On Wed, Nov 11, 2015 at 03:25:11PM +0500, shahzaib shahzaib wrote: Hi there,
> Actually we've video sharing website from where people embed http/https > links to there websites. Now the problem is, some of the HTTPS websites > have embedded HTTP URL links from our website instead of HTTPS due to which > the code is unable to execute on their HTTPS website because it is making > call from https -> http which is wrong. Before you put too much time into building the solution, can you do a quick test to confirm that it can work? As in: * on a https site, include a link to http on your server to one particular url that you control. * in your config, redirect that one url to something https on your site * for that https request, return the response that you want When you do that -- does it work? As in: do you know that the client (browser) that you care about, will access your http url and accept the https redirection and then make use of the code that you return over that https link? Because if that does not work, then it does not matter what else you do. > So we're thinking to have some condition in place that if the request for > HTTP embedded link comes from any HTTPS domain , nginx will detect that > source $scheme and redirect that request to HTTPS. You cannot reliably detect where the link came from. If you are willing to accept unreliably detecting where the link came from, knowing that some innocent cases and some malicious cases will be handled wrongly, then you can just examine $http_referer. If it starts with "https://";, then probably the link was on a https site. If it starts with "http://";, then probably the link was on a http site. If it is blank, then probably the link was on a https site and it is accessing your http site. Each "probably" is because the Referer header is set to whatever the browser wants. Some browsers lie. Some browsers omit it always. Some browsers set it to a non-default value because that's what the user configured it to do. Other possibilities exist. f -- Francis Daly [email protected] _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
