Mailing List Archive: Cherokee: dev

Issue 581 in cherokee: [patch] mark SSL connections in the reverse proxy module

Index | Next | Previous | View Threaded

codesite-noreply at google

Sep 18, 2009, 2:59 PM

Post #1 of 7 (711 views)
Permalink

Issue 581 in cherokee: [patch] mark SSL connections in the reverse proxy module

Status: New
Owner: ----

New issue 581 by stefantalpalaru: [patch] mark SSL connections in the
reverse proxy module
http://code.google.com/p/cherokee/issues/detail?id=581

Problem: information providers behind the reverse proxy don't know if the
connection made by the client to cherokee is secure or not.

Solution: a "X-Forwarded-SSL" HTTP header set in handler_proxy.c that has
the value 'on' or 'off'. This header is used by Webfaction so there is code
supporting it already in the wild (I found some for Django). Patch attached.

Attachments:
cherokee-x-forwarded-ssl.patch 583 bytes

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

codesite-noreply at google

Sep 26, 2009, 8:19 PM

Post #2 of 7 (643 views)
Permalink

Issue 581 in cherokee: [patch] mark SSL connections in the reverse proxy module [In reply to]

Updates:
Status: WaitingQA
Owner: alobbs
Labels: Type-Enhancement Priority-Low Component-Logic Usability OpSys-All

Comment #1 on issue 581 by ste...@konink.de: [patch] mark SSL connections
in the reverse proxy module
http://code.google.com/p/cherokee/issues/detail?id=581

(No comment was entered for this change.)

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

codesite-noreply at google

Sep 29, 2009, 12:24 AM

Post #3 of 7 (627 views)
Permalink

Issue 581 in cherokee: [patch] mark SSL connections in the reverse proxy module [In reply to]

Updates:
Status: Started
Owner: tahers

Comment #2 on issue 581 by alobbs: [patch] mark SSL connections in the
reverse proxy module
http://code.google.com/p/cherokee/issues/detail?id=581

The patch looks good. Good stuff!!

Taher, could you please explain Stefan how the contributor agreement works?
Thanks!

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

codesite-noreply at google

Sep 29, 2009, 6:44 AM

Post #4 of 7 (629 views)
Permalink

Issue 581 in cherokee: [patch] mark SSL connections in the reverse proxy module [In reply to]

Comment #3 on issue 581 by tahers: [patch] mark SSL connections in the
reverse proxy module
http://code.google.com/p/cherokee/issues/detail?id=581

Done. I would have done it earlier but was convinced that the patch was by
our other
Stefan (who already knows about this stuff). My bad, sorry ;-)

Nice patch, btw.

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

codesite-noreply at google

Sep 29, 2009, 9:31 AM

Post #5 of 7 (629 views)
Permalink

Issue 581 in cherokee: [patch] mark SSL connections in the reverse proxy module [In reply to]

Updates:
Status: Fixed

Comment #4 on issue 581 by tahers: [patch] mark SSL connections in the
reverse proxy module
http://code.google.com/p/cherokee/issues/detail?id=581

Shipped in r3680.

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

cherokee at googlecode

Jun 24, 2011, 7:16 PM

Post #6 of 7 (244 views)
Permalink

Re: Issue 581 in cherokee: [patch] mark SSL connections in the reverse proxy module [In reply to]

Comment #5 on issue 581 by scott...@gmail.com: [patch] mark SSL connections
in the reverse proxy module
http://code.google.com/p/cherokee/issues/detail?id=581

Hi, I'm using Cherokee 1.2.98 and this doesn't seem to be working for me.
I have a WSGI app running behind a reverse proxy (this is the only option
for this app) and it's telling me that HTTP_X_FORWARDED_SSL is set
to "off". Any help would be appreciated.

_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

cherokee at googlecode

Jun 24, 2011, 7:48 PM

Post #7 of 7 (250 views)
Permalink

Re: Issue 581 in cherokee: [patch] mark SSL connections in the reverse proxy module [In reply to]

Comment #6 on issue 581 by scott...@gmail.com: [patch] mark SSL connections
in the reverse proxy module
http://code.google.com/p/cherokee/issues/detail?id=581

After playing around with the rules for my app, it seems that the header is
set to "on" if "Is SSL/TLS" is part of the same rule that the reverse proxy
is on. If "Is SSL/TLS" is set on a non-final rule that is above the
proxy's rule, but it's not set on the proxy's rule, then X-Forwarded-SSL is
set to "off" even when the request is over TLS/SSL.

_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads