Bug #32999
Cannot properly handle reverse-proxy as SSL end-point
| Status: | Rejected | Start date: | 2012-01-05 | |
|---|---|---|---|---|
| Priority: | Should have | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | - | |||
| Target version: | - | |||
| TYPO3 Version: | 4.6 | Complexity: | easy | |
| PHP Version: | ||||
| Votes: | 0 |
Description
When you're website is served on port 80 (http) but is accessed through a reverse-proxy that allows both http (80) and https (443), thus acts as an SSL end-point, there is no way to check if SSL is on.
A reverse-proxy already sets an additional header X-Forwarded-For for the real remote IP. In addition, SSL end-point reverse-proxy typically set one of those header for the actual protocol:
- X-Forwarded-Proto (either "http" or "https"), typically used by Nginx
- X-Forwarded-Ssl (either "on" or "off"), typically used by Apache
- Front-End-Https (either "on" or "off"), typically used by ISA server (http://support.microsoft.com/kb/307347)
This additional header, when present, should be taken into account by t3lib_div::getIndpEnv() with parameter 'TYPO3_SSL' to properly allow testing it in TS conditions for instance.
Related issues
| related to Core - Bug #29693: Respect HTTP_X_FORWARDED_PROTO in SSL check | Rejected | 2011-09-12 | ||
| duplicated by Core - Feature #35723: Improvement for SSL detection behind proxy server | Needs Feedback | 2012-04-05 |
History
Updated by Xavier Perseguers over 1 year ago
- Status changed from New to Rejected
Duplicate of the other issue. Still don't like the hack of using a "local" header but well...