have no effect on the request.

While the HTTPS environment variable is only set when the request is made through SSL.

iNecas
  • 261
  • 2
  • 2
  • 4
    According to http://en.wikipedia.org/wiki/List_of_HTTP_header_fields the header should have hyphens rather than underscores: RequestHeader set X-Forwarded-Proto 'https' env=HTTPS This is also the header that Amazon's ELB sends. – loevborg Sep 01 '14 at 13:00
12

You don't want that; it'd set your header to "HTTP/1.1" (even on an https request) - probably not terribly useful to whatever you're passing to.

You have different VirtualHost blocks for http and https; just hardcode the RequestHeader setting in each.

<VirtualHost *:80>
    RequestHeader set X-Forwarded-Proto "http"
    ...
</VirtualHost>

<VirtualHost *:443>
    RequestHeader set X-Forwarded-Proto "https"
    ...
</VirtualHost>
Shane Madden
  • 114,520
  • 13
  • 181
  • 251
  • 2
    This still doesn't answer the question of why the environment variables aren't working. I also wanted to preserve the port and some other values, some of which can't be hard coded like this. – John Crenshaw Apr 09 '11 at 10:25
4

You can fix this by using the early keyword:

RequestHeader set X-Forwarded-Proto "https" early

Otherwise, you can do what John Crenshaw suggested, which is use RewriteRule instead of ProxyPass directives.

docwhat
  • 202
  • 1
  • 3
  • 7
2

Found the cause. Turns out it is an order of operations issue. mod_rewrite is responsible for supplying these environment variables, but Apache doesn't process it until AFTER it handles any ProxyPass requests. Until then, it will just set null. The only workaround appears to be to do the proxying via mod_rewrite.

See http://www.gossamer-threads.com/lists/apache/users/267160?do=post_view_threaded#267160

John Crenshaw
  • 161
  • 1
  • 1
  • 5