Detecting Secure requesting when hardware based SSL offloading is

G

Guest

Hi.
We have an ASP.net Web application in which some of the pages are to be
served over secure channel using HTTPS.
We have built a framework that allows pages to be served over secure channel
specified in a configuration file. When a request for specified pages comes
over HTTP, framework detects and redirects the browser over HTTPS.
Similarly for non secure pages if the request comes over HTTPS the
framework redirects the browser onto HTTP.

We use HttpRequest.IsSecureConnection property to determine HTTP/HTTPS was
used to make the request. This all used to work fine until now.

Now the infrastructure group has taken out SSL responsibilities from the Web
Server and given it to an Hardware SSL offloader. What SSL offloader is doing
is it decrypts the request from client and sends an un encrypted request to
Web Server.
As a consequence HttpRequest.IsSecureConnection is always returning false
to the application?

Is anyone aware of a solution to the above problem i.e. for us to detect SSL
request in SSL Offloading scenario by other means than using
HttpRequest.IsSecureConnection (for e.g. checking headers??)

Thanks
 
G

Guest

If I understood correctly.. nope. If they are removing the request from the
HTTPS context, and rerouting to an HTTP URL in the backend then you are
probably out of luck. The offloader will be your only point of reference. If
the call comes from there, or if they can pass an additional flag, you should
be able to get to that.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,990
Messages
2,570,211
Members
46,796
Latest member
SteveBreed

Latest Threads

Top