Jetty的http-forwarded模块

启用http-forwarded模块,执行如下命令:

java -jar $JETTY_HOME/start.jar --add-modules=http-forwarded

命令的输出,如下:

INFO  : http-forwarded  initialized in ${jetty.base}/start.d/http-forwarded.ini
INFO  : Base directory was modified

http-forwarded模块的配置文件$JETTY_BASE/start.d/http-forwarded.ini,内容如下:

# ---------------------------------------
# Module: http-forwarded
# Enables processing of the "Forwarded" HTTP header (and its predecessors "X-Forwarded-*" HTTP headers).
# The "Forwarded" HTTP header is added by intermediaries to provide information about the clients.
# ---------------------------------------
--modules=http-forwarded

### ForwardedRequestCustomizer Configuration

## Whether to process only the RFC7239 "Forwarded" header.
## "X-Forwarded-*" headers are not processed.
# jetty.httpConfig.forwardedOnly=false

## Whether the address obtained from "Forwarded: by=" or
## "X-Forwarded-Server" is used in the request authority.
# jetty.httpConfig.forwardedProxyAsAuthority=false

## Whether the "X-Forwarded-Port" header is used in the request authority,
## or else it is the remote client port.
# jetty.httpConfig.forwardedPortAsAuthority=true

## The name of the RFC 7239 HTTP header.
# jetty.httpConfig.forwardedHeader=Forwarded

## The name of the obsolete forwarded host HTTP header.
# jetty.httpConfig.forwardedHostHeader=X-Forwarded-Host

## The name of the obsolete forwarded server HTTP header.
# jetty.httpConfig.forwardedServerHeader=X-Forwarded-Server

## The name of the obsolete forwarded scheme HTTP header.
# jetty.httpConfig.forwardedProtoHeader=X-Forwarded-Proto

## The name of the obsolete forwarded for HTTP header.
# jetty.httpConfig.forwardedForHeader=X-Forwarded-For

## The name of the obsolete forwarded port HTTP header.
# jetty.httpConfig.forwardedPortHeader=X-Forwarded-Port

## The name of the obsolete forwarded https HTTP header.
# jetty.httpConfig.forwardedHttpsHeader=X-Proxied-Https

## The name of the obsolete forwarded SSL session ID HTTP header.
# jetty.httpConfig.forwardedSslSessionIdHeader=Proxy-ssl-id

## The name of the obsolete forwarded SSL cipher HTTP header.
# jetty.httpConfig.forwardedCipherSuiteHeader=Proxy-auth-cert

各参数的说明,如下:

  • jetty.httpConfig.forwardedOnly
    是否仅处理标准的转发头部,跳过对非标扩展比如HTTP头部X-Forwarded-*的处理。
    默认值为false,即兼容非标HTTP头部X-Forwarded-*
    转发场景下的标准HTTP头部,可参考RFC文档Forwarded HTTP Extension
  • jetty.httpConfig.forwardedProxyAsAuthority
    从请求头部X-Forwarded-Server或者Forwarded: by=中得到的主机信息,是否参与认证。默认值为false
  • jetty.httpConfig.forwardedPortAsAuthority
    从请求头部X-Forwarded-Port获取到的端口信息,是否参与认证。默认值为true
  • jetty.httpConfig.forwardedHeader
    RFC文档Forwarded HTTP Extension中定义的转发头部,取值为Forwarded
  • jetty.httpConfig.forwardedHostHeader
    转发场景下的非标HTTP头部,取值为X-Forwarded-Host
  • jetty.httpConfig.forwardedServerHeader
    转发场景下的非标HTTP头部,取值为X-Forwarded-Server
  • jetty.httpConfig.forwardedProtoHeader
    转发场景下的非标HTTP头部,取值为X-Forwarded-Proto
  • jetty.httpConfig.forwardedForHeader
    转发场景下的非标HTTP头部,取值为X-Forwarded-For
  • jetty.httpConfig.forwardedPortHeader
    转发场景下的非标HTTP头部,取值为X-Forwarded-Port
  • jetty.httpConfig.forwardedHttpsHeader
    转发场景下的非标HTTP头部,默认值为X-Proxied-Https
  • jetty.httpConfig.forwardedSslSessionIdHeader
    默认值为Proxy-ssl-id
    参考代理和路由选择 URL中关于Client SSL Session ID Forwarding的说明,如下:

    默认 HTTP 标头称为 Proxy-ssl-id,但可以使用您选择的任何标头发送客户机的 SSL/TLS 会话 ID。

  • jetty.httpConfig.forwardedCipherSuiteHeader
    默认值为Proxy-auth-cert
    参考代理和路由选择 URL中关于Client SSL/TLS Certificate Forwarding的说明,如下:

    默认 HTTP 标头称为 Proxy-auth-cert,但可以使用您选择的任何标头发送客户机的 SSL/TLS 证书。

参考资料

posted @ 2024-03-10 19:16  jackieathome  阅读(21)  评论(0编辑  收藏  举报