发表新帖
发表新帖

.net Core X Forwarded Proto not working

后端 未结
关注
2 1809
离开以前
离开以前 2020-12-14 17:07

I am working to get my .net core 1.1 application working behind a load balancer and enforcing https. I have the following setup in my Startup.cs

public void
相关标签:
2条回答
  • 长情又很酷
    2020-12-14 17:51

    .net Core has a default set for the forwarded headers. It defaults to 127.0.0.1, for IIS integration. After tracking down the source code, you can clear the Known Networks and Known Proxies to accept any forwarded requests. Still best to have a firewall setup or lock the known networks down to a private subnet.

        var forwardingOptions = new ForwardedHeadersOptions()
    {
        ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
    };
    forwardingOptions.KnownNetworks.Clear(); //Loopback by default, this should be temporary
    forwardingOptions.KnownProxies.Clear(); //Update to include
    app.UseForwardedHeaders(forwardingOptions);

    Update for dotnet net core 2.x. Set the IP of the your proxy/load balancer or the private network after debugging the issue. This prevents bypassing your proxy/load balancer and faking the forwarded-for headers. 

    services.Configure<ForwardedHeadersOptions>(options =>
{
    options.ForwardLimit = 2;
    options.KnownProxies.Add(IPAddress.Parse("192.168.1.5")); //Replace with IP of your proxy/load balancer
    options.KnownNetworks.Add(new IPNetwork(IPAddress.Parse("192.168.1.0"),24));;
}) //192.168.1.0/24 allows any from 192.168.1.1-254;

    https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-2.2#forwarded-headers-middleware-options

    0 讨论(0)
  • 忘掉有多难
    2020-12-14 18:02

    If you are using a load balancer, it is common to have the load balance terminate the SSL connection and send the request to your application over HTTP.

    This worked for me. I am using SSL termination on AWS Load Balancer. 

    app.UseForwardedHeaders(new ForwardedHeadersOptions
{
    ForwardedHeaders = ForwardedHeaders.XForwardedProto
});

    What this does is updates the Request.Scheme with the X-Forwarded-Proto header so that all redirects link generation uses the correct scheme.

    X-Forwarded-Proto: The scheme from the original client and proxies.

    0 讨论(0)
 看不清?
提交回复
热议问题