[
https://issues.apache.org/jira/browse/FELIX-4330?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13992573#comment-13992573
]
J.W. Janssen edited comment on FELIX-4330 at 5/8/14 9:56 AM:
-------------------------------------------------------------
I've taken a look at the latest patch of [~fmeschbe] and was wondering why we
want to limit the possible values that are allowed in {{SslFilter}}. We now
would have to update our code for each new header that is proposed in the
future.
I'd propose to just allow the {{SslFilter}} to obtain two configuration values:
one for the forward header name and one for the expected value of the header
and not do the parsing of values at all.
The above mentioned values could be a good start for the documentation on the
website, so your work isn't lost ;)
Another remark: shouldn't we propagate the header as configured? Now we always
use the {{X-Forwarded-SSL}} header for that purpose, which might be not the
most obvious for users using another vendor...
was (Author: jajans):
I've taken a look at the latest patch of [~fmeschbe] and was wondering why we
want to limit the possible values that are allowed in {{SslFilter}}. We now
have to update our code for each new header that is proposed in the future.
I'd propose to allow the {{SslFilter}} to obtain two configuration values: one
for the forward header name and one for the expected value of the header.
The above mentioned values could be a good start for the documentation on the
website, so your work isn't lost ;)
Another remark: shouldn't we propagate the header as configured? Now we always
use the {{X-Forwarded-SSL}} header for that purpose, which might be not the
most obvious for users using another vendor...
> [HTTP SSL Filter] Make SSL header(s) configurable
> -------------------------------------------------
>
> Key: FELIX-4330
> URL: https://issues.apache.org/jira/browse/FELIX-4330
> Project: Felix
> Issue Type: Bug
> Components: HTTP Service
> Affects Versions: http-2.2.1
> Reporter: Felix Meschberger
> Assignee: Felix Meschberger
> Fix For: http-2.3.0, http-sslfilter-1.0.0
>
> Attachments: FELIX-4330-fme.patch, FELIX-4330-fme2.patch,
> FELIX-4330.patch
>
>
> The request header indicating a proxy terminating an HTTPS connection is
> currently hard coded to be "X-Forwarded-SSL" with the only value supported to
> be "on" -- based on the assumption of this being the most commonly used
> header value.
> It looks that Amazon's Elastice Load Balancer uses a different header and
> value: X-Forwarded-Proto whose value is the actual protocol by which the
> client talks to the load balancer. The filter should kick in if the protocol
> is https (or maybe if it is just not the same as the one which the servlet
> container reports).
> [1]
> http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/TerminologyandKeyConcepts.html#x-forwarded-proto
--
This message was sent by Atlassian JIRA
(v6.2#6252)
