[Catalyst] RFC for handling reverse proxies not deployed to standard ports.

Marlon Bailey mbailey at vortexit.net
Fri Jun 15 18:55:52 GMT 2007

I looked into how mod_proxy is handling this.  They pass a
X-Forwarded-Port header value with the port of the client.  So you can
rebuild the client information with

and X-Forwarded-Port

to tell whether the request was standard(port 80) or ssl(port 443) i
believe this would be a more general approach and seems to be working
for mod_proxy.  But it's beyond the scope of my RFC.

On Fri, 2007-06-15 at 11:55 -0500, Dave Rolsky wrote:
> On Fri, 15 Jun 2007, Marlon Bailey wrote:
> > Suggestion:  I'd like to submit a solution that extends the current
> > proxy-backend practice of reading the proxy values out of the request
> > header.  Currently the client's IP is taken from a "X-Forwarded-For"
> > header value, and the host's(Reverse Proxy) hostname is taken from a
> > "X-Forwarded-Host" header value. I suggest adding the ability for
> > Catalyst to set the host's port from a "X-Forwarded-Host-Port" header
> > value.  This way a simple config option such as this
> This would be great. When I'm doing development I often run an Apache on a 
> non-standard (high) port, and have solved this problem in various apps.
> For Catalyst, so far I've mostly been using the standalone server, but 
> eventually I'll want to be able to test locally with a "real" server to 
> mimic the eventual production environment.
> > Extras considerations:  After speaking with Matt(mst) about this, he
> > also suggested allowing the "Path" value to be set from a header value
> > as well.
> And _another_ one to add ...
> Often the frontend of an app is listening on both http & https ports. When 
> I generate URIs in the backend, I often want to take this into account and 
> generate the scheme based on what the user requested.
> In previous mod_perl apps, what I've done is have the backend server 
> _also_ listen on two ports. Then I have the frontend forward to one or the 
> other. The code will usually look for some sort of hack like an env var 
> (which I only set in one vhost) that says "use https".
> Adding a header like X-Forwarded-Was-HTTPS would be a much better 
> solution. Basically, the more info about the original frontend request 
> that can be captured the better.
> -dave
> /*===================================================
> VegGuide.Org                        www.BookIRead.com
> Your guide to all that's veg.       My book blog
> ===================================================*/
> _______________________________________________
> List: Catalyst at lists.rawmode.org
> Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/
> Dev site: http://dev.catalyst.perl.org/

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Catalyst mailing list