• Content count

  • Joined

  • Last visited

About tabacco

  • Rank

tabacco's Activity

  1. tabacco added a record in IP.Board   

    IP.Board can't detect https if behind an SSL-terminating load balancer
    From looking at admin/sources/classes/output/publicOutput.php:826, IP.Board only properly supports HTTPS if php reports $_SERVER['SERVER_PORT']==443.
    In the case of an SSL-terminating load balancer, though, this won't be the case, since the load balancer will handle the SSL and forward plain http to the backend.
    The usual standard in these setups is to set the following header on the request to the backend X-Forwarded-Proto: https
    It seems like it'd be pretty easy to hack that in on that line (and I did in my own copy):[code=:826] if ( $_SERVER['SERVER_PORT'] == SSL_PORT || ( isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' ) ) { $this->isHTTPS = true; return; } [/code]
    If the forum wasn't behind a load balancer, it'd be possible for a client to set the header erroneously, but I'm not sure it really matters if they do.
    • 0 replies

About Me

Status Feed