Actions
Bug #32999
closedCannot properly handle reverse-proxy as SSL end-point
Status:
Rejected
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2012-01-05
Due date:
% Done:
0%
Estimated time:
TYPO3 Version:
4.6
PHP Version:
Tags:
Complexity:
easy
Is Regression:
Sprint Focus:
Description
When you're website is served on port 80 (http) but is accessed through a reverse-proxy that allows both http (80) and https (443), thus acts as an SSL end-point, there is no way to check if SSL is on.
A reverse-proxy already sets an additional header X-Forwarded-For for the real remote IP. In addition, SSL end-point reverse-proxy typically set one of those header for the actual protocol:
- X-Forwarded-Proto (either "http" or "https"), typically used by Nginx
- X-Forwarded-Ssl (either "on" or "off"), typically used by Apache
- Front-End-Https (either "on" or "off"), typically used by ISA server (http://support.microsoft.com/kb/307347)
This additional header, when present, should be taken into account by t3lib_div::getIndpEnv() with parameter 'TYPO3_SSL' to properly allow testing it in TS conditions for instance.
Actions