While logging the HTTP headers that are received by my web app (which is behind a load balancer + firewall), I've noticed that I'm receiving the X-Original-For and X-Original-Proto headers (besides the traditional X-Forwared-XXX headers).
What's their purpose?
Short Answer: The X-Original-* represents the original header value received in HttpContext.Connection and HttpContext.Request.
Long Version: When using Nginx/IIS/Apache to setup a reverse proxy, the HttpContext.Connnection and HttpContext.Request will be changed to the left-most value in X-Forwarded-* header, X-Original-* headers are used to save the original HttpContext.Connection and HttpContext.Request values:
HttpContext.Request.Scheme will be saved as header X-Original-Proto: ..., and then the HttpContext.Request.Scheme will be changed to the left-most scheme in the header of X-Forwarded-Proto: o1, o2, ...HttpContext.Request.Host will be saved as header X-Original-Host: <original-host>, and the then HttpContext.Request.Host will be changed to the left-most host in the header of X-Forwarded-Host: o1, o2, ...HttpContext.Connection.RemoteIpAddress and HttpContext.Connection.RemotePort will be saved as header OriginalForHeaderName: <original-endpoint>, and then this value will be changed to left-most IP and port in header of X-Forwarded-For: o1, o2, ...See source code of saving X-Original-For:
requestHeaders[_options.OriginalForHeaderName] = new IPEndPoint(connection.RemoteIpAddress, connection.RemotePort).ToString();
See source code of saving X-Original-Proto :
requestHeaders[_options.OriginalProtoHeaderName] = request.Scheme;
See source code of saving X-Original-Host :
requestHeaders[_options.OriginalHostHeaderName] = request.Host.ToString();
