Detecting Secure requesting when hardware based SSL offloading is

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Prabhu
    #1

    Detecting Secure requesting when hardware based SSL offloading is

    Hi.
    We have an ASP.net Web application in which some of the pages are to be
    served over secure channel using HTTPS.
    We have built a framework that allows pages to be served over secure channel
    specified in a configuration file. When a request for specified pages comes
    over HTTP, framework detects and redirects the browser over HTTPS.
    Similarly for non secure pages if the request comes over HTTPS the
    framework redirects the browser onto HTTP.

    We use HttpRequest.IsS ecureConnection property to determine HTTP/HTTPS was
    used to make the request. This all used to work fine until now.

    Now the infrastructure group has taken out SSL responsibilitie s from the Web
    Server and given it to an Hardware SSL offloader. What SSL offloader is doing
    is it decrypts the request from client and sends an un encrypted request to
    Web Server.
    As a consequence HttpRequest.IsS ecureConnection is always returning false
    to the application?

    Is anyone aware of a solution to the above problem i.e. for us to detect SSL
    request in SSL Offloading scenario by other means than using
    HttpRequest.IsS ecureConnection (for e.g. checking headers??)

    Thanks
    Tags: None
    • Curt_C [MVP]
      #2
      RE: Detecting Secure requesting when hardware based SSL offloading is

      If I understood correctly.. nope. If they are removing the request from the
      HTTPS context, and rerouting to an HTTP URL in the backend then you are
      probably out of luck. The offloader will be your only point of reference. If
      the call comes from there, or if they can pass an additional flag, you should
      be able to get to that.

      --
      Curt Christianson
      site: http://www.darkfalz.com
      blog: http://blog.darkfalz.com



      "Prabhu" wrote:
      [color=blue]
      > Hi.
      > We have an ASP.net Web application in which some of the pages are to be
      > served over secure channel using HTTPS.
      > We have built a framework that allows pages to be served over secure channel
      > specified in a configuration file. When a request for specified pages comes
      > over HTTP, framework detects and redirects the browser over HTTPS.
      > Similarly for non secure pages if the request comes over HTTPS the
      > framework redirects the browser onto HTTP.
      >
      > We use HttpRequest.IsS ecureConnection property to determine HTTP/HTTPS was
      > used to make the request. This all used to work fine until now.
      >
      > Now the infrastructure group has taken out SSL responsibilitie s from the Web
      > Server and given it to an Hardware SSL offloader. What SSL offloader is doing
      > is it decrypts the request from client and sends an un encrypted request to
      > Web Server.
      > As a consequence HttpRequest.IsS ecureConnection is always returning false
      > to the application?
      >
      > Is anyone aware of a solution to the above problem i.e. for us to detect SSL
      > request in SSL Offloading scenario by other means than using
      > HttpRequest.IsS ecureConnection (for e.g. checking headers??)
      >
      > Thanks[/color]

        Comment

        Previous template Next
        Working...