On 11/14/02 2:39 PM, Randy Kobes wrote: > On Thu, 14 Nov 2002, John Siracusa wrote: >> I tried turning on ProxyVia, but all I got was the HTTP >> protocol version ("1.1") and the host ("www.foo.com"), but no >> scheme string (e.g. "http://" or "https://") > > Were these from requests you know were made using https?
Yep, but I still just get the version number. > My reading of the Via header was that the protocol name is optional > only if it is HTTP, implying that if it's not given, you can > assume it's HTTP. That doesn't appear to be the case with mod_proxy in apache 1.3.27. I ended up having to make a trivial C apache module (using the old mod_proxy_add_forward.c as a basis) to set my own header. Of course, first I had to find out if the request is SSL. I figured I'd look for the env var that mod_ssl sets: https = getenv("HTTPS"); if(https) ap_table_set(r->headers_in, "X-Forwarded-For-SSL", "yes"); But that didn't work. (I also tried many of the SSL_* env vars.) So then I tried looking where mod_ssl actually puts its HTTPS env var, in the subprocess_env structure: table *e = r->subprocess_env; if(ap_table_get(e, "HTTPS")) ap_table_set(r->headers_in, "X-Forwarded-For-SSL", "yes"); But that didn't work either. I forced my trivial module to the end of the module chain just to make sure mod_ssl got a chance to set its var(s) first, but that didn't help. Finally, I found something that did work: method = ap_ctx_get(r->ctx, "ap::http::method"); if(method) ap_table_set(r->headers_in, "X-Forwarded-For-Method", method); Apparently, this is only set by mod_ssl if method is "https". If it is HTTP, this is not set at all. Anyway, I just check for this on the mod_perl side with: if($r->header_in('X-Forwarded-For-Method') eq 'https') { ... } and that does the trick. The full code for the module is at the end of this message. But I still think this is an ugly hack, and I'd like to be able to do this using "standard" apache modules or config parameters... -John --- #include "httpd.h" #include "http_config.h" #include "http_core.h" module MODULE_VAR_EXPORT proxy_add_ssl_module; static int add_ssl_header(request_rec *r) { const char *method; if(r->proxyreq == PROXY_PASS) { method = ap_ctx_get(r->ctx, "ap::http::method"); if(method) ap_table_set(r->headers_in, "X-Forwarded-For-Method", method); return OK; } return DECLINED; } module MODULE_VAR_EXPORT proxy_add_ssl_module = { STANDARD_MODULE_STUFF, NULL, /* initializer */ NULL, /* dir config creater */ NULL, /* dir merger --- default is to override */ NULL, /* server config */ NULL, /* merge server configs */ NULL, /* command table */ NULL, /* handlers */ NULL, /* filename translation */ NULL, /* check_user_id */ NULL, /* check auth */ NULL, /* check access */ NULL, /* type_checker */ add_ssl_header, /* fixups */ NULL, /* logger */ NULL, /* header parser */ NULL, /* child_init */ NULL, /* child_exit */ NULL /* post read-request */ };