reverse proxy – What is the nginx Variable for a custom Header?

A client is sending a custom HTTP Header X-ABC-LOGIN-NAME to my Nginx reverse proxy. To be sure that it is actually arriving, a PHP server (fastcgi) was installed and this header is really showing up (with a value) in phpinfo(), section ‘PHP Variables’.

I operate a Django backend with a gunicorn server and in the Django code, I print all headers to the console. When I assign a static value to the X-ABC-LOGIN-NAME in /etc/nginx/sites-enabled/default, the value arrives at the backend. In the nginx default file this looks as:

location / {

    proxy_pass http://localhost:8000;
    proxy_pass_request_headers on;

    proxy_http_version 1.1;

    proxy_set_header Upgrade $http_upgrade;

    proxy_set_header X-ABC-LOGIN-NAME "static_name"; # <-- "static_name" arrives in the python print statement
    proxy_set_header X-ABC-LOGIN-NAME $http_x_abc_login_name;  # <-- This value is empty

    proxy_set_header   Connection keep-alive;
    proxy_set_header   Host $host;
    proxy_cache_bypass $http_upgrade;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Proto $scheme;

}

I exhaustively searched the internet and cannot tell how to find the name of the variable that contains the value, or where it gets lost.

nginx – How to use Ngnix as a reverse proxy to access OpenShift (OKD) 4.X?

How to use Ngnix as a reverse proxy to access OpenShift (OKD) 4.X?

I’ve tried hundreds of setups for the reverse proxy (Nginx) and they all fail with the error “Application is not available” when we access the oauth-openshift.apps.mbr.some.dm route.

NOTE: This problem does not occur if we access this route directly (without using Reverse Proxy). Perhaps some information necessary for the route to be resolved is not being sent.

This is the basic configuration template we are using…

server {
    access_log /var/log/nginx/apps.mbr.some.dm-access.log;
    error_log /var/log/nginx/apps.mbr.some.dm-error.log;
    server_name ~^(?<subdomain>.+).apps.mbr.some.dm$;

    location / {
        proxy_pass https://10.2.0.18:443;
        proxy_set_header Host $subdomain.apps.mbr.some.dm;
        proxy_set_header X-Forwarded-For https://$subdomain.apps.mbr.some.dm$request_uri;
    }

    listen 443;
    ssl_certificate /etc/letsencrypt/live/apps.mbr.some.dm/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/apps.mbr.some.dm/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

We also tested these parameters and got some problems as you can see below…

server {
    (...)
    location / {
        (...)
        proxy_ssl_certificate /etc/nginx/backend_ss_certs/apps.mbr.some.dm.crt;
        proxy_ssl_certificate_key /etc/nginx/backend_ss_certs/apps.mbr.some.dm.key;
        proxy_ssl_trusted_certificate /etc/nginx/backend_ss_certs/apps.mbr.some.dm.crt.key.pem;
        proxy_ssl_ciphers HIGH:!aNULL:!MD5;
        proxy_ssl_protocols TLSv1.2 TLSv1.3;
        proxy_ssl_server_name on;
        proxy_ssl_session_reuse on;
        proxy_ssl_verify on;
        (...)
    }
    (...)
}

The certificates apps.mbr.some.dm.crt, apps.mbr.some.dm.key, apps.mbr.some.dm.crt.key.pem are the self-signed certificates used by OpenShift (OKD) to allow access to resources (HTTPS). However if we try to use these certificates with the reverse proxy (Nginx) the following error happens (“Bad Gateway”)…

2021/07/22 17:36:11 (error) 6999#6999: *1 upstream SSL certificate verify error: (21:unable to verify the first certificate) while SSL handshaking to upstream, client: 177.25.231.233, server: ~^(?<subdomain>.+).apps.mbr.brlight.net$, request: "GET /favicon.ico HTTP/1.1", upstream: "https://10.2.0.18:443/favicon.ico", host: "oauth-openshift.apps.mbr.some.dm", referrer: "https://oauth-openshift.apps.mbr.some.dm/oauth/authorize?client_id=console&redirect_uri=https%3A%2F%2Fconsole-openshift-console.apps.mbr.some.dm%2Fauth%2Fcallback&response_type=code&scope=user%3Afull&state=ff6f3064"

NOTA: We tested the apps.mbr.some.dm.crt and apps.mbr.some.dm.crt.key.pem certificates using curl and both worked perfectly.


PLUS: We couldn’t define a way to diagnose/observe (logs) about what goes wrong when the request arrives the route oauth-openshift.apps.mbr.some.dm . I think this would help us figure out what’s going wrong.

reverse proxy – Apache – ProxyPassReverse multiple entries with same host

we have configuration (not configured by me, and dev who configured is gone) like so:

<Proxy balancer://acluster>
BalancerMember ajp://10.10.10.1:8123 route=r1
BalancerMember ajp://10.10.10..1:8123 route=r2
</Proxy>
ProxyPass / balancer://acluster

#ProxyPassReverse / balancer://acluster
ProxyPassReverse / ajp://10.10.10.1:8123
ProxyPassReverse / ajp://10.10.10.1:8123

I am trying to find out, what is the purpose or effect of having those multiple ProxyPassReverse entries instead of using that line which was commented out.
Thank you

ubuntu – How to handle proxy call in apache

I have a reverse proxy setup as follows in Apache:

Server A with address www.proxyserver.com/graphql is the reverse proxy server.

It maps to: Server B with address example.com

This kind works properly in develop environment.

For e.g: when server call a request /graphql?hash=600508575&identifier_1=%22new-main-menu%22&_currency=%22%22 then it redirects to https://proxyserver.com/graphql?hash=600508575&identifier_1=%22new-main-menu%22&_currency=%22%22

But in apache, it doesn’t work. It calls http://example.com/graphql?hash=600508575&identifier_1=%22new-main-menu%22&_currency=%22%22

How do I fix this?

My reverse proxy is configured as follow on Server B (www.example.com):

<VirtualHost *:80>
    ServerAdmin admin@example.com
    DocumentRoot /var/www/example.com/build
    ServerName example.com
    ServerAlias www.example.com
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    ProxyPreserveHost On
    ProxyPass "/graphql" "https://proxyserver.com/graphql"
    ProxyPassReverse "/graphql" "https://proxyserver.com/graphql"
</VirtualHost>

and this is server A configuration

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerAdmin admin@arrowhitech.com
        DocumentRoot /etc/pub
        ServerName proxyserver.com
        ErrorLog logs/cezanno-error_log
        LimitRequestBody 104857600
        <Proxy "unix:/var/opt/remi/php73/run/php-fpm/php73-fpm.sock|fcgi://proxyserver.com">
            ProxySet timeout=100
        </Proxy>
        <FilesMatch .(php|phar)$>
            SetHandler "proxy:fcgi://proxyserver.com"
        </FilesMatch>

        SSLCertificateFile /path/to/cert/directory/cert.pem
        SSLCertificateKeyFile /path/to/cert/directory/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
        SSLCertificateChainFile /path/to/cert/directory/chain.pem
    </VirtualHost>
</IfModule>

IPROYAL – new leading proxy services

IPROYAL is known as one of the best proxy services and has many types of proxies to offer: find private, sneaker, residential, datacenter, 4G mobile proxies that promise security and anonymity.
Find your solution today at Iproyal.com.​

hybrid solution – HTTP Error 400. The request hostname is invalid using SharePoint Application Proxy

Has anyone else experienced this error after completing the SharePoint Application Proxy deployment?

I have the Proxy connector set up and I have added all the required information in my Azure Active Directory(Internal URL and SPN for SSO). When I run the Test Application Proxy Configuration report, I have all green checkmarks(picture below). So I am confused as to why I am getting this error.

enter image description here

linux – ARP Proxy second IP of VPS to route it over Wireguard

I have setup a ARP Proxy on my VPS. With this Setup I can route incoming traffic on the second IP of my VPS over Wireguard. This should allow my Raspberry Pi at home to use the second Public IP.

I got this kind of working. Incoming Pings are forwarded over the Wireguard Tunnel to the Pi. But the Pi then tries to answer the Ping via eth0. Is there a way to fix this so it sends the reply Packets also over the Wireguard Interface?

To show this Problem (Both on the Raspberry Pi)

Wireguard Interface:

# tcpdump -i wg_pub
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wg_pub, link-type RAW (Raw IP), capture size 262144 bytes
01:35:02.796522 IP <Public ip of ping PC> > <Second VPS IP>: ICMP echo request, id 14, seq 1, length 64
01:35:03.795359 IP <Public ip of ping PC> > <Second VPS IP>: ICMP echo request, id 14, seq 2, length 64
01:35:04.810613 IP <Public ip of ping PC> > <Second VPS IP>: ICMP echo request, id 14, seq 3, length 64

Ethernet Interface:

# tcpdump -i eth0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
01:37:11.477589 IP <Second VPS IP> > <Public ip of ping PC>: ICMP echo reply, id 14, seq 128, length 64
01:37:12.491045 IP <Second VPS IP> > <Public ip of ping PC>: ICMP echo reply, id 14, seq 129, length 64
01:37:13.505965 IP <Second VPS IP> > <Public ip of ping PC>: ICMP echo reply, id 14, seq 130, length 64

I would like to prevent using a private Subnet on the Wireguard Tunnel.

One way I got this working was to add a static route (ip route add <First VPS IP>/32 dev eth0) and then overwriting the default route (ip route add 0.0.0.0/0 dev wg_pub). But this has the disadvantage of routing all Internet Traffic via the VPS then.

proxy – How to use mobile data instead on wifi (while wifi is on) on Android Phone?

I am looking to use Android phone as the proxy server, so I setup “Proxy Server” on my android phone -> Connected phone to Wifi -> Got local IP of phone -> Connecting to phone thru LAN (from my local computer) thru the proxy and its working BUT phone is using same WIFI connection to connect back to Internet.
So i got 2 questions:

1) Is there any way to force Android to use Mobile data to access internet which it still have WIFI on ?

2) I can not connect thru that proxy from Internet when i am using phones IP address . I am getting error “Connection refused”, I did some research and looks like some ISP blocking some or most ports. How do deal / bypass that ?

Thank You Very Much
Any help greatly appreciated.

reverse proxy – Haproxy set Host Header per origin Server

We are trying to set host header per origin server, we can set per back end, but we are using default names on Azure app services, and as such the service will only respond to its own hostname, for example

http-request set-header Host example1.azurewebsites.net # for origin server 1

http-request set-header Host example2.azurewebsites.net # for origin server 2

However, can’t see any way to set this on the origin server itself

server svr_example1 xx.xx.xx.xx:443 id 10 weight 10 maxconn 25 cookie exa1 check ssl verify none

server svr_example2 xx.xx.xx.xx:443 id 10 weight 10 maxconn 25 cookie exa1 check ssl verify none

Something like

server svr_example1 xx.xx.xx.xx:443 id 10 weight 10 maxconn 25 cookie exa1 check ssl verify none http-request set-header Host example1.azurewebsites.net

server svr_example2 xx.xx.xx.xx:443 id 11 weight 10 maxconn 25 cookie exa1 check ssl verify none http-request set-header Host example2.azurewebsites.net

Using haproxy version 1.8.28

How to protect from CORS Proxy

With CORS Proxy we can bypass CORS restriction using CORS Proxy. Which can strip away X-Frame-Options and Same Origin restriction. This can impact Account compromise or click jacking.

Is there a way to protect both origin and front from CORS Proxy

  1. For origin i want it to be disabled to interact with any CORS Proxy

  2. For frontend i also want to disable CORS Proxy being injected in
    urls