08 Oct 2016
24 Dec 2009
01 Jan 2010
Many of us might have came to the probelm where in IE or Chrome, when visiting the secure pages an alert message pops up saying that some of the content of the page is not encrypted.
This is usually due to non-relative links on our page.
i.e.:
in: https://www.garyhan.com/secure but some how all your images and css are showing up as http.
This is because usually when setting up a load balancer, the encryption is handled on the balancer(LB) level, then the LB transfers requests to each of your servers on http port.
In this case, when the acutal servers will not know if the request was http or https.
Solution:
have the code to check for a X-Forwarded-Proto Header in your request.
******************************
String proto = request.getHeader("X-Forwarded-Proto");
if (proto == null) //Treat as http;
proto = proto.trim();
if (proto.equalsIgnoreCase("HTTPS")){
//Treat as https
else
//http;
}
This way you are ensured to return the correct links when handling requests from LB.