I am trying to troubleshoot why the CGI.https variable isn’t getting set correctly (currently an empty string instead of on). The setup is as follows: Cloudflare → Amazon ELB → Apache HTTPD → Tomcat. Cloudflare is just doing DNS for us at the moment and the ELB is doing SSL termination. Amazon passes the header X-Forwarded-Proto which I can see is set to “https” when I dump getHttpRequestData()
I have tried several variations of the Tomcat RemoteIPValve, currently it is set to:
<Valve className="org.apache.catalina.valves.RemoteIpValve"
protocolHeader="x-forwarded-proto"
remoteIpHeader="x-forwarded-for" />
I have tried variations with trustedProxies, internalProxies, remoteIpProxiesHeader but still no luck. If I remove the protocolHeader
part dumping CGI will show that the server_port is 80 and server_port_secure is 0 but when I add that attribute back to the valve it shows port 443 and server_port_secure set to 1. This leads me to believe the valve is working fine but CGI.https is still an empty string. Anyone have an idea of what I could be missing?
CGI
GetHttpRequestData