Skip to Content

Reverse proxies


In some environments, Vinyl may be deployed behind a reverse proxy. The reverse proxy can mask details about the client connection, including the source IP address and whether or not the connection is secure. Usually, proxy servers preserve the pertinent information in custom HTTP headers. The de facto standard for this is X-Forwarded-For and related headers.

When configured appropriately, Vinyl can extract details about the original connection from custom HTTP headers. This requires manually adding application settings to the Web.config file in the Vinyl root directory. Since each proxy server is different, and custom HTTP headers can be forged, these settings are not configured by default.


Name Description Example
ForwardedClientIpHeader Client IP address. X-Forwarded-For
ForwardedSchemeHeader Client connection scheme (e.g. HTTP or HTTPS). X-Forwarded-Proto
ForwardedHostHeader Client connection host and optional port number X-Forwarded-Host
ForwardedPortHeader Client connection port number (e.g. 80 or 443) X-Forwarded-Port

Example configuration

  "ReverseProxy": {
    "ForwardedClientIpHeader": "X-Forwarded-For",
    "ForwardedSchemeHeader": "X-Forwarded-Proto",
    "ForwardedHostHeader": "X-Forwarded-Host",
    "ForwardedPortHeader": "X-Forwarded-Port"

Amazon Web Services

In an Amazon Elastic Beanstalk environment, Elastic Load Balancers (ELBs) function as reverse proxies, terminating HTTPS connections. ELBs support the X-Forwarded-* headers. When deployed within an Elastic Beanstalk environment, Vinyl will be configured automatically using Elastic Beanstalk environment properties.