Reverse proxies in Jitterbit App Builder
Overview
In some environments, App Builder may be deployed behind a reverse proxy. The reverse proxy can mask details about the client connection, including the source IP address and whether or not the connection is secure. Usually, proxy servers preserve the pertinent information in custom HTTP headers. The de facto standard for this is X-Forwarded-For and related headers.
When configured appropriately, App Builder can extract details about the original connection from custom HTTP headers. This requires manually adding application settings to the Web.config file in the App Builder root directory. Since each proxy server is different, and custom HTTP headers can be forged, these settings are not configured by default.
Settings
Name | Description | Example |
---|---|---|
ForwardedClientIpHeader | Client IP address. | X-Forwarded-For |
ForwardedSchemeHeader | Client connection scheme (e.g. HTTP or HTTPS). | X-Forwarded-Proto |
ForwardedHostHeader | Client connection host and optional port number | X-Forwarded-Host |
ForwardedPortHeader | Client connection port number (e.g. 80 or 443) | X-Forwarded-Port |
Example configuration
{
"ReverseProxy": {
"ForwardedClientIpHeader": "X-Forwarded-For",
"ForwardedSchemeHeader": "X-Forwarded-Proto",
"ForwardedHostHeader": "X-Forwarded-Host",
"ForwardedPortHeader": "X-Forwarded-Port"
}
}
Amazon Web Services
In an Amazon Elastic Beanstalk environment, Elastic Load Balancers (ELBs) function as reverse proxies, terminating HTTPS connections. ELBs support the X-Forwarded-*
headers. When deployed within an Elastic Beanstalk environment, App Builder will be configured automatically using Elastic Beanstalk environment properties.