Private headers
A Web server plug-in can use private headers to forward requests for dynamic content, such as servlets, to the appserver.
After you configure a Web server plug-in, in addition to regular plug-in functions, we can use private headers as a mechanism for forwarding proxy information from the plug-in to an appserver. This information is not normally included in HTTP requests.
Private headers are implemented as a set of HTTP request header name and value pairs that the plug-in adds to the HTTP request header before the request is forwarded to an appserver. The appserver's Web container removes this information from the header and then processes this information.
Private headers can include such information as...
- Remote (client) user
- Remote (client) host name
- SSL client certificate
They conform to a naming standard so that there is no namespace collision with the architected HTTP header fields.
For example, authentication information, such as a client certificate, is normally requested by the Web server once during the establishment of an HTTP session. It is not required again for individual requests within that session. However, a client certificate must accompany each request forwarded to the appserver. The appserver can then use the certificate as needed.
Similarly, the Web server examines TCP/IP socket connections for information about the host address of the client. The appserver cannot perform this examination because its socket connection is with the plug-in and not with the actual client. Therefore, one of the private headers is the host address of the actual client.
Related tasks
Communicating with Web servers