Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Adding a custom header to ARR requests

Tags:

reverse-proxy

iis

iis-arr

I'm running a service behind IIS using ARR as a reverse proxy. I know there are x-forwarded-for and x-arr-log-id headers that are passed along. However, what I would like is a private key passed in so that the backing application explicitly knows that the request is not local (even though the ARR server is). I've seen some posts on adding/replacing server variables, but this doesn't seem to come through via the request headers on the backing application.

I'm guessing that there must be some web.config setting that will do this, but have had no luck finding it thus far.

Example: X-PRIVATE-TOKEN: We are the children of Korn!

So that I can trust the x-forwarded-for address is the actual address, as opposed to simply distrusting all proxy request's ip address references.

like image 970
Tracker1 Avatar asked Nov 27 '12 17:11

Tracker1

People also ask

Are custom HTTP headers allowed?

Custom HTTP headers can be used to filter requests or specify a value for the Accept header. Some endpoints employ custom HTTP headers to filter data returned by a GET or POST request.

How do I add HTTP response header?

Select the web site where you want to add the custom HTTP response header. In the web site pane, double-click HTTP Response Headers in the IIS section. In the actions pane, select Add. In the Name box, type the custom HTTP header name.

What is custom header in API?

Custom Headers allow us to add extra content to our HTTP requests and responses, which we can pass between the client and server. We can use custom headers for metadata, such as defining the current version of the API that is being used.

2 Answers

The answer, courtesy of IIS.net , would appear to be that this is part of the related URL Rewrite Module:

The request headers are set by using the same mechanism as for server variables, but with a special naming convention. If a server variable name in the collection starts with "HTTP_" then this results in an HTTP request header being set in accordance to the following naming convention:

All underscore ("_") symbols in the name are converted to dash symbols ("-"). All letters are converted to lower case. "HTTP_" prefix is removed For example the following configuration is used to sets the custom x-original-host header on the request:

<set name="HTTP_X_ORIGINAL_HOST" value="{HTTP_HOST}" />

like image 118
mwardm Avatar answered Sep 25 '22 13:09

mwardm

try:

<rule name="myRule_01">
  ...
  <serverVariables>
    <set name="HTTP_X_PRIVATE_TOKEN" value="We are the children of Korn!" />
  </serverVariables>
  ...
</rule>

The header field of the http request will be: x-private-token

like image 22
SzB Avatar answered Sep 23 '22 13:09

SzB
Sign in to Comment

Related questions

IIS TLS Certificate - Chrome says we are using "obsolete cryptography"
Why ServicePointManager.SecurityProtocol default value is different on different machines?
IIS equivalent of VirtualHost in Apache
How to tell TFS to deploy multiple webapps containing in one solution?
Is there any performance hit involved in choosing gzip over deflate for http compression?
Does IIS do the SSL certificate check or do I have to verify it?
Performance of ASP.NET in Mono(Linux) vs IIS(Window)
Best practice for http redirection for Windows Azure
ASP.NET aspxerrorpath in URL
What is the right application pool for Net 4.5 for web app on IIS?
Static images and CSS not showing (401) but bundled css and js do
IIS Deployed ASP.NET 5 BETA 8 site to IIS gives HTTP Error 500.19 - Internal Server Error
Pros and Cons of running Quartz.NET embedded or as a windows service
How do I force compilation of ASP.NET MVC views?
Debugging an ASP.NET MVC application on an Android phone
unable to launch iis express web server port 80 is in use
How to respect "Serve static content from a cookieless domain" page speed rule in IIS6?
Powershell list of websites using get-website?
How to rename application pool that already has application assigned to it?
IIS Serves Custom Error page as plain text, no content-type header

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!