I'm running a service behind IIS using ARR as a reverse proxy. I know there are x-forwarded-for
and x-arr-log-id
headers that are passed along. However, what I would like is a private key passed in so that the backing application explicitly knows that the request is not local (even though the ARR server is). I've seen some posts on adding/replacing server variables, but this doesn't seem to come through via the request headers on the backing application.
I'm guessing that there must be some web.config setting that will do this, but have had no luck finding it thus far.
Example: X-PRIVATE-TOKEN: We are the children of Korn!
So that I can trust the x-forwarded-for
address is the actual address, as opposed to simply distrusting all proxy request's ip address references.
Custom HTTP headers can be used to filter requests or specify a value for the Accept header. Some endpoints employ custom HTTP headers to filter data returned by a GET or POST request.
Select the web site where you want to add the custom HTTP response header. In the web site pane, double-click HTTP Response Headers in the IIS section. In the actions pane, select Add. In the Name box, type the custom HTTP header name.
Custom Headers allow us to add extra content to our HTTP requests and responses, which we can pass between the client and server. We can use custom headers for metadata, such as defining the current version of the API that is being used.
The answer, courtesy of IIS.net , would appear to be that this is part of the related URL Rewrite Module:
The request headers are set by using the same mechanism as for server variables, but with a special naming convention. If a server variable name in the collection starts with "HTTP_" then this results in an HTTP request header being set in accordance to the following naming convention:
All underscore ("_") symbols in the name are converted to dash symbols ("-"). All letters are converted to lower case. "HTTP_" prefix is removed For example the following configuration is used to sets the custom x-original-host header on the request:
<set name="HTTP_X_ORIGINAL_HOST" value="{HTTP_HOST}" />
try:
<rule name="myRule_01">
...
<serverVariables>
<set name="HTTP_X_PRIVATE_TOKEN" value="We are the children of Korn!" />
</serverVariables>
...
</rule>
The header field of the http request will be: x-private-token
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With