Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Code Block
RequestHeader set X-Forwarded-Proto "https" env=HTTPS
ProxyPass /idp http://localhost:8080/idp connectiontimeout=5 timeout=15
RequestHeader set REMOTE-USER %{REMOTE_USER}s

Supporting X-Forwarded-For


If your running the Jetty engine behind a proxy or load balancer and would rather the logs contain the IP of the client instead of the IP of the load balancer, here is what you need to do for Jetty 9.3Jetty 9.3 has built-in support for forwarding the client address and other details via headers.


As with any proxied deployment, you MUST take care to lock down the path between the proxy and the Jetty server, and the proxy MUST have support for sanitizing and preventing any client attempt to smuggle and hijack those headers. Failure to do so will result in a variety of security compromises. There are many other considerations to proxying far beyond the scope of this document.

  1. Copy the file JETTY_BASE/etc/jetty.xml  to JETTY_HOME/etc/jetty.xml
  2. Edit the file in JETTY_HOME/etc/jetty.xml, locate the:


Code Block
<Call name="addCustomizer">
      <New class="org.eclipse.jetty.server.ForwardedRequestCustomizer" >
         <Set name="forwardedForHeader">X-MyCustom-Header</Set>