I'm running a service behind IIS using ARR as a reverse proxy. I know there are x-forwarded-for and x-arr-log-id headers that are passed along. However, what I would like is a private key passed in so that the backing application explicitly knows that the request is not local (even though the ARR server is). I've seen some posts on adding/replacing server variables, but this doesn't seem to come through via the request headers on the backing application.
I'm guessing that there must be some web.config setting that will do this, but have had no luck finding it thus far.
Example: X-PRIVATE-TOKEN: We are the children of Korn!
So that I can trust the x-forwarded-for address is the actual address, as opposed to simply distrusting all proxy request's ip address references.
try:
<rule name="myRule_01">
...
<serverVariables>
<set name="HTTP_X_PRIVATE_TOKEN" value="We are the children of Korn!" />
</serverVariables>
...
</rule>
The header field of the http request will be: x-private-token