Index: openacs-4/packages/acs-tcl/tcl/request-processor-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/request-processor-procs.tcl,v diff -u -r1.118.2.48 -r1.118.2.49 --- openacs-4/packages/acs-tcl/tcl/request-processor-procs.tcl 28 Jun 2017 20:20:27 -0000 1.118.2.48 +++ openacs-4/packages/acs-tcl/tcl/request-processor-procs.tcl 28 Jun 2017 21:13:23 -0000 1.118.2.49 @@ -1349,6 +1349,8 @@
Valid options for ad_conn are: ajax_p, + behind_proxy_p, + behind_secure_proxy_p, browser_id, deferred_dml, extra_url, @@ -1591,6 +1593,36 @@ } return $ad_conn(ajax_p) } + + behind_proxy_p { + # + # Check, if we are running behind a proxy: + # a) the parameter "ReverseProxyMode" has to be set + # b) the header-field X-Forwarded-For must be present + # + set ad_conn(behind_proxy_p) 0 + if {[ns_conn isconnected]} { + set headers [ns_conn headers] + if { [ns_config "ns/parameters" ReverseProxyMode false] + && [ns_set ifind $headers X-Forwarded-For] > -1} { + set ad_conn(behind_proxy_p) 1 + } + } + return $ad_conn(behind_proxy_p) + } + + behind_secure_proxy_p { + # + # Check, if we are running behind a secure proxy: + # a) [ad_conn behind_proxy_p] must be true + # b) the header-field X-SSL-Request must be 1 + # + set ad_conn(behind_secure_proxy_p) 0 + if {[ad_conn behind_proxy_p]} { + set ad_conn(behind_secure_proxy_p) [ns_set iget [ns_conn headers] X-SSL-Request] + } + return $ad_conn(behind_secure_proxy_p) + } default { return [ns_conn $var] Index: openacs-4/packages/acs-tcl/tcl/security-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/security-procs.tcl,v diff -u -r1.78.2.61 -r1.78.2.62 --- openacs-4/packages/acs-tcl/tcl/security-procs.tcl 28 Jun 2017 20:40:30 -0000 1.78.2.61 +++ openacs-4/packages/acs-tcl/tcl/security-procs.tcl 28 Jun 2017 21:13:23 -0000 1.78.2.62 @@ -1617,7 +1617,7 @@ ad_proc -private security::get_qualified_url { url } { @return secure or insecure qualified url } { - if { [security::secure_conn_p] } { + if { [security::secure_conn_p] || [ad_conn behind_secure_proxy_p] } { set qualified_url [security::get_secure_qualified_url $url] } else { set qualified_url [security::get_insecure_qualified_url $url] Index: openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl,v diff -u -r1.140.2.78 -r1.140.2.79 --- openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl 8 Jun 2017 16:42:26 -0000 1.140.2.78 +++ openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl 28 Jun 2017 21:13:23 -0000 1.140.2.79 @@ -2750,13 +2750,11 @@ set port $default_port($proto) } - set headers [ns_conn headers] - if { [ns_config "ns/parameters" ReverseProxyMode false] - && [ns_set ifind $headers X-Forwarded-For] > -1} { + if { [ad_conn behind_proxy_p] } { # # We are running behind a proxy # - if {[ns_set iget $headers X-SSL-Request] == 1} { + if {[ad_conn behind_secure_proxy_p]} { # # We know, the request was an https request #