Felix Meschberger created FELIX-4330:
----------------------------------------
Summary: [HTTP SSL Filter] Make SSL header(s) configurable
Key: FELIX-4330
URL: https://issues.apache.org/jira/browse/FELIX-4330
Project: Felix
Issue Type: Bug
Components: HTTP Service
Affects Versions: http-2.2.1
Reporter: Felix Meschberger
Assignee: Felix Meschberger
Fix For: http-2.2.2
The request header indicating a proxy terminating an HTTPS connection is
currently hard coded to be "X-Forwarded-SSL" with the only value supported to
be "on" -- based on the assumption of this being the most commonly used header
value.
It looks that Amazon's Elastice Load Balancer uses a different header and
value: X-Forwarded-Proto whose value is the actual protocol by which the client
talks to the load balancer. The filter should kick in if the protocol is https
(or maybe if it is just not the same as the one which the servlet container
reports).
[1]
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/TerminologyandKeyConcepts.html#x-forwarded-proto
--
This message was sent by Atlassian JIRA
(v6.1#6144)
