[Catalyst] unexpected behavior of $c->request->secure and
$c->request->base
Bill Moseley
moseley at hank.org
Sat Apr 25 13:29:50 GMT 2009
On Fri, Apr 24, 2009 at 03:48:36PM -0700, Phil Mitchell wrote:
> >
> I am running mod_perl/Apache 2.0 and serving SSL on a non-standard port via
> a VirtualHost. I thought my apache setup was vanilla, but perhaps not -- I
> am no apache expert. It seems surprising to have to set an ENV variable in
> order for $c->request->base to work correctly...
The SSL decryption is happening on Apache and Apache is proxying the
request to Catalyst. Catalyst has no way to know that the request was
originally SSL. AFAIK, there's no standard way a front end proxy
can indicate the initial request was SSL to the back end that works
with all proxies.
Therefore, you need to make up some way that Catalyst will know the
connection is secure from something in the request -- such as a header
or the port that the connection is coming in on.
In my case I have a plugin where prepare_headers() looks at a number
of things to determine if it's SSL.
On Apache front end I use separate ports for SSL and non-SSL traffic
and use simple matching, and with Perlbal I set a header:
# Check if running under Perlbal
if ( $req->header( 'X-Perlbal' ) ) {
# Unlike mod_perl, Perlbal passes Host: unchanged.
# Engine::Apache uses X-Forwarded-Host, so copy
# Host to X-Forwarded-Host.
$req->header( 'X-Forwarded-Host' => $req->header( 'Host' ) );
$req->secure( 1 ) if $req->header( 'X-Ssl' );
return;
}
# Determine if we are in SSL mode using crude match
$req->secure( 1 ) if $req->header( 'Host' ) =~ /:\d*443$/;
return;
--
Bill Moseley.
moseley at hank.org
Sent from my iMutt
More information about the Catalyst
mailing list