The presence of the x-forwarded-port is a pretty good clue that a proxy or load balancer is in front of the app: https://en.wikipedia.org/wiki/X-Forwarded-For
Yes, you should check the x-forwarded-port header first, and if it is 443, ignore the rest. Better still is to check the x-forwarded-proto for http or https in case they are using a non-standard SSL port: http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/x-forwarded-headers.html Chuck From: "o...@ocs.cz" <o...@ocs.cz> Date: Friday, April 7, 2017 at 10:04 AM To: Chuck Hill <ch...@gevityinc.com> Cc: WebObjectsDev Development <webobjects-dev@lists.apple.com> Subject: Re: SSL and port fun Chuck, (as always to the rescue, you the man! Thanks!) On 7. 4. 2017, at 6:41 PM, Chuck Hill <ch...@gevityinc.com<mailto:ch...@gevityinc.com>> wrote: Is there a SSL terminating proxy or load balancer in front of the new installation? Absolutely no idea :( Aside of asking the side admin, might I check somehow? x-forwarded-port is more standard and dependable in that case. The other headers are from mod_webobjects. Just making sure I am not misunderstanding you, this means I should check the x-forwarded-port header first, and if it is 443, can I safely ignore server_port (not speaking of x-webobjects-server-port) and assume the access to application was SSL-protected, right? Thanks again a big lot, OC On 2017-04-07, 9:31 AM, "Webobjects-dev on behalf of OC" <webobjects-dev-bounces+chill=gevityinc....@lists.apple.com<mailto:webobjects-dev-bounces+chill=gevityinc....@lists.apple.com> on behalf of o...@ocs.cz<mailto:o...@ocs.cz>> wrote: Hi there, my ages-old code to support SSL - gets the request - checks its server_port and x-webobjects-server-port headers - if at least one of them is 443, we were accessed under SSL and all is well and swell. Otherwise, it generates 302 and HTTPS URL to re-direct to the same page under SSL. So far it worked like a charm for long long years. Now I am told that on a new installation on a new product server (I believe it is a Mac OS X 10.11) the redirections keep coming. Having added extra logs, I have found that (a) the server_port is always 80, even when the application is accessed through HTTPS (b) nevertheless, the request contains a header x-forwarded-port with the proper value of 443 Does someone here understand this stuff? Should I check the x-forwarded-port header first, and if it is 443, can I safely ignore server_port and assume the access to application was SSL-protected? Or should I tell them they need to fix their Apache settings, or whatever? Thanks a lot, OC _______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com<mailto:Webobjects-dev@lists.apple.com>) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/webobjects-dev/chill%40gevityinc.com This email sent to ch...@gevityinc.com<mailto:ch...@gevityinc.com>
_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
