From fd8577a0f4ea54d5dbf56de2ed8d45fadb65bbf0 Mon Sep 17 00:00:00 2001
From: Graham Leggett <minfrin@apache.org>
Date: Thu, 30 May 2002 10:19:49 +0000
Subject: [PATCH] Add X-Forwarded-Host and X-Forwarded-Server to
 X-Forwarded-For to the proxy. PR: Obtained from: Submitted by:	Thomas Eibner
 <thomas@stderr.net> Reviewed by:	Graham Leggett

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@95398 13f79535-47bb-0310-9956-ffa450edef68
---
 src/CHANGES                    |  3 +++
 src/modules/proxy/proxy_http.c | 28 ++++++++++++++++++++++++----
 2 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/src/CHANGES b/src/CHANGES
index 633b4af8c41..f993bfc80d9 100644
--- a/src/CHANGES
+++ b/src/CHANGES
@@ -1,5 +1,8 @@
 Changes with Apache 1.3.25
 
+  *) Add X-Forwarded-Host and X-Forwarded-Server to X-Forwarded-For
+     to the proxy. [Thomas Eibner <thomas@stderr.net>]
+
   *) Fix a problem in mod_proxy: it would not set the number of bytes
      transferred, so other modules could not access the value from
      the request_rec->bytes_sent field.
diff --git a/src/modules/proxy/proxy_http.c b/src/modules/proxy/proxy_http.c
index 7ca2395554f..6a12ea20642 100644
--- a/src/modules/proxy/proxy_http.c
+++ b/src/modules/proxy/proxy_http.c
@@ -345,11 +345,31 @@ int ap_proxy_http_handler(request_rec *r, cache_req *c, char *url,
             );
     }
 
-    /*
-     * Add X-Forwarded-For: so that the upstream has a chance to determine,
-     * where the original request came from.
+    /* the X-* headers are only added if we are a reverse
+     * proxy, otherwise we would be giving away private information.
      */
-    ap_table_mergen(req_hdrs, "X-Forwarded-For", r->connection->remote_ip);
+    if (r->proxyreq == PROXY_PASS) {
+        const char *buf;
+
+        /*
+         * Add X-Forwarded-For: so that the upstream has a chance to determine,
+         * where the original request came from.
+         */
+        ap_table_mergen(req_hdrs, "X-Forwarded-For", r->connection->remote_ip);
+
+        /* Add X-Forwarded-Host: so that upstream knows what the
+         * original request hostname was.
+         */
+        if ((buf = ap_table_get(r->headers_in, "Host"))) {
+            ap_table_mergen(req_hdrs, "X-Forwarded-Host", buf);
+        }
+
+        /* Add X-Forwarded-Server: so that upstream knows what the
+         * name of this proxy server is (if there are more than one)
+         * XXX: This duplicates Via: - do we strictly need it?
+         */
+        ap_table_mergen(req_hdrs, "X-Forwarded-Server", r->server->server_hostname);
+    } 
 
     /* we don't yet support keepalives - but we will soon, I promise! */
     ap_table_set(req_hdrs, "Connection", "close");
-- 
2.47.2