How to resolve 400-bad request Problem while Retaining host header from inbound request ?

Not applicable

I have already referred to thread : https://community.apigee.com/questions/3829/how-can-we-retain-host-header-from-inbound-request.html

Issue :

My client apps are trying to connect to host (e.g. api.xyz.com) in my Inbound request, but this header gets overriden by Apigee and resolves to the specified target server (e.g. targetserver-xyz.com– our reverse proxy) Since we have reverse proxy sitting in front of our backend, our api backend thinks that request host is targetserver-xyz.com while it was actually api.xyz.com). Due to this, our hateoas links are messed up.

Solved Solved
0 4 4,166
1 ACCEPTED SOLUTION

I think the right way to handle this is by using 'X-Forwarded-Host' header. You can set this header before apigee calls the backend,

So, apigee would call your backend like this,

GET /abc

Host: targetserver-xyz.com

X-Forwarded-Host: api.xyz.com

Your apibackend should take the X-Forwarded-host for constructing the hateoas response links

------

Alternatively, the community post should also work, i think your reverse proxy might be doing 'host' validation [or blocking] that is not allowing this host name 'api.xyz.com'

Whats your reverse proxy? can you check the host configuration? or pls post the error response you are getting in your HTTP 400

View solution in original post

4 REPLIES 4

can you state your situation more clearly please?

1. what are you doing?

2. what are you seeing?

3. what are you expecting to see?

"it's messed up" is not enough. Can you be clearer? Be as specific as possible. Give specific messages and formats. Ideally format them with the "Code" button in the editor here. so that

<xml>
  <code> appears as </code>
</xml>

Thanks @Dino. I think, we could have been more clear here. Adding details here so that it can help someone else-

1. what are you doing? client invokes GET api.xyz.com/abc resource and we are returning hatoas links in response.

2. what are you seeing? Our hateoas links base url was resolved as targetserver-xyz.com i.e.

example account url in response - https://targetserver-xyz.com/user/accountdetails however, we expected it to be https://api.xyz.com/user/accountdetails

In our apigee code, we had our target host as https://targetserver-xyz.com

3. what are you expecting to see? we expected it to be https://api.xyz.com/user/accountdetails

We added X-Forwarded-Host header to resolve the issue

I think the right way to handle this is by using 'X-Forwarded-Host' header. You can set this header before apigee calls the backend,

So, apigee would call your backend like this,

GET /abc

Host: targetserver-xyz.com

X-Forwarded-Host: api.xyz.com

Your apibackend should take the X-Forwarded-host for constructing the hateoas response links

------

Alternatively, the community post should also work, i think your reverse proxy might be doing 'host' validation [or blocking] that is not allowing this host name 'api.xyz.com'

Whats your reverse proxy? can you check the host configuration? or pls post the error response you are getting in your HTTP 400

Thanks @Mukundha, Adding X-Forwarded-Host as custom header in request flow helps. We did something like this.

<Headername="X-Forwarded-Host">{request.header.host}</Header>

With this change and assuming your web server is configured to forward the host headers, our backend sees that request was for api.xyz.com and not targetserver-xyz.com