How can I detect if a tcp connection has been forwarded from a ssl connection?

后端 未结 2 710
小蘑菇
小蘑菇 2021-02-06 13:51

The specific scenario I\'m dealing with is attempting to connect to a websocket connection behind an AWS elastic load balancer, whilst enforcing https/ssl rather than http/tcp.<

相关标签:
2条回答
  • 2021-02-06 14:26

    If the question is in fact "How can I ensure anyone visiting my website via http is redirected to https/ssl" (as indeed it turned out that this is what I meant), this is possible by

    1. Setting the Elastic Load Balancer to forward HTTP on 80 to HTTP on 80 on the instance (rather than TCP on 80 as it was before) and then forward HTTPS on 443 to TCP on 80 on the instance.

    2. "Assuming HTTPS/SSL" during the detection of the protocol: namely check if there exists an x-forwarded-proto, if it does, it's come from a http request, thus 301 to https. If one doesn't exist, assume it's https, don't redirect it (in practice I felt I might as well check to ensure the protocol was http before redirecting, but in the current set up I'm pretty sure that's the only scenario that can possibly occur).

    0 讨论(0)
  • 2021-02-06 14:32

    When you use TCP, the ELB will not inject HTTP headers such as x-forwarded-proto or x-forwarded-for. You may be able to get what you need by configuring Proxy Protocol.

    0 讨论(0)
提交回复
热议问题