When using WebGUI in the recommended WRE configuration where a mod_proxy Apache instance sits on the front-end and forwards requests for non-static data back to a separate mod_perl Apache instance that runs WebGUI. However, it needs to tell WebGUI when the original connection was secure (i.e. https) so it can determine whether to allow access to a secure page or redirect the user's browser to the https URL.

We have been using the SSLPROXY "1" request header to do this. So the SSL vhost on the front-end adds this request header before proxying back to WebGUI and when WebGUI sees this header in the request, it treats it as a secure connection.

However, a de facto standard has begun to emerge around this practice that involves setting the X_FORWARDED_PROTO "https" header. WebGUI should treat this new header the same as SSLPROXY as it makes it easier to integrate into other systems that assume this is the header they should set. For example, Rightscale front-end load balancers set this header in their default SSL vhosts.

This can be easily accomplished by adding this to the default modperl config files in the WRE:

SetEnvIf X_FORWARDED_PROTO "https" SSLPROXY

That can go right alongside the same line that does this for the SSLPROXY header. Obviously this can also put into any existing modperl Apache conf files. And that's it, mission accomplished.