In a Rack middleware filter, I know the call method takes an env hash variable. I'm looking through someone's Rack middleware code and I see
env['HTTP_X_FORWARDED_HOST']
Can someone explain what HTTP_X_FORWARDED_HOST means? Is it the host where the request originated from?
I know this is a super-old question, but HTTP_X_FORWARDED_HOST is used when there is a proxy (or multiple proxies) between the browser and your server. If you have this setup:
End User -> Proxy A -> Proxy B -> Server
Then, when End User makes a request (with a Host header), Proxy A will receive it. It will set its own Host, then put the End User Host into X-Forwarded-Host before making the request to Proxy B. Proxy B will do the same, appending Proxy A's Host onto X-Forwarded-Host (so the header will look like EndUserHost,ProxyAHost) and setting its own Host. Your server will then receive a request with Proxy B's Host header, and an X-Forwarded-Host header that has a value that looks like "EndUserHost,ProxyAHost"
.
Some info: http://hustoknow.blogspot.com/2011/02/x-forwarded-for-vs-httpxforwardedhost.html
One thing to note: An end-user can spoof X-Forwarded-Host, so you have to be careful about the assumptions to make with it.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With