Hi guys,
I moved to Lucee 4.5 from Railo 4.2
All seems to be working just fine, except some interceptor points where I need to validate HTTP/S requests and redirect accordingly.
But Lucee since returns wrong values using the event.isSSL() methodos I got into an infinite loops errors.
I update Lucee’s JARS but wrong values also.
Any help on this…
xerrano
How are you determining if you are in ssl?
Luis Majano
CEO
Ortus Solutions, Corp
www.ortussolutions.com
P/F: 1-888-557-8057
According to his post, he’s using “event.isSSL()” which would be this code:
boolean function isSSL(){
if( isBoolean( cgi.server_port_secure ) AND cgi.server_port_secure){ return true; }
// Add typical proxy headers for SSL
if( getHTTPHeader( “x-forwarded-proto”, “http” ) eq “https” ){ return true; }
if( getHTTPHeader( “x-scheme”, “http” ) eq “https” ){ return true; }
return false;
}
If you dump out your CGI scope and server headers can you verify that all these checks fail? Do you see anything that signifies you’re on SSL. This is quite possibly an issues with your web server config. Are you terminating your SSL certs elsewhere like a load balancer?
Thanks!
~Brad
Hi Brad,
The SSL inspector was working just fine in Railo 4.2 when I migrate to Lucee the issue starts, dumping HTTP or HTTPS: cgi.https and cgi.server_port_secure, I got empty strings in both cases… still can be a server config issue?
thanks
Please tell us more about your server setup. Are you using Apache? Nginx? IIS? A load balancer? Where is the SSL cert installed?
This question probably is more suited for the Lucee forum than ColdBox, but we’ll try to help you here.
Thanks!
~Brad
ColdBox Platform Evangelist
Ortus Solutions, Corp
E-mail: brad@coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com
I have the same problem.
I’m using apache in front of Tomcat.
The SSL certificate is generated using LetsEncrypt.
Adding x-forwarded-proto header to my vhost solved the problem, however I’m not sure what is the best practice on SSL configuration.