Proxy header for SSL
Aurélien Bompard
gauret at free.fr
Wed Oct 2 10:49:18 UTC 2013
Hi *,
I'm having a small problem with the way we proxy connections to our
webapps. If I understand correctly, the proxy handles SSL connections
and forwards them as plain-text connections (which is normal).
The problem is, I can't find a header I could use to detect that the
connection was made using HTTPS, and as a result I can't find a way to
properly redirect plain-text connections to SSL on the login form (and
when the user is auth'ed).
This is a common problem and Django has a way to detect that the
connection was securely forwarded if some header is set :
https://docs.djangoproject.com/en/1.5/ref/settings/#secure-proxy-ssl-header
A common way is to set HTTP_X_FORWARDED_PROTO to 'https'
Which proxy are we using? With NginX the config line to add is:
proxy_set_header X-Forwarded-Protocol $scheme;
With Apache it would be:
RequestHeader set X-Forwarded-Protocol "https"
in the virtualhost listening on port 443, and:
RequestHeader set X-Forwarded-Protocol "http"
in the virtualhost listening on port 80.
What do you think of all that? How do we handle HTTPS detection at the
moment?
If it looks OK to you, should we wait for the freeze to be over before
making this change?
Thanks,
Aurélien
--
http://aurelien.bompard.org ~~~~~~ xmpp:aurelien at bompard.org
Concentre-toi sur ce que tu as plutôt que sur ce que tu n'as pas.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20131002/5912bfc1/attachment.sig>
More information about the infrastructure
mailing list