How to detect secure (https) requests behind barracuda firewall?

user1921874 asked:

I’ve got a number of websites behind a barracuda appliance, on which an SSL certificate is configured. It forwards the requests to IIS as HTTP, without any information about whether the original request from the client was HTTP or HTTPS.

Is there a way to configure barracuda to include a custom HTTP header when it converts from HTTPS to HTTP? Or some other mechanism I might leverage to detect, from website code, whether the original request was HTTPS?

How can you detect SSL offload on server behind a load balancer? discusses doing this for other software, but I can’t find a way of doing the same thing with barracuda.

My answer:

The typical way this is done is to have the reverse proxy/load balancer set an HTTP header that specifies the original protocol that was used by the connection from the client. That header is known as X-Forwarded-Proto.

X-Forwarded-Proto: https

Instructions for doing this with the Barracuda Load Balancer can be found in its documentation.

In addition to having the load balancer set this header, your application must also be aware of the header, and pretend that the connection was HTTPS when it is set. Many common applications already recognize X-Forwarded-Proto and act appropriately; check with the vendor of the web app or its developers.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.