ForwardedHeadersMiddleware: Multiple X-Forwarded-Host entries - how to use a specific value for Request.Host?

[johanndev]

Hi!

I'm running an ASP.NET Core app behind two proxies:

Internet ---> Load Balancer ---> OpenShift Ingress ---> My ASP.NET Core Application

Inspecting the X-Forwarded-Host-Header shows that both addresses are preserved in the header, e.g., X-Forwarded-Host: example.com, internal-cluster-address.mycluster.com. Logging the Request.Host Property shows that the right-most address was picked by the ForwardedHeadersMiddleware (internal-cluster-address.mycluster.com). This is in line with the documentation: https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-9.0#troubleshoot

This is a problem, because Request.Host gets used during generation of Redirect-Uris while authenticating via OpenIdConnect and a cluster-internal address is obviously of no use to the users.

How can I configure the middleware to use a specific value from the set of available X-Forwarded-Host Values?

Thanks!

[johanndev]

Figured it out!

KnownNetworks and KnownProxies (these default to loopback addresses) have to be cleared and the ForwardLimit (defaults to 1) has to be set to 2 in my scenario:

builder.Services.Configure<ForwardedHeadersOptions>(options =>
{
    options.ForwardedHeaders = ForwardedHeaders.All;
    options.ForwardLimit = 2;
    options.KnownNetworks.Clear();
    options.KnownProxies.Clear();
});

Now the redirect URI generation works as expected.