bump On Thu, Mar 16, 2017 at 5:33 PM, Andrei <lag...@gmail.com> wrote:
> Hello everyone, > > I have a setup with Varnish/Hitch in front of Apache, where Hitch proxies > the SSL traffic to Varnish via HTTP, and Apache receives the request via > HTTP while the client request was done via https. This local downgrade is > due to Varnish not supporting SSL. Since there are quite a few platforms > out there that rely on HTTPS/SERVER_PORT checks to force https redirects > for example, I've been toying with mod_rpaf which can spoof the environment > variables based on X headers from a defined list of IPs, but it's not > consistent and requires disabling keepalive due to a long standing bug - > https://github.com/gnif/mod_rpaf/issues/42. That being said, I'm trying > to ditch mod_rpaf and spoof the variables using SetEnvIf based on a custom > X-Header instead, which will be set by Varnish. The only problem I'm > running in to is overriding SERVER_PORT. For example, if I have: > > SetEnvIf X-HTTPS "on" HTTPS=on > SetEnvIf X-HTTPS "on" REQUEST_SCHEME=https > SetEnvIf X-HTTPS "on" SERVER_PORT=443 > > The above results in: > > root@avi [~]# curl -sH"X-HTTPS: on" http://domain.com/headers.php|egrep > -i 'https|r_port' > $_SERVER[HTTPS]; => on > $_SERVER[HTTP_X_HTTPS]; => on > $_SERVER[REQUEST_SCHEME]; => https > $_SERVER[SERVER_PORT]; => 80 > root@avi [~]# > > > While I would expect them to be: > > $_SERVER[HTTPS]; => on > $_SERVER[HTTP_X_HTTPS]; => on > $_SERVER[REQUEST_SCHEME]; => https > $_SERVER[SERVER_PORT]; => 443 > > If anyone knows of a different method, or module to use, I'm more than > open to ideas. Thanks in advance! > > >
