By Pablo Gosse on

Hi all. I'm attempting to implement SSL-offloading using the F5 BIG-IP device. I'm using this article by Nate Haug as a reference:

https://www.lullabot.com/articles/setting-up-ssl-offloading-termination-...

Here is the code from my iRule:

when HTTP_RESPONSE {
  HTTP::header insert "X_Forwarded_Proto" "https"; 
}

According to Nate's article I should add something similar to the following in settings.php:

if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
  $_SERVER['HTTPS'] = 'On';
}

The problem I'm encountering is that when I examine $_SERVER I am not seeing the header I have set. However, when I view the headers using the CDN Headers & Cookies extension in Chrome, the header I have set is there, as can be seen in this image - https://ibb.co/jy2fAk

Can someone tell me if Drupal strips out custom headers, or any other reason why I can see the header via the Chrome extension, but not when examining $_SERVER in settings.php?

Thanks,
Pablo

Categories: Drupal 7.x

Comments

Pablo Gosse’s picture

Pablo Gosse commented

I just did a further test by adding a header inside settings.php using drupal_add_http_header. Same as the header added by the BIG-IP device, I can see it in the headers extension in Chrome, but not in $_SERVER.

Has anyone any thoughts?

Thanks,
Pablo

Pablo Gosse’s picture

Pablo Gosse commented

Definitely not a Drupal issue. The following code in a PHP7/Apache docker container also behaves the same way:

header('HTTP-ARCHER: Danger Zone2');
header("Expires: Tue, 01 Oct 1974 16:11:00 NST");

print_r($_SERVER);

The custom headers do not appear in $_SERVER, yet they appear in the Chrome extension that I use to view headers for the same page.

Can anyone think of any reason why this would be the case?

Thanks,
Pablo