--- includes/bootstrap.inc.orig	2008-09-20 16:22:23.000000000 -0400
+++ includes/bootstrap.inc	2008-09-24 23:28:23.000000000 -0400
@@ -345,7 +345,23 @@
   }
   else {
     // Create base URL
-    $base_root = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https' : 'http';
+    if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
+      // We're running HTTPS natively in the web server.
+      $base_root = 'https';
+    }
+    elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
+      // We're behind a proxy that talks to the web server via HTTP.
+      $base_root = $_SERVER['HTTP_X_FORWARDED_PROTO'];
+    }
+    elseif (isset($_SERVER['HTTP_FRONT_END_HTTPS']) && $_SERVER['HTTP_FRONT_END_HTTPS'] == 'on') {
+      // The proxy follows the Microsoft convention for passing
+      // protocol information back to the web server.
+      $base_root = 'https';
+    }
+    else {
+      // There's no HTTPS spoor -- we must be running HTTP.
+      $base_root = 'http';
+    }
 
     // As $_SERVER['HTTP_HOST'] is user input, ensure it only contains
     // characters allowed in hostnames.