httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reindl Harald <h.rei...@thelounge.net>
Subject how make backend applications aware about tls-offloading
Date Sat, 07 Jan 2017 08:30:37 GMT
* Apache Trafficserver in front
* ATS configured for TLS-offloading
* connection to backend-httpd on the LAN unencrypted
* mod_remoteip correctly configured on backend httpd

is there any way to make the backend php application aware that in fact 
$_SERVER['HTTPS'] and $_SERVER['REQUEST_SCHEME'] should be 'on' / 
https:// in case of generate absolute URLs like for emails

in a perfect world this would be handeled like the transparent 
translation of the client IP with 
https://httpd.apache.org/docs/current/mod/mod_remoteip.html and it's 
RemoteIPInternalProxy and a header like "X-Forwarded-TLS"

something like below where "X-TLS-Offloading" is only evaluated from 
"RemoteIPInternalProxy" pyhsical addressess

RemoteIPHeader         X-Forwarded-For
RemoteTLSHeader        X-TLS-Offloading
RemoteIPInternalProxy  192.168.196.1


Mime
View raw message