HTTP Headers to Use Behind our Router
Every app on Pagoda Box lives behind a load-balancing routing mesh. Because of this, the HTTP headers you would typically use to collect information about incoming requests will collect information about the router instead. You must use different HTTP headers to collect the proper information. This doc will walk through the headers you should use. After reading it, you should be familiar with:
- Identifying a user's IP from behind the routing mesh
- Identifying originating protocols of a requests from behind the routing mesh
Identifying a User's IP
X-Forwarded-For
The X-Forwarded-For header will identify the originating IP address of your user.
X-Forwarded-For Usage Example PHP
$headers = apache_request_headers(); $real_client_ip = $headers["X-Forwarded-For"];
Identifying the Originating Protocol (HTTP or HTTPS)
X-Forwarded-Proto
The X-Forwarded-Proto header will identify the originating protocol (HTTP or HTTPS) of a request. The example below shows how X-Forwarded-Proto can be used in the .htaccess to detect if a request is using HTTP and rewrite it to HTTPS:
X-Forwarded-Proto Usage Example Apache
RewriteEngine On RewriteCond %{HTTP:X-Forwarded-Proto} =http RewriteRule (.*) https://%{HTTP_HOST}/$1 [R]
If you have any questions, suggestions, or corrections, let us know.