Forum: Ruby on Rails rails behind multiple proxies

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
Guy Tinat (Guest)
on 2006-01-07 22:55
(Received via mailing list)
I submitted a patch to fix a problem I have experienced when multiple
proxies are in between the rails process and the browser.

This problem has come up because I have a few rails application on an
intranet where I have to use proxies to provide access to some
clients. I have done little work with this sort of thing before so I
was hoping to get more input from someone on this list.

When multiple proxies have serviced a request the
HTTP_X_FORWARDED_HOST environment variable is created and looks like


In this case the browser requested a url from, which
then forwarded this request to which then forwarded
this to the rails application (perhaps hosted via webrick or

When ActionController::redirect_to is called in this scenario an error
occurs because it attempts to redirect to "," which is invalid. This happens
because when the hostname is requested by redirect_to it receives back
the whole HTTP_X_FORWARDED_HOST balue. If the browser had requested
the url directly from HTTP_X_FORWARDED_HOST would
equal ""  and this error does not occur.

The patch returns only the first host name if there is a comma
delimited chain.  In the example above this results redirects now go
to "", and this works in my
setup. Now I am now wondering if I should have made it redirect to the
last hostname in the HTTP_X_FORWARDED_HOST instead. In some setups url
rewriting may be done on and it may not be expecting
urls to be redirected with its own host name.

In my environment I am using Apache's "ProxyPass" and

I am pretty sure now that I should return the last host in the chain,
but I would appreciate some feed back from anyone who may have
experience with this.

Thank you - Gaetano
This topic is locked and can not be replied to.