Is there any standard http header which a ssl termination point should set?
I'm asking because currently we have a loadbalancer which is the termination for https. Behind there's an application server, and at the moment we have no clue wether the request came over http or https.
Should the loadbalancer set a cookie, or maybe a special http header?
Ssl – HTTP header for SSL
httpsssl
Related Topic
- Nginx – Redirect from HTTP to HTTPS with respect to the X-Forwarded-For header (SSL termination used)
- Ssl – How to prevent a specific request to redirect from http to https in SSL configuration
- Nginx – Redirect all http requests behind Amazon ELB to https without using if
- Nginx – Passing SSL protocol info to backend via HTTP header
- Ssl – HAproxy ssl re-encryption and http header modification
- Iis – Best way to redirect all HTTP to HTTPS in IIS
Best Answer
I assume your load balancer can manipulate the HTTP headers after decipher the SSL. Thus, a solution would be to add a custom local header to the HTTP request forwarded to the server, such as X-SSL-ENABLE: 1.
A cookie would be stored on the client's side, resent for each request and therefore loading your external bandwidth for no reason, since this is of internal use only.