You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Ian Boston (JIRA)" <ji...@apache.org> on 2014/01/20 18:58:21 UTC
[jira] [Commented] (FELIX-4330) [HTTP SSL Filter] Make SSL
header(s) configurable
[ https://issues.apache.org/jira/browse/FELIX-4330?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13876628#comment-13876628 ]
Ian Boston commented on FELIX-4330:
-----------------------------------
Please note, I have not tested the patch against a live ELB instance, but it it is acceptable I can cut an internal release and get it tested.
> [HTTP SSL Filter] Make SSL header(s) configurable
> -------------------------------------------------
>
> Key: FELIX-4330
> URL: https://issues.apache.org/jira/browse/FELIX-4330
> Project: Felix
> Issue Type: Bug
> Components: HTTP Service
> Affects Versions: http-2.2.1
> Reporter: Felix Meschberger
> Assignee: Felix Meschberger
> Attachments: FELIX-4330.patch
>
>
> The request header indicating a proxy terminating an HTTPS connection is currently hard coded to be "X-Forwarded-SSL" with the only value supported to be "on" -- based on the assumption of this being the most commonly used header value.
> It looks that Amazon's Elastice Load Balancer uses a different header and value: X-Forwarded-Proto whose value is the actual protocol by which the client talks to the load balancer. The filter should kick in if the protocol is https (or maybe if it is just not the same as the one which the servlet container reports).
> [1] http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/TerminologyandKeyConcepts.html#x-forwarded-proto
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)