Support for Reverse Proxy

I can confirm this patch works as described. The only gotcha is your reverse proxy has to be configured correctly to pass the header, but that's not a securepages problem.

I solved this problem differently, in my settings.php

You can detect HTTP headers in $_SERVER, and all that's required to make Secure Pages happy is to set $_SERVER['HTTPS'] = 'on';

I have nginx setting a custom header, since we actually have SSL offload in front that puts decrypted traffic over 443 (so the server never actually does the SSL). My code in settings.php is:

if (isset($_SERVER['HTTP_X_PORT'])) {
  $_SERVER['SERVER_PORT'] = $_SERVER['HTTP_X_PORT'];
  if ($_SERVER['HTTP_X_PORT'] == 443) {
    $_SERVER['HTTPS'] = 'on'; // detected by securepages
  }
}

My personal recommendation is to add the following to your apache conf file:

SetEnvIf X_FORWARDED_PROTO https HTTPS=on

The solution in #3 should work as well. IMHO this should be marked won't fix; the module can't possibly account for every conceivable proxy configuration. It should be the server administrator's responsibility to make sure that $_SERVER['HTTPS'] contains an accurate value for their setup.

I tend to agree with @grendzy because for example Squid uses the HTTP_FRONT_END_HTTPS variable.

Marking issue as needs work because the patch is incomplete.

Hi, I've opened a new issue to centralize this discussion:
#1096744: Document support for proxies and non-standard web server configurations

In the meantime, details on how to configure non-standard servers for securepages can be found here:
http://www.metaltoad.com/blog/running-drupal-secure-pages-behind-proxy