Open gnotaras opened 11 years ago
If you trust the host where stud is running, you may be able to add the secure key in varnish, by checking the source of the request:
sub vcl_recv { if (client.ip ~ stud_hosts ) { set req.http.x-secure-conn-key = "1234567890 https=on"; } else { set req.http.x-secure-conn-key = "1234567890 https=off"; } }
stud should support the addition of custom headers to the request, so that the backend server have a trusted way to determine whether the request has actually passed through stud or not.
For instance, I'd add a secret key as a value to a custom header in the stud configuration.
Then, in the backend server I'd check for the existence of my secret header and key and in turn notify the application that the client has connected over a secure channel.
Eg, in apache, the header could be checked and, if the key matched, the variable HTTPS would be set to on (most web applications use such a variable to determine if the client connection was secure):
I think it would be a useful feature.
PS: My use case is stud<->varnish<->apache<->fastcgi_app