Contact usRequest a demo

This document describes version 5 of Unblu. If you’re using the latest major version of Unblu, go to the documentation of the latest version.

The support period for version 5 ended on 22 November 2021. We no longer provide support or updates for this version. You should upgrade to the latest version of Unblu.

X-Forwarded-Proto Header

The terms 'Web Application Firewall' (WAF) and 'Proxy' both refer to the Airlock WAF.

Your server access logs contain the protocol used between the server and the Web Application Firewall, but not the protocol used between the client and the Web Application Firewall.

The X-Forwarded-Proto header is a standard header for identifying the protocol (HTTP or HTTPS). It is set on each HTTP request by the proxy and can be used by a server application to determine what protocol the client used to connect to your proxy (Airlock WAF).

In order to determine the protocol used between the client and the WAF you must enable the X-Forwarded-Proxy header using the Airlock WAF interface. (The Unblu server is already coded to check for the X-Forwarded-Proto header.)

The instructions below were supplied by Ergon (the Airlock WAF manufacturer). It may be useful for you to access the following links for more information:

The Airlock Knowledge Base for more on installing the Airlock WAF

Configuring the X-Forwarded-Proto Header

In the Application Firewall  Reverse Proxy administration screen, select the SG Expert Settings tab.

The ICAP service can already determine the front-end protocol used today. Using the SG Expert Settings tab additional ICAP headers can be defined:

SecurityGateway * Icap.Action.4.Header.Insert.Name "X-Forwarded-Proto"

SecurityGateway * Icap.Action.4.Header.Insert.Value "%ENTRYPROTOCOL%"

The number "4" refers to the nth defined ICAP service. You must use the correct number, which is defined in the "default settings file" / "Generated Config".