X-Forwarded-Hostãƒ˜ãƒƒãƒ€ã®æ‰±ã„

Railsã§è‡ªåˆ†ã®ã‚µãƒ¼ãƒåã‚’çŸ¥ã‚ã†ã¨ã—ã¦request.host_with_portã‚’ä½¿ãŠã†ã¨ã—ã¦ã€å¤šæ®µreverse proxyä¸‹ã ã£ãŸã®ã§ã‚ã‚“ã©ã†ãªã“ã¨ã«ãªã£ãŸã€‚

Rails(Rack)ã ã¨

    def host_with_port
      if forwarded = @env["HTTP_X_FORWARDED_HOST"]
        forwarded.split(/,\s?/).last
      else
        @env['HTTP_HOST'] || "#{@env['SERVER_NAME'] || @env['SERVER_ADDR']}:#{@env['SERVER_PORT']}"
      end 
    end

ã¨ãªã£ã¦ã„ã¦X-Forwarded-Hostãƒ˜ãƒƒãƒ€ãŒã‚ã‚Œã°ã“ã‚Œã®æœ€å¾Œã®å€¤ã‚’åˆ©ç”¨ã—ã‚ˆã†ã¨ã—ã¦ã„ã‚‹ã€‚X-Forwarded-Hostã¯proxyãŒå—ã‘å–ã£ãŸHostãƒ˜ãƒƒãƒ€ã‚’æœ¬å½“ã®å®›å…ˆã«é€ã‚‹ãƒ˜ãƒƒãƒ€(éžæ¨™æº–)ã€‚ä»¥ä¸‹ã®ã‚ˆã†ãªå¤šæ®µproxyã®å ´åˆ

client -> proxy1 -> proxy2 -> ... -> proxyN -> server

serverãŒå—ã‘å–ã‚‹X-Forwarded-Hostã¯

proxy1, proxy2, ..., proxyN

ã¨ã„ã†å½¢å¼ã«ãªã‚‹ã€‚

ãã®ãŸã‚ã€host_with_portã¯proxyNã‚’è¿”ã™ã®ã ãŒã“ã¡ã‚‰ã¨ã—ã¦ã¯proxy1ãŒå¤–ã‹ã‚‰è¦‹ãˆã‚‹ãƒ›ã‚¹ãƒˆåãªã®ã§proxy1ã‚’è¿”ã—ã¦ã»ã—ã„ã€‚

ã‚¢ãƒ—ãƒªå´ã¯ã„ã˜ã‚Œãªã‹ã£ãŸã®ã§Apacheã®è¨å®šã§ç„¡ç†çŸ¢ç†proxyNãŒã‚µãƒ¼ãƒã«

Host: proxy1

ã¨é€ã‚‹ã‚ˆã†ã«ã—ãŸã‘ã©ã€‚

ãªã‚“ã§æœ€å¾Œã‚’è¿”ã™ã®ã‹ãŒã‚ã‹ã‚‰ãšããã£ã¦ã¿ãŸãŒã‚„ã£ã±ã‚Šã‚ã‹ã‚‰ãªã„

Ruby - Rack::Request#hostがX-Forwarded-Hostの最後のプロキシホストを返す理由 - Qiita

ã‚’è¦‹ã¦redirectãŒã†ã¾ãã„ãã‚ˆã†ã«ã¨ã„ã†ã“ã¨ã¿ãŸã„ã ã‘ã©ã‚‚ã€redirectã®å ´åˆã‚‚proxy1ã‚’è¿”ã—ã¦ã»ã—ã„æ°—ãŒã™ã‚‹ã€‚

ã§ä»–ã®ãƒ•ãƒ¬ãƒ¼ãƒ ãƒ¯ãƒ¼ã‚¯ã¯ã©ã†ã ã‚ã†ã¨æ€ã£ã¦ã¡ã‚‡ã£ã¨ã—ã‚‰ã¹ã¦ã¿ã‚‹

Django

    def get_host(self):
        """Returns the HTTP host using the environment or request headers."""
        # We try three options, in order of decreasing preference.
        if settings.USE_X_FORWARDED_HOST and (
                'HTTP_X_FORWARDED_HOST' in self.META):
            host = self.META['HTTP_X_FORWARDED_HOST']
        elif 'HTTP_HOST' in self.META:
            host = self.META['HTTP_HOST']
        else:
            # Reconstruct the host using the algorithm from PEP 333.
            host = self.META['SERVER_NAME']
            server_port = str(self.META['SERVER_PORT'])
            if server_port != ('443' if self.is_secure() else '80'):
                host = '%s:%s' % (host, server_port)

è¨å®šã§USE_X_FORWARDED_HOSTã‚’æœ‰åŠ¹ã«ã—ã¦ã„ã‚‹å ´åˆã®ã¿X-Forwarded-Hostã‚’åˆ©ç”¨ã—ã¦ã„ã‚‹ã€‚ã“ã‚Œã«ã¤ã„ã¦ã¯ä»¥ä¸‹ã§è°è«–ã•ã‚Œã¦ã„ã‚‹

#9064 (Redirect is broken when HTTP_X_FORWARDED_HOST contains multiple hosts) – Django

ç¢ºã‹ã«X-Forwarded-Hostã‚’ã©ã“ã¾ã§ä¿¡ç”¨ã™ã¹ããªã®ã‹ã¨ã„ã†è©±ã‚‚ã‚ã‚‹ã—ã€forward proxyã®æƒ…å ±ãŒå‰Šé™¤ã•ã‚Œã¦ã„ãªã„å ´åˆã¯ã©ã†ã™ã‚‹ã®ã¨ã‹ã‚‚ã‚ã‚‹ã—ã€ã‚ã‚“ã¾ã‚Šãƒ•ãƒ¬ãƒ¼ãƒ ãƒ¯ãƒ¼ã‚¯ãŒãŒã‚“ã°ã£ã¦ã‚‚ã—ã‚‡ã†ãŒãªã„æ°—ãŒã™ã‚‹ã€‚

ã‚ã¨ã€è¤‡æ•°å€¤ã‚ã‚‹å ´åˆã«ã¯å¯¾å¿œã—ã¦ã„ãªã„ã£ã½ã„

Plack

sub _uri_base {
    my $self = shift;

    my $env = $self->env;

    my $uri = ($env->{'psgi.url_scheme'} || "http") .
        "://" .
        ($env->{HTTP_HOST} || (($env->{SERVER_NAME} || "") . ":" . ($env->{SERVER_PORT} || 80))) .
        ($env->{SCRIPT_NAME} || '/');

    return $uri;
}

ã¾ã¨ã‚

ã¾ã‚ã€X-Forwarded-Hostã¯ãƒ•ãƒ¬ãƒ¼ãƒ ãƒ¯ãƒ¼ã‚¯ã«ã‚ˆã£ã¦ã¯å¯¾å¿œã—ã¦ã„ãªã„ã—ã€ã‚ã‚“ã¾ã‚Šä¿¡ç”¨ã™ã¹ãã§ã‚‚ãªã„ã€‚

ã¦ãã¨ã†ãªãƒ¡ãƒ¢

æœ¬ã®æ„Ÿæƒ³ã¨ã‹æŠ€è¡“ãƒ¡ãƒ¢ã¨ã‹

X-Forwarded-Hostãƒ˜ãƒƒãƒ€ã®æ‰±ã„

Django

Plack

ã¾ã¨ã‚

Django

Plack

ã¾ã¨ã‚

ã¾ã¨ã‚