Multiple reverse proxies create unreadable hostname #1576

New Issue

Closed

opened 2025-12-29 16:33:08 +01:00 by adam · 4 comments

adam commented 2025-12-29 16:33:08 +01:00

Owner

Copy Link

Originally created by @callumstrubi on GitHub (Feb 27, 2018).

Issue type

[ ] Feature request
[x] Bug report
[ ] Documentation

Environment

• Python version: 3.4.5
• NetBox version: 2.2.10

Description

Environment: CentOS 7 with local postgres database configured as per instructions with supervisor and gunicorn.

Front-end web traffic arrives at a different host entirely that reverse proxies the traffic onto the apache service running the netbox service.

Web Traffic > Front-End Proxy Server > Back-End Proxy server running WSGI > WSGI Service from Supervisor > Netbox Code

When using an additional reverse proxy that points to apache and then onto the supervisor service you end up with an X-FORWARDED-HOST that contains all of the hostnames and as such cannot be loaded (does not match RFC pattern). Django has some ways of dealing with this with some custom projects, but a simpler (though less secure) fix was to disable use of X-FORWARDED-HOST. Proper support for this could be trivial with Django middleware.

Originally created by @callumstrubi on GitHub (Feb 27, 2018). <!-- Before opening a new issue, please search through the existing issues to see if your topic has already been addressed. Note that you may need to remove the "is:open" filter from the search bar to include closed issues. Check the appropriate type for your issue below by placing an x between the brackets. For assistance with installation issues, or for any other issues other than those listed below, please raise your topic for discussion on our mailing list: https://groups.google.com/forum/#!forum/netbox-discuss Please note that issues which do not fall under any of the below categories will be closed. Due to an excessive backlog of feature requests, we are not currently accepting any proposals which extend NetBox's feature scope. Do not prepend any sort of tag to your issue's title. An administrator will review your issue and assign labels as appropriate. ---> ### Issue type [ ] Feature request <!-- An enhancement of existing functionality --> [x] Bug report <!-- Unexpected or erroneous behavior --> [ ] Documentation <!-- A modification to the documentation --> <!-- Please describe the environment in which you are running NetBox. (Be sure to verify that you are running the latest stable release of NetBox before submitting a bug report.) If you are submitting a bug report and have made any changes to the code base, please first validate that your bug can be recreated while running an official release. --> ### Environment * Python version: 3.4.5<!-- Example: 3.5.4 --> * NetBox version: 2.2.10<!-- Example: 2.1.3 --> <!-- BUG REPORTS must include: * A list of the steps needed for someone else to reproduce the bug * A description of the expected and observed behavior * Any relevant error messages (screenshots may also help) FEATURE REQUESTS must include: * A detailed description of the proposed functionality * A use case for the new feature * A rough description of any necessary changes to the database schema * Any relevant third-party libraries which would be needed --> ### Description Environment: CentOS 7 with local postgres database configured as per instructions with supervisor and gunicorn. Front-end web traffic arrives at a different host entirely that reverse proxies the traffic onto the apache service running the netbox service. Web Traffic > Front-End Proxy Server > Back-End Proxy server running WSGI > WSGI Service from Supervisor > Netbox Code When using an additional reverse proxy that points to apache and then onto the supervisor service you end up with an X-FORWARDED-HOST that contains all of the hostnames and as such cannot be loaded (does not match RFC pattern). Django has some ways of dealing with this with some custom projects, but a simpler (though less secure) fix was to disable use of X-FORWARDED-HOST. Proper support for this could be trivial with Django middleware.

adam closed this issue 2025-12-29 16:33:08 +01:00

adam commented 2025-12-29 16:33:08 +01:00

Author

Owner

Copy Link

@jeremystretch commented on GitHub (Feb 27, 2018):

Thank you for taking the time to report a bug. We'll need more information to investigate this issue. Per the contributing guidelines please ensure that you have included all of the following:

• The environment in which NetBox is running
• The exact steps that can be taken to reproduce the issue
• Any error messages generated
• Screenshots (if applicable)

Please update your issue to include all of the information listed above. If no response is received within a week, this issue will be closed. Thanks!

@jeremystretch commented on GitHub (Feb 27, 2018): Thank you for taking the time to report a bug. We'll need more information to investigate this issue. Per the [contributing guidelines](https://github.com/digitalocean/netbox/blob/develop/CONTRIBUTING.md) please ensure that you have included all of the following: * The environment in which NetBox is running * The exact steps that can be taken to reproduce the issue * Any error messages generated * Screenshots (if applicable) Please update your issue to include all of the information listed above. If no response is received within a week, this issue will be closed. Thanks!

adam commented 2025-12-29 16:33:08 +01:00

Author

Owner

Copy Link

@callumstrubi commented on GitHub (Feb 27, 2018):

No errors or screenshots are available but I have updated with some more detail to reproduce. This is an environmental issue not a code issue.

@callumstrubi commented on GitHub (Feb 27, 2018): No errors or screenshots are available but I have updated with some more detail to reproduce. This is an environmental issue not a code issue.

adam commented 2025-12-29 16:33:08 +01:00

Author

Owner

Copy Link

@jeremystretch commented on GitHub (Mar 1, 2018):

This sounds like something that should be handled in the frontend. You should be able to modify the X-FORWARDED-HOST header in Apache and just pass what you want to Django, no?

@jeremystretch commented on GitHub (Mar 1, 2018): This sounds like something that should be handled in the frontend. You should be able to modify the `X-FORWARDED-HOST` header in Apache and just pass what you want to Django, no?

adam commented 2025-12-29 16:33:09 +01:00

Author

Owner

Copy Link

@jeremystretch commented on GitHub (Mar 29, 2018):

Closing due to lack of activity and an apparent alternate solution.

@jeremystretch commented on GitHub (Mar 29, 2018): Closing due to lack of activity and an apparent alternate solution.

adam referenced this issue 2025-12-29 22:20:23 +01:00

[PR #1577] [MERGED] Release v2.2.1 #12230

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

20385-graphql-enforce-MAX_PAGE_SIZE

21611-replace-count-with-exists

21331-deprecate-querystring-tag

20123-expose-replicate_components-adopt_components-on-serializer

feature

21566-user

17654-asn

21330-tags

21440-oob-ip-import

19867-preserve-per_page-param

20698-add-a-read-only-vlan-ids-count-to-the-vlanrange-model

21468-copy_safe_request-headers

21357-register-model-actions

21025-pre-render-config-contexts

21518-cf-decimal-zero

21364-swagger

20442-callable-audit

feature-ip-prefix-link

20911-dropdown-3

fix_module_substitution

21203-q-attr-denorm

21160-filterset

21118-site

20911-dropdown-2

21102-fix-graphiql-explorer

20044-elevation-stuck-lightmode

v4.5-beta1-release

20068-import-moduletype-attrs

20766-fix-german-translation-code-literals

20378-del-script

7604-filter-modifiers-v3

circuit-swap

12318-case-insensitive-uniqueness

20637-improve-device-q-filter

20660-script-load

19724-graphql

20614-update-ruff

14884-script

02496-max-page

19720-macaddress-interface-generic-relation

19408-circuit-terminations-export-templates

20203-openapi-check

fix-19669-api-image-download

7604-filter-modifiers

19275-fixes-interface-bulk-edit

fix-17794-get_field_value_return_list

11507-show-aggregate-and-rir-on-api

9583-add_column_specific_search_field_to_tables

v4.5.4

v4.5.3

v4.5.2

v4.5.1

v4.5.0

v4.4.10

v4.4.9

v4.5.0-beta1

v4.4.8

v4.4.7

v4.4.6

v4.4.5

v4.4.4

v4.4.3

v4.4.2

v4.4.1

v4.4.0

v4.3.7

v4.4.0-beta1

v4.3.6

v4.3.5

v4.3.4

v4.3.3

v4.3.2

v4.3.1

v4.3.0

v4.2.9

v4.3.0-beta2

v4.2.8

v4.3.0-beta1

v4.2.7

v4.2.6

v4.2.5

v4.2.4

v4.2.3

v4.2.2

v4.2.1

v4.2.0

v4.1.11

v4.1.10

v4.1.9

v4.1.8

v4.2-beta1

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v4.0.11

v4.0.10

v4.0.9

v4.1-beta1

v4.0.8

v4.0.7

v4.0.6

v4.0.5

v4.0.3

v4.0.2

v4.0.1

v4.0.0

v3.7.8

v3.7.7

v4.0-beta2

v3.7.6

v3.7.5

v4.0-beta1

v3.7.4

v3.7.3

v3.7.2

v3.7.1

v3.7.0

v3.6.9

v3.6.8

v3.6.7

v3.7-beta1

v3.6.6

v3.6.5

v3.6.4

v3.6.3

v3.6.2

v3.6.1

v3.6.0

v3.5.9

v3.6-beta2

v3.5.8

v3.6-beta1

v3.5.7

v3.5.6

v3.5.5

v3.5.4

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.10

v3.4.9

v3.5-beta2

v3.4.8

v3.5-beta1

v3.4.7

v3.4.6

v3.4.5

v3.4.4

v3.4.3

v3.4.2

v3.4.1

v3.4.0

v3.3.10

v3.3.9

v3.4-beta1

v3.3.8

v3.3.7

v3.3.6

v3.3.5

v3.3.4

v3.3.3

v3.3.2

v3.3.1

v3.3.0

v3.2.9

v3.2.8

v3.3-beta2

v3.2.7

v3.3-beta1

v3.2.6

v3.2.5

v3.2.4

v3.2.3

v3.2.2

v3.2.1

v3.2.0

v3.1.11

v3.1.10

v3.2-beta2

v3.1.9

v3.2-beta1

v3.1.8

v3.1.7

v3.1.6

v3.1.5

v3.1.4

v3.1.3

v3.1.2

v3.1.1

v3.1.0

v3.0.12

v3.0.11

v3.0.10

v3.1-beta1

v3.0.9

v3.0.8

v3.0.7

v3.0.6

v3.0.5

v3.0.4

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.11.12

v3.0-beta2

v2.11.11

v2.11.10

v3.0-beta1

v2.11.9

v2.11.8

v2.11.7

v2.11.6

v2.11.5

v2.11.4

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.10

v2.10.9

v2.11-beta1

v2.10.8

v2.10.7

v2.10.6

v2.10.5

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.11

v2.10-beta2

v2.9.10

v2.10-beta1

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.9-beta2

v2.8.9

v2.9-beta1

v2.8.8

v2.8.7

v2.8.6

v2.8.5

v2.8.4

v2.8.3

v2.8.2

v2.8.1

v2.8.0

v2.7.12

v2.7.11

v2.7.10

v2.7.9

v2.7.8

v2.7.7

v2.7.6

v2.7.5

v2.7.4

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.12

v2.6.11

v2.6.10

v2.6.9

v2.7-beta1

Solcon-2020-01-06

v2.6.8

v2.6.7

v2.6.6

v2.6.5

v2.6.4

v2.6.3

v2.6.2

v2.6.1

v2.6.0

v2.5.13

v2.5.12

v2.6-beta1

v2.5.11

v2.5.10

v2.5.9

v2.5.8

v2.5.7

v2.5.6

v2.5.5

v2.5.4

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.4.9

v2.5-beta2

v2.4.8

v2.5-beta1

v2.4.7

v2.4.6

v2.4.5

v2.4.4

v2.4.3

v2.4.2

v2.4.1

v2.4.0

v2.3.7

v2.4-beta1

v2.3.6

v2.3.5

v2.3.4

v2.3.3

v2.3.2

v2.3.1

v2.3.0

v2.2.10

v2.3-beta2

v2.2.9

v2.3-beta1

v2.2.8

v2.2.7

v2.2.6

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.6

v2.2-beta2

v2.1.5

v2.2-beta1

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.1.0

v2.0.10

v2.1-beta1

v2.0.9

v2.0.8

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v2.0-beta3

v1.9.6

v1.9.5

v2.0-beta2

v1.9.4-r1

v1.9.3

v2.0-beta1

v1.9.2

v1.9.1

v1.9.0-r1

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.7.3

v1.7.2-r1

v1.7.1

v1.7.0

v1.6.3

v1.6.2-r1

v1.6.1-r1

1.6.1

v1.6.0

v1.5.2

v1.5.1

v1.5.0

v1.4.2

v1.4.1

v1.4.0

v1.3.2

v1.3.1

v1.3.0

v1.2.2

v1.2.1

v1.2.0

v1.1.0

v1.0.7-r1

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3-r1

v1.0.3

1.0.0

Labels

Clear labels

beta

breaking change

complexity: high

complexity: low

complexity: medium

needs milestone

netbox

pending closure

plugin candidate

pull-request

Mirrored from GitHub Pull Request

severity: high

severity: low

severity: medium

status: accepted

status: backlog

status: blocked

status: duplicate

status: needs owner

status: needs triage

status: revisions needed

status: under review

topic: GraphQL

topic: Internationalization

topic: OpenAPI

topic: UI/UX

topic: cabling

topic: event rules

topic: htmx navigation

topic: industrialization

topic: migrations

topic: plugins

topic: scripts

topic: templating

topic: testing

type: bug

type: deprecation

type: documentation

type: feature

type: housekeeping

type: translation

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

adam

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/netbox#1576