--- includes/bootstrap.inc.orig	2009-06-10 16:00:10.000000000 -0400
+++ includes/bootstrap.inc	2009-06-16 16:01:22.000000000 -0400
@@ -475,7 +475,26 @@
   }
   else {
     // Create base URL
-    $base_root = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https' : 'http';
+    $base_root = "http"; // default
+    if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
+      // We're running HTTPS natively in the web server.
+      $base_root = 'https';
+    }
+    elseif (isset($conf['reverse_proxy']) && $conf['reverse_proxy']) {
+      // Only trust headers if 'reverse_proxy' is configured.
+      if ( (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == "https") || (isset($_SERVER['HTTP_FRONT_END_HTTPS']) && $_SERVER['HTTP_FRONT_END_HTTPS'] == 'on') ) {
+        // We appear to be behind a proxy running HTTPS.
+        $base_root = "https";
+      }
+    }
+    elseif (!file_exists(DRUPAL_ROOT . '/' . conf_path() . '/settings.php')) {
+      // We have no settings.php, so we can't refer to 'reverse_proxy'.
+      // This must be a new installation.
+      if ( (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == "https") || (isset($_SERVER['HTTP_FRONT_END_HTTPS']) && $_SERVER['HTTP_FRONT_END_HTTPS'] == 'on') ) {
+        // We appear to be behind a proxy running HTTPS.
+        $base_root = "https";
+      }
+    }
 
     $base_url = $base_root .= '://' . $_SERVER['HTTP_HOST'];