We are having an issue with our Lucee installation where the https,
server_port, and server_port_secure variables in the CGI scope have the
Our infrastructure routes requests through a Sophos Firewall/Load balancer
to Apache (on CentOS 6) and finally proxied to Tomcat. The server was set
up some months ago using the Lucee installer with (I think) mod_cfml 1.0.
The SSL certificate is installed on the Sophos, and it is set up to use an
HTTPS connection to Apache and pass the host header. Our VHOST file for the
site I’m testing with only contains an entry for *:443 so there’s no
chance that Apache is choosing the wrong site config.
The CGI values come across as below:
One of their techs sent me to this article from the Railo mailing list from
last year which sounds like the same issue. I did put the ‘RequestHeader
set https on’ directive into the Apache config and saw the cgi.https value
change to “on” so I know we’re in the correct config.
The legacy code base we’re trying to migrate to this new infrastructure
runs 150+ sites and uses those CGI variables in all kinds of places. I’m
trying to come up with a way to resolve this without having to go digging
through hundreds of thousands of lines of code and changing references
My only idea right now is to upgrade to the latest Lucee stable (an issue
in an of itself b/c of issues with Taffy on another app we need to test),
then in the top of the application.cfm (yes I know…not my code) change
the value of the cgi variables if cgi.https = ‘on’ so that the rest of the
code functions as expected.
So, that’s a long-winded setup to say, doesn’t this seem like a bug in
Lucee if the request is getting to the correct HTTPS Apache config but
Lucee isn’t reporting correctly?
Thanks in advance,