I'm not an expert at all, but I recently needed to set the X-Forwarded-Proto header from the CloudFront-Forwarded-Proto header. This is how I did it:
- Go to the frontend and scroll down to Actions
- From the Action dropdown select
http-request header set
- For Name set
X-Forwarded-Proto
- For Fmt set
%[req.hdr(CloudFront-Forwarded-Proto)]
- Under Condition acl names select the ACL representing your backend
But adding them as lines in Advanced pass thru will probably work too. To answer your question specifically, from what I can find in section 7.3.3 of the official docs, I think you can do something like this:
http-request set-header Host ??? -> http-request set-header Host %[bc_src] (bc_src)http-request set-header X-Real-IP ??? -> http-request set-header X-Real-IP %[src] (src)http-request set-header X-Forwarded-Proto ??? -> http-request set-header X-Forwarded-Proto %[dst_port] (dst_port)
I used the pfSence GUI as described above and used Openresty to log the result:
2022/03/10 15:24:12 [crit] 8#8: *2 [lua] request_logger.lua:35: {"response":{"time":1646925852.22,"body":"GET \/abc x=2&y=z\n","headers":{"connection":"close","content-type":"text\/html","transfer-encoding":"chunked"},"status":200,"duration":"0.000"},"request":{"host":"jpl-pfsense.local.lan","uri":"\/abc","post_args":{},"method":"GET","headers":{"host":"jpl-pfSense.local.lan","user-agent":"curl\/7.79.1","accept":"*\/*","x-forwarded-proto":"80","x-real-ip":"10.33.20.127"},"get_args":{"y":"z","x":"2"},"time":1646925852.22}} while logging request, client: 10.33.30.1, server: _, request: "GET /abc?x=2&y=z HTTP/1.1", upstream: "http://127.0.0.1:8081/abc?x=2&y=z", host: "jpl-pfSense.local.lan"
Specifically:
"request": {
...
"headers": {
"host": "jpl-pfSense.local.lan",
...
"x-forwarded-proto": "80",
"x-real-ip": "10.33.20.127"
},
...
}
I know I'm late, but hope this helps.
