SSL offloading and X Header
Hi,
I would need technical details on how the SSL offloading should be done for my sitefinity website: do I need to have a specific X Header being sent in order to have SSL off-loading properly working ? or simply the site will be fully coded in relative path, thus no need for any X header ?
Please need your support on it
Thank you
Dimitri
Hello Dimitri,
Make sure to use "Require SSL" of page setting might not work as expected when there is a SSL offloading solution. The problem is that Sitefinity instances are doing redirects to https:// because of this setting. If you use this option (Require SSL) and request the page under http:// the redirects are in fact and application is looping over and over.
For example:
If request coming from user is HTTPS (Require SSL), after the decrypting from the load balancing the request to web application will be HTTP, but Sitefinity requires accessing to this page to be in HTTPS only and makes redirect to HTTPS.
https trafic
|
Load balancer
|
http traffic
|
Web Server 1, Web Server 2, ...
You can run the entire site in SSL, but please make sure the "Required SSL" option is switched to off.
Regards,
Ivelina Ganeva
Telerik