ARR with SSL offloading: app needs to know it was SSL

867 views Asked by At

I have set up a web farm with ARR, using SSL offloading. Although the connection from ARR to the content site is proceeding with just HTTP, the application running on the site needs to know the original URL was HTTPS, so that links given in the result can be HTTPS. Can this be done?

I know I can capture the original HTTPS status as a new server variable (I'm using HTTP-X-ORIGINAL-HTTPS) using URL Rewrite on the ARR server. But how can I restore it to the content site using URL Rewrite? Obviously a redirect rule is not appropriate; a none action that sets server variables seems like it might be. I don't have an SSL binding on the content site. Do I have to make my content application look for the HTTP-X-ORIGINAL-HTTPS? Seems ugly.

1

There are 1 answers

0
Ross Presser On BEST ANSWER

Eventually I did -- I made the content application look for the request header HTTPS. (I have also switched from ARR to haproxy because haproxy gives me wildcard-bound TLS termination for free.)