Skip Menu |

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the CGI CPAN distribution.

Report information
The Basics
Id: 5601
Status: resolved
Priority: 0/
Queue: CGI

Owner: Nobody in particular
Requestors: adamk [...]

Bug Information
Severity: Normal
Broken in: (no value)
Fixed in: (no value)

Subject: http(), url() and HTTP_HOST vs HTTP_X_FORWARDED_HOST (3.0+)
Download (untitled) / with headers
text/plain 1.8k
I have a situation where an Apache/Squid type proxy is passing a request through to a jailed server for processing, which generates and environment as follows CACHED_CORE="plus11" DOCUMENT_ROOT="/usr/local/www/data" GATEWAY_INTERFACE="CGI/1.1" HTTP_ACCEPT="text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1" HTTP_ACCEPT_CHARSET="ISO-8859-1,utf-8;q=0.7,*;q=0.7" HTTP_ACCEPT_ENCODING="gzip,deflate" HTTP_ACCEPT_LANGUAGE="en-us,en;q=0.5" HTTP_CONNECTION="close" HTTP_HOST="" HTTP_USER_AGENT="Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007 Firebird/0.7" HTTP_X_FORWARDED_FOR="" HTTP_X_FORWARDED_HOST="" HTTP_X_FORWARDED_SERVER="" PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin:/root/bin" QUERY_STRING="" REMOTE_ADDR="" REMOTE_PORT="3511" REQUEST_METHOD="GET" REQUEST_URI="/printenv.cgi" SCRIPT_FILENAME="/usr/local/www/data/printenv.cgi" SCRIPT_NAME="/printenv.cgi" SERVER_ADDR="" SERVER_ADMIN="" SERVER_NAME="" SERVER_PORT="80" SERVER_PROTOCOL="HTTP/1.1" SERVER_SIGNATURE="<address>Apache Server at <a href=\"\"></a> Port 80</address>\n" SERVER_SOFTWARE="Apache" TEMP_PATH="/usr/local/www/store/" Now, to generate a self-referential url using CGI::url() at... ...because of the proxying, we get... ... which is useless to anyone on the internet. I'm wondering if C< http('host'); > ought to return HTTP_X_FORWARDED_HOST if it exists, in preference to HTTP_HOST. For the moment, at the beginning of my program, I'm doing a $ENV{HTTP_HOST} = $ENV{HTTP_X_FORWARDED_HOST} if $ENV{HTTP_X_FORWARDED_HOST} to get around this issue.

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to