Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Adding a custom header to ARR requests

I'm running a service behind IIS using ARR as a reverse proxy. I know there are x-forwarded-for and x-arr-log-id headers that are passed along. However, what I would like is a private key passed in so that the backing application explicitly knows that the request is not local (even though the ARR server is). I've seen some posts on adding/replacing server variables, but this doesn't seem to come through via the request headers on the backing application.

I'm guessing that there must be some web.config setting that will do this, but have had no luck finding it thus far.

Example: X-PRIVATE-TOKEN: We are the children of Korn!

So that I can trust the x-forwarded-for address is the actual address, as opposed to simply distrusting all proxy request's ip address references.

like image 970
Tracker1 Avatar asked Nov 27 '12 17:11

Tracker1


People also ask

Are custom HTTP headers allowed?

Custom HTTP headers can be used to filter requests or specify a value for the Accept header. Some endpoints employ custom HTTP headers to filter data returned by a GET or POST request.

How do I add HTTP response header?

Select the web site where you want to add the custom HTTP response header. In the web site pane, double-click HTTP Response Headers in the IIS section. In the actions pane, select Add. In the Name box, type the custom HTTP header name.

What is custom header in API?

Custom Headers allow us to add extra content to our HTTP requests and responses, which we can pass between the client and server. We can use custom headers for metadata, such as defining the current version of the API that is being used.


2 Answers

The answer, courtesy of IIS.net , would appear to be that this is part of the related URL Rewrite Module:

The request headers are set by using the same mechanism as for server variables, but with a special naming convention. If a server variable name in the collection starts with "HTTP_" then this results in an HTTP request header being set in accordance to the following naming convention:

All underscore ("_") symbols in the name are converted to dash symbols ("-"). All letters are converted to lower case. "HTTP_" prefix is removed For example the following configuration is used to sets the custom x-original-host header on the request:

<set name="HTTP_X_ORIGINAL_HOST" value="{HTTP_HOST}" />

like image 118
mwardm Avatar answered Sep 25 '22 13:09

mwardm


try:

<rule name="myRule_01">
  ...
  <serverVariables>
    <set name="HTTP_X_PRIVATE_TOKEN" value="We are the children of Korn!" />
  </serverVariables>
  ...
</rule>

The header field of the http request will be: x-private-token

like image 22
SzB Avatar answered Sep 23 '22 13:09

SzB