WildFly proxy with reuse-x-forwarded and rewrite-host

WildFly 33 preview allows to configure a Reverse proxy with the capability to propagate the reuse-x-forwarded and rewrite-host options. In this article we will learn what is the effect of enabling these options and how to configure them.

What is the purpose of reuse-x-forwarded and rewrite-host?

Firslty, let’s see what is the effect of using these options in a Reverse Proxy Schema.

reuse-x-forwarded: The reuse-x-forwarded header allows to maintain the original client’s IP address when requests pass through multiple proxies. This is crucial for:

    • Client Identification: It helps the backend server identify the true client IP address, which is essential for logging, security, and analytics1.
    • Load Balancing: In load-balanced environments, it ensures that the original client IP is passed to backend servers, allowing them to make decisions based on the client’s location or IP-specific rules1.
    wildfly reverse proxy reuse-x-forwarded

    rewrite-host: The rewrite-host header informs the backend server of the original host requested by the client. This is important for:

      • Generating Correct Links: It allows the server to generate appropriate links and references within the response, ensuring that the client receives the correct URLs2.
      • Host-Based Routing: It helps in scenarios where routing decisions are made based on the host header, ensuring that the request is handled correctly by the backend server3.

      WildFly Configuration

      Firstly, you need a version of WildFly 33 or newer. With WildFly 33 this feature is only available in the preview distribution.

      Next, you need to set up a reverse-proxy element in your undertow server. This article cover more in details the process: Configuring WildFly as Reverse Proxy

      Here, we will assume that you have the following reverse-proxy element in your configuration:

      /subsystem=undertow/configuration=handler/reverse-proxy=RevProxy/:add(connection-idle-timeout=60,problem-server-retry=30,session-cookie-names=JSESSIONID)

      Then, on top of your RevProxy element, you can set the attributes for rewrite-host-header and reuse-x-forwarded-header as follows:

      /subsystem=undertow/configuration=handler/reverse-proxy=RevProxy:write-attribute(name=rewrite-host-header,value=true)
      
      /subsystem=undertow/configuration=handler/reverse-proxy=RevProxy:write-attribute(name=reuse-x-forwarded-header, value=true)

      Once you reload your configuration, you will see the attributes in the handlers section of your undertow server:

      <handlers>
      	<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
      	<reverse-proxy name="RevProxy" session-cookie-names="JSESSIONID" problem-server-retry="30" connection-idle-timeout="60" reuse-x-forwarded-header="true" rewrite-host-header="true"/>
      </handlers>

      Conclusion

      This article was a quick walk through on how to include in your undertow proxy configuration the rewrite-host-header and reuse-x-forwarded-headers . These headers are essential for maintaining accurate client information and ensuring that the backend servers can handle requests appropriately, even when they pass through multiple proxies. Let’s see how to configure them in WildFly.