|
Glenn Hochberg
gah at research.att.com
Tue Apr 25 15:50:44 EDT 2006
On Apr 25, 2006, at 12:49 PM, Deron Meranda wrote: > On 4/25/06, Glenn Hochberg <gah at research.att.com> wrote: >> One (admittedly somewhat klugey) solution is to add: >> PythonOption ssl on >> to your ssl VirtualHost container (i.e. typically in ssl.conf), and >> then test for this option in your mod_python code, e.g.: >> >> url = 'http://' >> if req.get_options().has_key('ssl'): url = 'https://' >> >> This is what I've been using for some time, but it's great to know >> that something less config-intrusive will be available in future. > > I think you probably meant to put a == 'on' in the if test, > otherwise somebody may be tempted to change the config to > read "off", thinking it would toggle your behavior. > > Just to be clear though, that is not a good test for security, which > is what I think the original poster was after--to determine whether or > not the current HTTP connection was tunneled through TLS or SSL. > > You can of course use the Apache SSLRequireSSL directive > in your VirtualHost section to enforce SSL only, in which case > then in combination with your PythonOption, it will work as a > quick solution. > -- To clarify, we have separate VirtualHost's set up for ssl vs. non-ssl -- the ssl-vhost is used for port 443, and the non-ssl-vhost for port 80. The ssl-vhost does indeed have SSLRequireSSL set as well. I agree that this is only a "quick solution"--the ability to find out directly whether or not TLS/SSL is in use for the connection would certainly be preferable. -Glenn
|