How to use https in the host header of a post request - http

https://my.example.com works in browser while my.example.com:443 does not, but I need to use the former in a Host Header of a POST request but the Host header can't contain slashes so I'm not sure what to do

Related

Rewrite the referer header when using ngrok

I want to create an ngrok tunnel to a router admin web interface that requires the Referer header to be set to the router's base URL, any request without the Referer set to (in my case) http://192.168.1.1/ will fail with a HTTP 403.
I've been trying to use the --request-header-add option:
ngrok http --request-header-add 'referer: http://192.168.1.1/' 192.168.1.1:80
but it complains about wrong format, since the value contains a colon in the http:// part:
ERROR: Added request header should be in key:value format, got referer: http://192.168.1.1/
ERROR:
ERROR: ERR_NGROK_370
Is there really no way to rewrite / add a referer header?
I had same issue with router (opnsense) and I fixed it be removing the referer header all together (as I did not find a way to set it using ngrok)
e.g.:
ngrok http --host-header=rewrite --request-header-remove 'referer' 192.168.1.1:80
One way I have made it work was passing a value as a string.
ngrok http --request-header-add "referer: ${URL}" 192.168.1.1:80
By making it double quotes instead of single ones and making the URL a variable.
Hope that helps you.

Difference between origin and x-forwarded-host http header

At work we use several websites with several virtual hosts.
I understand what a Virtual Host is, but I don't understand the difference between the Origin and X-forwarded-Host headers. (We use both of these headers at work.)
Examples from MDN:
X-forwarded-Host=X-Forwarded-Host: ==>X-Forwarded-Host: id42.example-cdn.com
Origin==Origin: "://" [ ":" ]==>Origin: https://developer.mozilla.org
From what I deduce from the above examples is that: X-forwarded-Host just contains the host and Origin contains the host plus the method and maybe the port.
Can someone told me if I'm wrong?
When a request is made to a website, the user-agent (browser) will add a Host header to the request. The value of this header will be domain name that the request is made to. This header can be used by the server to distinguish which website you are trying to visit, for instance when the same server hosts multiple websites.
If you are using a reverse proxy, the the Host header will contain the value of the reverse proxy itself. In order to know to the original host, the X-forwarded-Host can be used. This header contains what the proxy initially received as Host.
Example: If you make a GET request to https://stackoverflow.com, the Host (or after the proxy X-forwarded-Host) header will always have the value stackoverflow.com.
The Origin header is not related to this. This header tells you from which site the request is made.
For instance, if you have a <form> on example.com that makes a POST request to stackoverflow.com, the Host will be stackoverflow.com (the domain the request is sent to), while the Origin will have the value https://example.com.
For a demonstration you can visit this link: https://jsfiddle.net/parcqhn4/
If you open the "Network" tab in your developer tools and hit the "Submit" button, you can see that the Host header contains the value example.com (which is in the action of the <form>) while the Origin contains the value https://fiddle.jshell.net (which is container that the Fiddle runs in).

Can I redirect a request with code 302 to another port without using the HOST variable?

In the HTTP protocol, there are multiple status codes that can be used to redirect a request to another URL, such as 301 Moved Permanently or 302 Found. To my knowledge, the target URL can either contain a host (http://example.com/example.html) or let the host implicitly be the current host (/example.html).
When using the first form, one can redirect to a non-standard port (http://example.com:8080/example.html). How can this be done when not specifying the host?
Currently, I parse the HOST request header and build the new URL. But AFAIK, that header is not strictly required to be sent, so I want to avoid it.
You can't specify just the port in a redirect. And yes, the "Host" header field is strictly required in HTTP/1.1.

Nginx - Access Http custom headers

I have a simple requirement. I have a nginx web server and a netscaler proxy. From netscaler, the option Client_IP header is checked, and name of header is HTTP_CLIENT_IP.
I want to access this ip in nginx log. I have specified a custom log format, so i can access this value:
I have tried the following variables in the log format, and they just return in '-'.
$http_client_ip
$http_request_body
Basically, i want to read the entire request header / body that nginx receives from netscaler.
Any help would be appreciated !
Netscaler inserts a http header with the client ip, if enabled. However You have to configure the http header name on the netscaler.

How does a webserver know what website you want to access?

Apache has something called VirtualHosts.
You can configure it in that way that when you go to example.com get a different site than example2.com even if you use the same IP's.
A HTTP Request looks something like this:
GET /index.html HTTP/1.0
[some more]
How does the server know you are trying to access www.example.com or www.example2.com?
In addition to the GET line, the browser sends a number of headers. One of these headers is the Host header, which specifies which host the request is targeted at.
A simple example request could be:
GET /index.html HTTP/1.0
Host: example.com
This indicates that the browser wants whatever is at http://example.com/index.html, and not what is at http://example2.com/index.html.
Further information:
The Host header in the HTTP specification
IIS also has this and I believe refers to it as host header redirection.
The http packet header contains the destination hostname which the server uses to determine which website to serve up. Some more reading: http://www.it-notebook.org/iis/article/understanding_host_headers.htm

Resources