Detecting proxy from an HTTPS page
|
View:
New views
5 Messages
—
Rating Filter:
Alert me
|
 |
Detecting proxy from an HTTPS page
by B. Perkins
::
Rate this Message:
I've got Apache in front of Active4D. I've recently installed
self-signed SSL Certs on my development server and signed SSL Certs on my production server. Active4D is using ITK in production, but NTK in development (I'm finally getting around to working the bugs in our ITK->NTK shell rewrite out). Active4D is serving on port 8080 and is not serving SSL. I have some cases where I programatically create a form action URL such as $formAction := "http://" + something else. This is causing some problems. What I need to do is something like: $formAction := getRequestProtocol + "://" + something else where "getRequestProtocol" would return either "http" or "https". A4D's "get request infos" has the "*secure" value, but it appears that returns whether Active4D is serving secure or not or only works if you are using 4D?. What I want to do is determine if Apache proxy came from an HTTPS page or not. I suppose I could figure this out in the rewrite rule and pass it as an extra query parameter, but that is so "WebSTAR" :) Am I missing some command in Active4D that might give me this info? Thanks, Brad _______________________________________________ Active4D-dev mailing list Active4D-dev@... http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/ |
|
|
Re: Detecting proxy from an HTTPS page
by aparajita
::
Rate this Message:
> A4D's "get request infos" has the "*secure" value, but it appears
> that returns whether Active4D is serving secure or not or only works > if you are using 4D?. > > What I want to do is determine if Apache proxy came from an HTTPS > page or not. > > I suppose I could figure this out in the rewrite rule and pass it as > an extra query parameter, but that is so "WebSTAR" :) > > Am I missing some command in Active4D that might give me this info? There is nothing in the http spec which provides for determination of SSL, since SSL is a lower-level protocol. Active4D can only determine a secure request from what the "Secured web connection" command returns. In your setup, all connections to 4D are unsecure since they are proxied to 8080. So I would suggest adding an extra request header (instead of a query parameter) to secure proxies in your apache rewrite rules. That's the only reliable way to determine if the original request was secure or not. Regards, Aparajita www.aparajitaworld.com "If you dare to fail, you are bound to succeed." - Sri Chinmoy | www.srichinmoy.org _______________________________________________ Active4D-dev mailing list Active4D-dev@... http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/ |
|
|
Re: Detecting proxy from an HTTPS page
by B. Perkins
::
Rate this Message:
> There is nothing in the http spec which provides for determination of > SSL, since SSL is a lower-level protocol. Active4D can only determine > a secure request from what the "Secured web connection" command > returns. In your setup, all connections to 4D are unsecure since they > are proxied to 8080. > > So I would suggest adding an extra request header (instead of a query > parameter) to secure proxies in your apache rewrite rules. That's the > only reliable way to determine if the original request was secure or > not. Excellent suggestion, I'll look into that. -- Brad _______________________________________________ Active4D-dev mailing list Active4D-dev@... http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/ |
|
|
Re: Detecting proxy from an HTTPS page
by B. Perkins
::
Rate this Message:
Aparajita,
Any hints about how to to this. I researched this over the weekend and found some information about an Apache RequestHeader directive, but (a) Nothing with respect to use within a rewrite rule (b) RequestHeader appears to be an Apache2 only feature (we're using 1.3.41) Thanks, Brad Bradley D. Perkins wrote: >> There is nothing in the http spec which provides for determination of >> SSL, since SSL is a lower-level protocol. Active4D can only determine >> a secure request from what the "Secured web connection" command >> returns. In your setup, all connections to 4D are unsecure since they >> are proxied to 8080. >> >> So I would suggest adding an extra request header (instead of a query >> parameter) to secure proxies in your apache rewrite rules. That's the >> only reliable way to determine if the original request was secure or >> not. >> > > Excellent suggestion, I'll look into that. _______________________________________________ Active4D-dev mailing list Active4D-dev@... http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/ |
|
|
Re: Detecting proxy from an HTTPS page
by aparajita
::
Rate this Message:
Brad,
> Any hints about how to to this. I researched this over the weekend > and found some information about an Apache RequestHeader directive, > but > (a) Nothing with respect to use within a rewrite rule > (b) RequestHeader appears to be an Apache2 only feature (we're using > 1.3.41) Try asking on an apache forum, I didn't actually know for sure adding a request header was possible with mod_rewrite. You may have to add a query param. Regards, Aparajita www.aparajitaworld.com "If you dare to fail, you are bound to succeed." - Sri Chinmoy | www.srichinmoy.org _______________________________________________ Active4D-dev mailing list Active4D-dev@... http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/ |
| Free Forum Powered by Nabble | Forum Help |