Ajax / SSL / X-Forwarded-For

Question

Ajax / SSL / X-Forwarded-For

Ok, I use the handle to balance the load. My apache servers see remote IP as load balancing IPs. I need the Apache server to see the IP address of the client for various reasons. I can use X-Forwarded-For to get this from an unencrypted page, but this is not part of the SSL page ...

So, not knowing Ajax, I wonder. Can I use ajax to get X-Forwarded-For out of an unencrypted page and set it as a client-side variable? I know this is possible, I'm just wondering if anyone did this, and this causes a security error in the browser.

I thought that I can redirect them to a non-ssl page and then put the IP in a cookie and then return to the SSL page, but I think that is also hokey.

In any case, another way to get ip for the script will work. I tried http://stderr.net/apache/rpaf/ , but he also did not know about this IP.

+5

ajax ssl

bbutle01 Aug 31 '09 at 14:25

source share

1 answer

Kornel · Accepted Answer · 2012-03-03T21:19:38+0000

AJAX is limited to policies of the same origin, and different protocols are considered different sources, so you cannot make an AJAX HTTP request from an HTTPS page.

Attempting to do this using other means may cause browsers to warn of mixed safe and insecure content.

IP- cookie HTTP ( , ) , , IP- SSL ( HTTP cookie, cookie HTTPS).

SSL HTTP- Apache.

- NAT, .

Ajax / SSL / X-Forwarded-For

More articles: