felix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Carsten Ziegeler (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FELIX-4330) [HTTP SSL Filter] Make SSL header(s) configurable
Date Fri, 16 May 2014 11:19:21 GMT

    [ https://issues.apache.org/jira/browse/FELIX-4330?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13999655#comment-13999655

Carsten Ziegeler commented on FELIX-4330:

[~jajans] I basically agree with you. So you suggest to replace the current option property
from Felix patch with two string props, right? Could you update the patch? Maybe we could
add the known configuration setups to the description, so people see right away in the web
console how they can configure it?

> [HTTP SSL Filter] Make SSL header(s) configurable
> -------------------------------------------------
>                 Key: FELIX-4330
>                 URL: https://issues.apache.org/jira/browse/FELIX-4330
>             Project: Felix
>          Issue Type: Bug
>          Components: HTTP Service
>    Affects Versions: http-2.2.1
>            Reporter: Felix Meschberger
>            Assignee: Felix Meschberger
>             Fix For: http-2.3.0, http-sslfilter-1.0.0
>         Attachments: FELIX-4330-fme.patch, FELIX-4330-fme2.patch, FELIX-4330.patch
> The request header indicating a proxy terminating an HTTPS connection is currently hard
coded to be "X-Forwarded-SSL" with the only value supported to be "on" -- based on the assumption
of this being the most commonly used header value.
> It looks that Amazon's Elastice Load Balancer uses a different header and value: X-Forwarded-Proto
whose value is the actual protocol by which the client talks to the load balancer. The filter
should kick in if the protocol is https (or maybe if it is just not the same as the one which
the servlet container reports).
> [1] http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/TerminologyandKeyConcepts.html#x-forwarded-proto

This message was sent by Atlassian JIRA

View raw message