Intercept and Rewrite Headers in HTTP Redirect Responses
Many of our customers use ngrok for site-to-site connectivity.
This is usually pretty straightforward, but occasionally a service requires a specific Host
header or uses internal DNS names or redirect flows that break in an outbound tunneled environment (e.g., 302
redirects to internal.corp.local
).
With ngrok, you can use the url-rewrite
action in a to intercept 302
redirect headers coming from customer apps to preserve UX and agent behavior.
1. Create an endpoint for the customer's upstream service
Start an internal Agent Endpoint, replacing $PORT
based on where the upstream service listens and using a URL namespacing scheme that logically separates individual services and customers.
You can also use one of our SDKs or the Kubernetes Operator.
Depending on how you work with your customer, you may be creating this endpoint or instructing them how to do it themselves.
Loading…
2. Reserve a domain
Navigate to the Domains section of the ngrok dashboard and click New + to reserve a free static domain like https://service-01.customer-abc.ngrok.app
or a custom domain you already own.
We'll refer to this domain as $NGROK_DOMAIN
from here on out.
3. Create a Cloud Endpoint
Navigate to the Endpoints section of the ngrok dashboard, then click New + and Cloud Endpoint.
In the URL field, enter the domain you just reserved to finish creating your Cloud Endpoint.
4. Use Traffic Policy to route traffic and edit headers
While still viewing your new cloud endpoint in the dashboard, copy and paste the policy below into the Traffic Policy editor, then replace $NGROK_DOMAIN
.
Loading…
What's happening here? First, this policy rewrites the Host
header on all requests to 127.0.0.1
so that your customer's upstream service recognizes the request as coming from the same local network, not through ngrok, then forwards the request to the internal Agent Endpoint you created in the first step.
During the HTTP response, the policy then checks whether the status code is 302
, which indicates content has moved.
If the status code is 302
, then the policy saves the existing path to a variable, removes the Location
header, and writes a new Location
header by building a new URL based on $NGROK_URL
and the original path.
What's next?
- Follow along with our comprehensive site-to-site guide for ways to make your setup more production-ready, like creating bot users to isolate agents and white-labeling ngrok with a custom connect URL.
- Read more about Traffic Policy, core concepts, and actions you might want to implement next.
- View your site-to-site traffic in Traffic Inspector.