Uploaded image for project: 'Felix'
  1. Felix
  2. FELIX-4330

[HTTP SSL Filter] Make SSL header(s) configurable

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    Description

      The request header indicating a proxy terminating an HTTPS connection is currently hard coded to be "X-Forwarded-SSL" with the only value supported to be "on" – based on the assumption of this being the most commonly used header value.

      It looks that Amazon's Elastice Load Balancer uses a different header and value: X-Forwarded-Proto whose value is the actual protocol by which the client talks to the load balancer. The filter should kick in if the protocol is https (or maybe if it is just not the same as the one which the servlet container reports).

      [1] http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/TerminologyandKeyConcepts.html#x-forwarded-proto

      Attachments

        1. FELIX-4330.patch
          2 kB
          Ian Boston
        2. FELIX-4330-fme.patch
          11 kB
          Felix Meschberger
        3. FELIX-4330-fme2.patch
          11 kB
          Felix Meschberger

        Issue Links

        is related to

        Bug - A problem which impairs or prevents the functions of the product. FELIX-5750 Clarify relation of "Enable Proxy/Load Balancer Connection" Jetty feature and SSL Filter

        • Major - Major loss of function.
        • Open

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            fmeschbe Felix Meschberger
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment