https://bz.apache.org/bugzilla/show_bug.cgi?id=59829
Bug ID: 59829
Summary: Detect HTTPS marker from reverse proxy
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: mod_remoteip
Assignee: [email protected]
Reporter: [email protected]
Created attachment 34024
--> https://bz.apache.org/bugzilla/attachment.cgi?id=34024&action=edit
safe and functional implementation
mod_remoteip had no setting to detect if the client is using HTTPS and set the
environment variable accordingly.
Tested on our acting reverse-proxy nginx, configured with this on the http
listener:
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto "http";
And this on the https listener:
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
The patch adds a new setting called SecureIndicatorHeader (maybe you can think
of a better name).
It's used as follows:
SecureIndicatorHeader X-Forwarded-Proto https
This tells you if the header "X-Forwarded-Proto" is present and matches the
value "https" AND we've passed the proxy validation, then we set the "HTTPS"
request environment variable to "on".
Apache Tomcat has had something similar in it's RemoteIpValve for ages, but
because of its configuration format the setting is split into protocolHeader
and protocolHeaderHttpsValue.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
