I submitted a patch to fix a problem I have experienced when multiple
proxies are in between the rails process and the browser.
http://dev.rubyonrails.org/ticket/3397
This problem has come up because I have a few rails application on an
intranet where I have to use proxies to provide access to some
clients. I have done little work with this sort of thing before so I
was hoping to get more input from someone on this list.
When multiple proxies have serviced a request the
HTTP_X_FORWARDED_HOST environment variable is created and looks like
this:
HTTP_X_FORWARDED_HOST = “www.firsthost.org, www.secondhost.org”
In this case the browser requested a url from www.firsthost.org, which
then forwarded this request to www.secondhost.org which then forwarded
this to the rails application (perhaps hosted via webrick or
lighttpd).
When ActionController::redirect_to is called in this scenario an error
occurs because it attempts to redirect to “http://www.firsthost.org,
www.secondhost.org/whatever/url” which is invalid. This happens
because when the hostname is requested by redirect_to it receives back
the whole HTTP_X_FORWARDED_HOST balue. If the browser had requested
the url directly from www.secondhost.org HTTP_X_FORWARDED_HOST would
equal “www.secondhost.org” and this error does not occur.
The patch returns only the first host name if there is a comma
delimited chain. In the example above this results redirects now go
to “http://www.firsthost.org/whatever/url”, and this works in my
setup. Now I am now wondering if I should have made it redirect to the
last hostname in the HTTP_X_FORWARDED_HOST instead. In some setups url
rewriting may be done on www.firsthost.org and it may not be expecting
urls to be redirected with its own host name.
In my environment I am using Apache’s “ProxyPass” and
“ProxyPassReverse”.
I am pretty sure now that I should return the last host in the chain,
but I would appreciate some feed back from anyone who may have
experience with this.
Thank you - Gaetano