在Java Web应用程序中处理X-FORWARDED-PROTO标头 [英] Handling X-FORWARDED-PROTO header in Java web application

问题描述

任何人都可以指导我如何使用 X-FORWARDED-PROTO 标头.

Can any one guide me in working with X-FORWARDED-PROTO header in Java web application deployed to Apache Tomcat.

应用程序设置的方式是tomcat与Apache Web服务器对话，后者又与Cisco Load Balancer对话，最后该平衡器将页面发布到客户端(tomcat-> apache2-> Load Balancer->客户端).

The application setup is in such a way that tomcat talks with Apache webserver, which in turn talks with Cisco Load Balancer, finally the balancer publishes the pages to the client (tomcat -> apache2 -> load balancer -> client).

SSL证书已安装在负载均衡器中，并且正在处理HTTPS请求.我的要求是使应用程序的行为使其使用 X-FORWARDED-PROTO 并将页面更改为HTTP或HTTPS.

The SSL Certificate is installed in Load Balancer and it's handling HTTPS requests. My requirement is to make the application behave in such a way that it uses the X-FORWARDED-PROTO and change the pages as HTTP or HTTPS.

检查网页的头文件时，找不到 X-FORWARDED-PROTO 头.我也没有访问负载均衡器配置的权限，IT建议我们使用 X-FORWARDED-PROTO 区分HTTP和HTTPS请求.

Checking on the header files of my webpages I could not find the X-FORWARDED-PROTO header. I don't have access to the Load Balancer configuration either, and the IT has suggested us to use the X-FORWARDED-PROTO to differentiate between HTTP and HTTPS request.

是否需要在Tomcat或Apache级别进行任何配置，以使其返回 X-FORWARDED-PROTO 标头?还是应该在负载均衡器中处理配置?

Is there any configuration to be done in Tomcat or Apache level so that it will return the X-FORWARDED-PROTO header? Or is it that the configuration should be handled in Load Balancer?

推荐答案

我很确定您现在已经知道了所有内容，不过我还是会添加答案.

I am pretty sure you have it all figured out by now but I will add the answer nonetheless.

您可以在tomcat的 conf/server.xml 的引擎标签中使用类 org.apache.catalina.valves.RemoteIpValve .

You can use the class org.apache.catalina.valves.RemoteIpValve in the engine tag in conf/server.xml of tomcat.

    <Valve className="org.apache.catalina.valves.RemoteIpValve"
           internalProxies="192.168.1.XXX"
           remoteIpHeader="x-forwarded-for"
           remoteIpProxiesHeader="x-forwarded-by"
           protocolHeader="x-forwarded-proto"
    />

需要注意的一件很重要的事情是设置内部代理值.如果未设置此选项，而您使用的是非标准网络设置，则可能会导致tomcat无法检查 x-forwarded 标头，并且默认为"http"的某些问题.出于安全原因，我建议即使将其与默认设置一起使用也应进行设置.

Something to note that is very important is to set the internalProxies value. If this is not set and you are you using a non-standard network setup it could cause some issues where tomcat will not check for x-forwarded headers and it will default to "http". For security reasons I'd recommend to set it even if it works with the defaults.

在此处中查找欲获得更多信息.

Look here for more information.

这篇关于在Java Web应用程序中处理X-FORWARDED-PROTO标头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！