Forum OpenACS Development: Re: ad_conn peeraddr

Collapse
6: Re: ad_conn peeraddr (response to 4)
Posted by Malte Sussdorff on 08/15/07 12:53 PM
Gustaf (or anyone else), how do you handle the fact that you might want to force SSL connections to Pound, yet security::secure_conn_p returns 0 always (as the reverse proxy is using http to communicate to the AOLserver). Is there a trick so I can tell security::secure_conn_p that the original request is actually secure ?
Collapse
7: Re: ad_conn peeraddr (response to 6)
Posted by Gustaf Neumann on 08/15/07 02:54 PM
Pound adds multiple X-SSL-* request header fields to the request. The backend can query these and could set security::secure_conn_p (see https://www.apsis.ch/pound.html).
This was not an issue for us, since we only allow SSL connections from the outside world.

guess, with nginx one can get the same behaviour by using proxy_set_header.