Host Header

Before we get to an overview of scenarios and the affects on the configuration table, first comes a description of how the browser sets the host header.

When a request is fetched from the server, the full URL is written to the browser, including the protocol (HTTP), the host name, port, and path. The HTTP protocol, however, still sends a slightly different request.

GET / HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

Accept-Language: de,en-us;q=0.5

Host: intranet.sap.com

User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)

The request line contains the HTTP specification and the necessary path (in the example here this is GET /). A host header is also set containing the full name of the server that the browser sees as its communication partner. If the URL points to a non-standard port (HTTP uses by default port 80 and HTTPS Port 443), then the port will be included in the host header. So the host header reflects the name that the browser uses to reach the server. The browser assumes this name is valid. It does not have to be the actual name of the server.

When an application gateway, load balancer, or reverse proxy is used, it has to retain the host header, and it must not change it. Note that in particular with apache reverse proxies this feature is available only as of version 2 (configuration option ProxyPreserveHost).