diff --git a/docs/manual/src/docs/asciidoc/_includes/proxy-server.adoc b/docs/manual/src/docs/asciidoc/_includes/proxy-server.adoc new file mode 100644 index 0000000000..eff769623d --- /dev/null +++ b/docs/manual/src/docs/asciidoc/_includes/proxy-server.adoc @@ -0,0 +1,11 @@ +[[appendix-proxy-server]] +== Proxy Server Configuration + +When using a proxy server it is important to ensure that you have configured your application properly. +For example, many applications will have a load balancer that responds to request for https://example.com/ by forwarding the request to an application server at http://192.168.1:8080 +Without proper configuration, the application server will not know that the load balancer exists and treat the request as though http://192.168.1:8080 was requested by the client. + +To fix this you can use https://tools.ietf.org/html/rfc7239[RFC 7239] to specify that a load balancer is being used. +To make the application aware of this, you need to either configure your application server aware of the X-Forwarded headers. +For example Tomcat uses the https://tomcat.apache.org/tomcat-8.0-doc/api/org/apache/catalina/valves/RemoteIpValve.html[RempteIpValve] and Jetty uses http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/ForwardedRequestCustomizer.html[ForwardedRequestCustomizer]. +Alternatively, Spring 4.3+ users can leverage https://github.com/spring-projects/spring-framework/blob/v4.3.3.RELEASE/spring-web/src/main/java/org/springframework/web/filter/ForwardedHeaderFilter.java[ForwardedHeaderFilter]. \ No newline at end of file diff --git a/docs/manual/src/docs/asciidoc/index.adoc b/docs/manual/src/docs/asciidoc/index.adoc index 396688c806..32e7db708e 100644 --- a/docs/manual/src/docs/asciidoc/index.adoc +++ b/docs/manual/src/docs/asciidoc/index.adoc @@ -9942,6 +9942,8 @@ Provides Spring Security's JSP tag implementations. | Required if you are using SPEL expressions in your tag access constraints. |=== +include::{include-dir}/proxy-server.adoc[] + include::{include-dir}/faq.adoc[] include::{include-dir}/migrating.adoc[]