trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <ylavic....@gmail.com>
Subject Re: how make backend applications aware about tls-offloading
Date Sat, 07 Jan 2017 23:31:26 GMT
On Sun, Jan 8, 2017 at 12:22 AM, Reindl Harald <h.reindl@thelounge.net> wrote:
>
> ok, so we need to continue the code below and set the option in every
> tls-offloaded application - intention of this thread was maybe get this
> transparent which seems not to be possible

It is "technically" possible, but not wise IMHO.
Making every httpd module/CGI/app think the local connection is https
could lead to things like "; Secure" cookies sent on the (clear) wire,
and that option would be accompanied with so much warnings ("unless
you're really on the same switch, but even that...") that it'd be hard
to defend (endlessly?).

>
> if(!empty($cms_tls_offload))
> {
>  $_SERVER['REQUEST_SCHEME'] = 'https';
>  $_SERVER['HTTPS']          = 'on';
> }

Your choice ;)

Mime
View raw message