1

I'm trying to detect https requests made by modifying the following code:

public static boolean isOnHttps(HttpServletRequest request) {
    String protoHeader = request.getHeader(Constants.Header.X_FORWARDED_PROTO);

    if (null == protoHeader || ! protoHeader.equals("https")) {
        return false;
    }

    return true;
}

The code above fails to detect some of the https requests made, regarding this I have two questions :

  1. What does the parameter of getHeader stand for ?

  2. What should I do to detect every request made to our servers via https ?

If you can point me towards any direction it would be very helpful. Thx in advance for your time.

CAMOBAP
  • 5,523
  • 8
  • 58
  • 93
Pumpkin
  • 1,993
  • 3
  • 26
  • 32

1 Answers1

0

Q: What does the parameter of getHeader stand for ?

Purpose of X_FORWARD_PROTO is to determine the originating protocol of an HTTP request (because load-balancer/proxy in the middle can terminate HTTPS connection). It would be useful if you post which Constants you imported. For which requests does it fail to detect the originating protocol? However, a method mentioned below should help..

Q: What should I do to detect every request made to our servers via https ?

There is a method SerlvetRequest#isSecure() that returns true in case of https request. From Javadoc:

Returns a boolean indicating whether this request was made using a secure channel, such as HTTPS.

For further reading, consider this great answer.

Community
  • 1
  • 1
Miljen Mikic
  • 14,765
  • 8
  • 58
  • 66