Bug #32999

Cannot properly handle reverse-proxy as SSL end-point

Added by Xavier Perseguers over 10 years ago. Updated over 10 years ago.

Status:
Rejected
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2012-01-05
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.6
PHP Version:
Tags:
Complexity:
easy
Is Regression:
Sprint Focus:

Description

When you're website is served on port 80 (http) but is accessed through a reverse-proxy that allows both http (80) and https (443), thus acts as an SSL end-point, there is no way to check if SSL is on.

A reverse-proxy already sets an additional header X-Forwarded-For for the real remote IP. In addition, SSL end-point reverse-proxy typically set one of those header for the actual protocol:

  1. X-Forwarded-Proto (either "http" or "https"), typically used by Nginx
  2. X-Forwarded-Ssl (either "on" or "off"), typically used by Apache
  3. Front-End-Https (either "on" or "off"), typically used by ISA server (http://support.microsoft.com/kb/307347)

This additional header, when present, should be taken into account by t3lib_div::getIndpEnv() with parameter 'TYPO3_SSL' to properly allow testing it in TS conditions for instance.


Related issues

Related to TYPO3 Core - Bug #29693: Respect HTTP_X_FORWARDED_PROTO in SSL checkRejectedMichael Stucki2011-09-12

Actions
Has duplicate TYPO3 Core - Feature #35723: Improvement for SSL detection behind proxy serverClosed2012-04-05

Actions
#1

Updated by Xavier Perseguers over 10 years ago

  • Status changed from New to Rejected

Duplicate of the other issue. Still don't like the hack of using a "local" header but well...

Also available in: Atom PDF