Handling X-FORWARDED-PROTO header in Java web application

Question

Can any one guide me in working with X-FORWARDED-PROTO header in Java web application deployed to Apache Tomcat.

The application setup is in such a way that tomcat talks

Answer 1

I am pretty sure you have it all figured out by now but I will add the answer nonetheless.

You can use the class org.apache.catalina.valves.RemoteIpValve in the engine tag in conf/server.xml of tomcat.

    <Valve className="org.apache.catalina.valves.RemoteIpValve"
           internalProxies="192.168.1.XXX"
           remoteIpHeader="x-forwarded-for"
           remoteIpProxiesHeader="x-forwarded-by"
           protocolHeader="x-forwarded-proto"
    />

Something to note that is very important is to set the internalProxies value. If this is not set and you are you using a non-standard network setup it could cause some issues where tomcat will not check for x-forwarded headers and it will default to "http". For security reasons I'd recommend to set it even if it works with the defaults.

Look here for more information.

Answer 2

Add this to your apache vhost managing connections

<VirtualHost *:80>
  ...
  RewriteEngine On
  RewriteCond %{HTTP:X-Forwarded-Proto} !https
  RewriteRule !/status https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
</VirtualHost>

this assumes your health check is /status, which doesn’t require https