You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@felix.apache.org by "Konrad Windszus (JIRA)" <ji...@apache.org> on 2016/08/01 10:25:21 UTC

[jira] [Comment Edited] (FELIX-4923) SslFilterResponse doesn 't take in account ssl-forward.header property

    [ https://issues.apache.org/jira/browse/FELIX-4923?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15401800#comment-15401800 ] 

Konrad Windszus edited comment on FELIX-4923 at 8/1/16 10:25 AM:
-----------------------------------------------------------------

[~asanso] Even in your patch you making some assumptions about the header name and value. Is the comparison 
{code}
if (cfg.sslValue.equalsIgnoreCase(httpReq.getHeader(cfg.sslHeader))) 
{code}
not enough here?

In case we really want to distinguish between the 3 cases:
1) HTTPS terminated at proxy in front, Felix accessed through HTTP
2) HTTP terminated at proxy in front, Felix accessed through HTTPS
3) Felix directly accessed through HTTP or HTTPS
we need to extend the OSGi configuration with a value for use case 2) as well.


was (Author: kwin):
[~asanso] Even in your patch you making some assumptions about the header name and value. Is the comparison 
{code}
if (cfg.sslValue.equalsIgnoreCase(httpReq.getHeader(cfg.sslHeader))) not enough here?
{code}

In case we really want to distinguish between the 3 cases:
1) HTTPS terminated at proxy in front, Felix accessed through HTTP
2) HTTP terminated at proxy in front, Felix accessed through HTTPS
3) Felix directly accessed through HTTP or HTTPS
we need to extend the OSGi configuration with a value for use case 2) as well.

> SslFilterResponse doesn 't take in account ssl-forward.header property
> ----------------------------------------------------------------------
>
>                 Key: FELIX-4923
>                 URL: https://issues.apache.org/jira/browse/FELIX-4923
>             Project: Felix
>          Issue Type: Bug
>          Components: HTTP Service
>            Reporter: Antonio Sanso
>            Priority: Minor
>         Attachments: FELIX-4923-patch.txt, FELIX-4923-patch.txt
>
>
> {{SslFilterResponse}} doesn 't take in account {{ssl-forward}}.header property.
> Indeed the {{SslFilterResponse}} constructor hardcodes {{HDR_X_FORWARDED_PROTO}}.
> {code}
> ...
> request.getHeader(HDR_X_FORWARDED_PROTO);
> ...
> {code}
> the  {{ssl-forward}} osgin configuration should be taken in account IMHO. The default is even different than {{HDR_X_FORWARDED_PROTO}} indeed is rather {{X-Forwarded-SSL}}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)