Back-end operation support

When put behind a reverse-proxy, a Web server will identify the requests as coming from the IP address of reverse-proxy.

This is not usually useful as access logs of the back-end will be listing all the requests as coming from the same IP and the original IP of the client which made the original contact with the reverse-proxy will be lost. The only way to recover this information is to use scripts or to alter your Web applications to detect when they are used behind a revers-proxy and to program them to recover the IP address of the original client.

The Back-end operation support in Abyss Web Server was designed to overcome such difficulties with no scripts and no changes to your applications. It uses the information sent by the front-end to Abyss Web Server in special HTTP headers such as X-Forwarded-For and X-Host to recover the originating IP of the request as well as the originally requested host before the reverse proxy was called.

Configuring the back-end operation parameters

As an example, we'll assume that the computer which IP is 192.168.1.103 has a server which is configured as a reverse-proxy for another computer running Abyss Web Server.

When the front-end (192.168.1.103) receives a request from a client, it will forward it to Abyss Web Server, get the reply and transmit it back to the client.

By default, Abyss Web Server will see in such a setup all the request as coming from IP 192.168.1.103.

To enable back-end operation, and to have Abyss Web Server and its subsystems see the IP of the original client, follow the instructions below:

  • Open the console of Abyss Web Server.
  • Select Server Configuration.
  • Select Parameters.
  • Press Edit... in front of Back-end Operation Support.
  • Check Enable Back-end Operation.
  • Press Add in the Front-end Proxies table. This table should contains the IP addresses of the computers that Abyss Web Server should consider as recognized front-ends.
  • Enter the IP address of the front-end: in our example, enter 192.168.1.103 in IP Address/Range and press OK.
  • Press Add in the Forwarded-For Headers table. This table should list the names of the HTTP headers that Abyss Web Server will inspect to find the IP address of the original client which contacted the reverse-proxy.
  • Enter X-Forwarded-For in HTTP Header Name and press OK. X-Forwarded-For is usually the name of the header that most reverse-proxies will fill with the IP address of the original client.
  • Optionally, you can add X-Real-IP to Forwarded-For Headers as some old reverse-proxies fill that header with the IP address of the original client.
  • Press OK and restart Abyss Web Server.

Now whenever Abyss Web Server receives a request from 192.168.1.103, it will inspect its HTTP headers. If a header which name is X-Forwarded-For is found and contains a valid IP address, it will be used as the remote IP address of the request. This change will affect the REMOTE_ADDR CGI variable as well as the logged IP address.

Note

This feature is similar to what mod_rpaf offers when installed on Apache Web server.