Skip to Content

Reverse proxies in Jitterbit App Builder

Overview

In some environments, App Builder may be deployed behind a reverse proxy. The reverse proxy can mask details about the client connection, including the source IP address and whether or not the connection is secure. Usually, proxy servers preserve the pertinent information in custom HTTP headers. The de facto standard for this is X-Forwarded-For and related headers.

When configured appropriately, App Builder can extract details about the original connection from custom HTTP headers. This requires manually adding application settings to the Web.config file in the App Builder root directory. Since each proxy server is different, and custom HTTP headers can be forged, these settings are not configured by default.

Settings

Name Description Example
ForwardedClientIpHeader Client IP address. X-Forwarded-For
ForwardedSchemeHeader Client connection scheme (e.g. HTTP or HTTPS). X-Forwarded-Proto
ForwardedHostHeader Client connection host and optional port number X-Forwarded-Host
ForwardedPortHeader Client connection port number (e.g. 80 or 443) X-Forwarded-Port

Example configuration

{
  "ReverseProxy": {
    "ForwardedClientIpHeader": "X-Forwarded-For",
    "ForwardedSchemeHeader": "X-Forwarded-Proto",
    "ForwardedHostHeader": "X-Forwarded-Host",
    "ForwardedPortHeader": "X-Forwarded-Port"
  }
}

Amazon Web Services

In an Amazon Elastic Beanstalk environment, Elastic Load Balancers (ELBs) function as reverse proxies, terminating HTTPS connections. ELBs support the X-Forwarded-* headers. When deployed within an Elastic Beanstalk environment, App Builder will be configured automatically using Elastic Beanstalk environment properties.