What do you know about SSL Proxies?
Posted: Sun Sep 11, 2011 12:57 am
Here I am, thinking I'm super clever, and then I discover SSL Proxies...
Consider the following URI, where example.org is my domain name:
https://ssl.perfora.net/example.org/phpinfo.php.
Looking at this link, I would expect it to return on port 443 and HTTPS to be 'on' or 1. Instead, it returns port 80 and a bunch of FORWARDED_FOR headers.
HTTP_X_FORWARDED_BY United Internet SSL Proxy
HTTP_X_FORWARDED_FOR 97.120.196.113
HTTP_X_FORWARDED_HOST ssl.perfora.net
HTTP_X_FORWARDED_SERVER ssl.perfora.net
Am I understanding this correctly as 1-way only, encrypted transmission?
Is this common webhost behaviour? I almost feel like 1and1 is taking me for a ride by providing as little as possible to encourage me to purchase an SSL cert from them, nevermind I purchased their "Business" hosting. This is the first time I have run across this.
I have spent days refactoring my code to support, SSL, Shared SSL, or No SSL, and now here comes a wrench.
I have access to a bluehost account, so I will try their server tomorrow and see if I get similar results.
Have you encountered this before?
Edit: Bluehost uses a Shared SSL, not a proxy, and results are as I expected.
Consider the following URI, where example.org is my domain name:
https://ssl.perfora.net/example.org/phpinfo.php.
Looking at this link, I would expect it to return on port 443 and HTTPS to be 'on' or 1. Instead, it returns port 80 and a bunch of FORWARDED_FOR headers.
HTTP_X_FORWARDED_BY United Internet SSL Proxy
HTTP_X_FORWARDED_FOR 97.120.196.113
HTTP_X_FORWARDED_HOST ssl.perfora.net
HTTP_X_FORWARDED_SERVER ssl.perfora.net
Am I understanding this correctly as 1-way only, encrypted transmission?
Is this common webhost behaviour? I almost feel like 1and1 is taking me for a ride by providing as little as possible to encourage me to purchase an SSL cert from them, nevermind I purchased their "Business" hosting. This is the first time I have run across this.
I have spent days refactoring my code to support, SSL, Shared SSL, or No SSL, and now here comes a wrench.
I have access to a bluehost account, so I will try their server tomorrow and see if I get similar results.
Have you encountered this before?
Edit: Bluehost uses a Shared SSL, not a proxy, and results are as I expected.