3

Ok.. this is rather strange, but I need to replace X-forwarded-for value.

We are using SAP B1, and for some various reason, it needs x-forwarded-for contains only one string "https://sap.domain.tld:443" and only that value. No other hosts, and no comma. Exactly as that.

Now, I am using various proxies and cloudflare, thus adding some values in X-forwarded-for that I have to remove to access SAP B1 Web Access. I need all those values removed.

Below is my configuration in apache:

    SSLEngine On
    SSLCertificateFile      /etc/ssl/crt/sap.crt
    SSLCertificateKeyFile /etc/ssl/private/4096.key
    SSLCACertificateFile    /etc/ssl/ca/ca.crt

    SSLProxyEngine On
    SSLProxyCheckPeerCN off
    SSLProxyVerify none
    SSLProxyCheckPeerName off
    SSLProtocol -all +TLSv1.2 +TLSv1.1 +TLSv1
    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA$

    ProxyPreserveHost On
    ProxyVia full
    ProxyPass / https://10.1.1.1:8100/
    ProxyPassReverse / https://10.1.1.1:8100/
    ProxyAddHeaders off
    RequestHeader unset X-forwarded-for
    RequestHeader set X-Forwarded-For "https://sap.domain.tld:443"

I have added ProxyAddHeaders off but apache still adds new X-Forwarded-For. How can I remove them all?

prd
  • 600

1 Answers1

5

I recently ran into a similar problem. For me it turned out that ProxyAddHeaders off didn't work in <VirtualHost> context (despite the docs). After putting the directive in a <Location> context Apache stopped adding X-Forwarded-* headers as expected.

Yours might look as follows...

<Location />
    ...
    ProxyPass https://10.1.1.1:8100/
    ProxyPassReverse https://10.1.1.1:8100/
    ProxyAddHeaders off
    RequestHeader unset X-forwarded-for
    RequestHeader set X-Forwarded-For "https://sap.domain.tld:443"
</Location>
Jörg Schulz
  • 160