Forum Discussion

Hassan_Ali_1810's avatar
Hassan_Ali_1810
Icon for Nimbostratus rankNimbostratus
Dec 26, 2014

x-forwarded-proto + F5 + Drupal issues

my client has setup F5 and doing ssl offloading. I'm using drupal application on linux RedHat.

 

network team has set the x-forwarded-proto header on F5 device.

 

I've added RequestHeader add X-Forwarded-Proto https in my httpd.conf file

 

and in settings.php (of drupal) i've added below

 

when a request is made using https:// to load balancer it is routing the request to app server and everything loads just fine, however if the request is just http:// to load balancer then my app server is converting all references to resources (images/ css/ scripts) as https://

 

when the request is handed over to app server, will it carry or expected to carry the x-forwarded-proto in headers received by app server?

 

I'm confused on what to do, where to fix.

 

4 Replies

  • not to be unkind but shouldn't you take this up with your network team? they changed something, have them check if what they did is correct. also read up on what is required on the apache / drupal side.

     

    i would double check the header isn't by accident send / send incorrectly when you connect via http.

     

  • thanks for the response. can you at least tell me what additional headers (when someone sends a http or https request) we should expect from F5 load balancer after adding the x-forwarded-proto as the irule?

     

  • if you just add the x-forwarded-proto header via an iRule then nothing more is added.

     

    in general the F5 BIG-IP just passes traffic. you can have it add headers via iRule or for example the x-forwarded-for header via the HTTP profile. but that is config you do. the F5 BIG-IP isn't going to add headers itself without being told to do so.

     

  • shaggy's avatar
    shaggy
    Icon for Nimbostratus rankNimbostratus

    Check to make sure they did not enable x-forwarded-for on the HTTP F5 virtual server that the application uses. If you enable HTTPS in drupal only when the x-forwarded-for header is set, then enabling x-forwarded-for on the http virtual server on the f5 (which is a normal thing to do) could cause undesirable application effects

     

    Also, as I am unfamiliar with drupal, what does "$_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'" do? the contents of a legitimate x-forwarded-for header will never contain the text "https"