Hi *, I'm having a small problem with the way we proxy connections to our webapps. If I understand correctly, the proxy handles SSL connections and forwards them as plain-text connections (which is normal). The problem is, I can't find a header I could use to detect that the connection was made using HTTPS, and as a result I can't find a way to properly redirect plain-text connections to SSL on the login form (and when the user is auth'ed). This is a common problem and Django has a way to detect that the connection was securely forwarded if some header is set : https://docs.djangoproject.com/en/1.5/ref/settings/#secure-proxy-ssl-header A common way is to set HTTP_X_FORWARDED_PROTO to 'https' Which proxy are we using? With NginX the config line to add is: proxy_set_header X-Forwarded-Protocol $scheme; With Apache it would be: RequestHeader set X-Forwarded-Protocol "https" in the virtualhost listening on port 443, and: RequestHeader set X-Forwarded-Protocol "http" in the virtualhost listening on port 80. What do you think of all that? How do we handle HTTPS detection at the moment? If it looks OK to you, should we wait for the freeze to be over before making this change? Thanks, Aurélien -- http://aurelien.bompard.org ~~~~~~ xmpp:aurelien@xxxxxxxxxxx Concentre-toi sur ce que tu as plutôt que sur ce que tu n'as pas.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
