Comments on: How to handle secure http (https) via wsgi http://a.khavr.com/2008/10/28/how-to-handle-secure-http-https-via-wsgi/ Technology and Startups Sun, 12 Aug 2012 16:33:26 +0000 hourly 1 http://wordpress.org/?v=3.6 By: onlinereputation_management http://a.khavr.com/2008/10/28/how-to-handle-secure-http-https-via-wsgi/comment-page-1/#comment-3354 onlinereputation_management Thu, 01 Sep 2011 21:25:27 +0000 http://a.khavr.com/2008/10/28/how-to-handle-secure-http-https-via-wsgi/#comment-3354 It checks for a header indicating whether a request should be
considered secure. By default, it looks for 'X-Forwarded-Proto'
(which will appear in request.META as 'HTTPXFORWARDED_PROTO')
and expects a value of 'http' or 'https'. All string checks are
case-insensitive. You can configure its behavior with theseĀ 
settings:

]]> By: Graham Dumpleton http://a.khavr.com/2008/10/28/how-to-handle-secure-http-https-via-wsgi/comment-page-1/#comment-868 Graham Dumpleton Tue, 28 Oct 2008 04:07:19 +0000 http://a.khavr.com/2008/10/28/how-to-handle-secure-http-https-via-wsgi/#comment-868 FWIW, the way they did it was more complicated than it needed to be. See simpler approach in comment to their blog. Also see:

http://groups.google.com/group/modwsgi/browse_frm/thread/94f952720c878506

The real question though is if there was no front end server like nginx involved, what was the Apache configuration that was being used. It seems rather odd that https was being redirected to http addresses. Depending on why they are doing this, it could still be regarded as a misconfiguration.

]]> By: bayuadji http://a.khavr.com/2008/10/28/how-to-handle-secure-http-https-via-wsgi/comment-page-1/#comment-867 bayuadji Tue, 28 Oct 2008 02:13:58 +0000 http://a.khavr.com/2008/10/28/how-to-handle-secure-http-https-via-wsgi/#comment-867 hi,

nice info, I’ve been looking how to manage django https for a couple a days :)

]]>