HTTP Headers to Use Behind our Router

Last Updated October 2014

Every app on Pagoda Box lives behind a load-balancing routing mesh. Because of this, the HTTP headers you would typically use to collect information about incoming requests will collect information about the router instead. You must use different HTTP headers to collect the proper information. This doc will walk through the headers you should use. After reading it, you should be familiar with:

  • Identifying a user's IP from behind the routing mesh
  • Identifying originating protocols of a requests from behind the routing mesh

Identifying a User's IP

X-Forwarded-For

The X-Forwarded-For header will identify the originating IP address of your user.

X-Forwarded-For Usage Example PHP

  $headers = apache_request_headers();
  $real_client_ip = $headers["X-Forwarded-For"];

Identifying the Originating Protocol (HTTP or HTTPS)

X-Forwarded-Proto

The X-Forwarded-Proto header will identify the originating protocol (HTTP or HTTPS) of a request. The example below shows how X-Forwarded-Proto can be used in the .htaccess to detect if a request is using HTTP and rewrite it to HTTPS:

X-Forwarded-Proto Usage Example Apache

  RewriteEngine On
  RewriteCond %{HTTP:X-Forwarded-Proto} =http
  RewriteRule (.*) https://%{HTTP_HOST}/$1 [R]
.htaccess

If you have any questions, suggestions, or corrections, let us know.