重定向不使用Https [英] Redirecting Not Working with Https
问题描述
我有一个位于硬件负载平衡器后面的Java servlet.负载平衡器仅允许https请求.问题是,当我在servlet中获得请求时,我只能看到http,看来它在到达servlet时已经被解密了,这是有道理的,因为servlet不必担心安全性.但是,当我要在servlet中发送重定向时,该请求将被负载均衡器阻止,因为它将是一个http请求.
I have a Java servlet that sits behind a hardware load balancer. The load balancer only allows https requests. The problem is when I get the request in the servlet, I can only see http, it seems it has been decrypted by the time it gets to the servlet, which makes sense because the servlet should not worry about security. When I want to send a redirect in servlet, however, the request will be blocked by the load balancer because it will be a http request.
我了解了一些解决方案,它们都类似于这一个.基本上,人们建议添加一个servlet过滤器以首先捕获请求url.
I read about some solutions and they're all similar to this one. Basically people suggest to add a servlet filter to catch the request url first.
我尝试过,但是没有用.我不太了解的是,只要servlet无法了解实际请求(http/https),servlet过滤器如何提供帮助?我还想知道这个问题是否存在任何标准解决方案,因为我认为这很普遍.
I tried but it didn't work. What I don't quite understand is that as long as the servlet has no way to know about the actual request (http/https), how can servlet filter do any help? I also wonder if there's any standard solution to this issue since I think it's quite common.
推荐答案
您实际上可以知道负载均衡器的请求是http还是https.负载平衡器将向您发送某些标头,以告诉您有关原始请求的信息.
You can actually know if the request to load balancer was http or https. The load balancer will send you certain headers that tells you about the original request.
对于Ex,如果对负载均衡器的请求是HTTPS,它将发送 X-SSL-Secure:true 标头.
For Ex, It will send X-SSL-Secure : true header if the request to load balancer was HTTPS.
请参考这里.
