Support for x-forwarded-prefix

[Tratcher]

dotnet/yarp#13 (comment)

When requests traverse a reverse proxy it's common to change parts of the url like the scheme (TLS offloading). That information is sent to the app via additional x-forwarded-* headers. The Forwarded Headers middleware reads these headers and fixes up the request fields so that the application can still properly generate links.

One common manipulation that's not currently supported is to Trim the start of the request path and forward that missing information as part the x-forwarded-PathBase header.

Example:
Original url: https://external.com/pathbase/path?query
Transformed request:
http://internal/path?query
x-forwarded-proto: https
x-forwarded-host: external.com
x-forwarded-pathbase: /pathbase

x-forwarded-pathbase is now supported by YARP and enabled by default.
https://microsoft.github.io/reverse-proxy/articles/transforms.html

[damianh]

I've extended HttpOverride with this functionality https://github.com/ProxyKit/HttpOverrides

[pksorensen]

I did not get any pathbase headers and added it manually. Is this due to the PathRemovePrefix transform that i had to added it manually like below?

{
        "RouteId": "API",
        "ClusterId": "serviceprovider",
        "Match": {
          "Methods": [ "GET", "POST", "PUT", "DELETE", "PATCH" ],
          "Path": "/api/{**catchall}"

        },
        "Transforms": [
          { "PathRemovePrefix": "/api" },
          {
            "RequestHeader": "X-Forwarded-PathBase",
            "Append": "/api"
          }
        ]
      },

[Tratcher]

@pksorensen let's keep YARP questions over at https://github.com/microsoft/reverse-proxy/.

/api isn't considered the path base in the above example. HttpRequest.PathBase is a field that's trimmed off the request path before routing starts. See the UsePathBase extension.

Your transforms look fine for your scenario.

[krispenner]

@Tratcher I've been trying to get this to work myself and from searching it seems the more common header name used across other frameworks is X-Forwarded-Prefix I recommend searching yourself. Whereas if you search for X-Forwarded-PathBase only ASP .NET Core based results come up with most referencing back to this issue or the YARP project. Just thought maybe you should switch to what appears to be the more popular name of X-Forwarded-Prefix instead? Or are these some how different? From my understanding they appear to be identical in their usage.

Also if anyone else comes across this, I got this working (for my needs anyways) with the below code as I don't see any support from MS for it yet.

app.Use(async (context, next) =>
{
    if (context.Request.Headers.TryGetValue("X-Forwarded-PathBase", out var pathBase))
    {
        context.Request.PathBase = pathBase.Last();

        if (context.Request.Path.StartsWithSegments(context.Request.PathBase, out var path))
        {
            context.Request.Path = path;
        }
    }

    await next();
});

[Tratcher]

@krispenner can you give some references for that? Searching, I see a number of questions about it but very few actually supporting it.

[krispenner]

Hi @Tratcher, here are some of the examples I found and I could list another 10 if I kept going. There is obviously no standard for this yet, but I'm only suggesting using the Prefix name as it seems to be what the broader community is using in relation to this feature and it was also my first search as it seems more intuitive (at least to me). PathBase is very ASP.NET Core specific, is only found in relation to YARP (no other library that I can find) and I'd just prefer MS doesn't create any fragmentation if/when this becomes an official standard. Just my 2c.

• Traefik reverse proxy (actual support)

  • The X-Forwarded-Prefix header can be queried to build such URLs dynamically.

• Parasoft reverse proxy support (actual support)

  • Configure your reverse proxy to send the following headers to DTP: X-Forwarded-Prefix

• GeneXus

  • There is a draft RFC request to Standarize a new Http Header for this scenario: "X-Forwarded-Prefix". However, is still not supported by many WebServers.

• Apache Flask (actual support)

  • are you setting the x-forwarded-prefix header in your apache conf?

• Kong API Gateway (actual support)

  • Kong will either send an existing X-Forwarded-Prefix header from a trusted sender or will generate a new X-Forwarded-Prefix header containing the entire path.

• Spring Cloud API Gateway (actual support)

  • I was happy to see that X-Forwarded-Prefix was added in 2.0.2.RELEASE

• Drupal support request

  • I expected that Drupal respects HTTP_X_FORWARDED_PREFIX and add this prefix to all href

• Humio (actual support)

  • Humio requires the proxy to add the header X-Forwarded-Prefix

• ProxyPrefix library

  • WSGI middleware to prefix SCRIPT_NAME with X-Forwarded-Prefix header. For services behind a reverse proxy so their URLs contain the proxied path.

[Tratcher]

@krispenner thanks, that's a good list. I filed a matching issue for YARP.