Detecting Secure requesting when hardware based SSL offloading is

[Guest]

Hi.
We have an ASP.net Web application in which some of the pages are to be
served over secure channel using HTTPS.
We have built a framework that allows pages to be served over secure channel
specified in a configuration file. When a request for specified pages comes
over HTTP, framework detects and redirects the browser over HTTPS.
Similarly for non secure pages if the request comes over HTTPS the
framework redirects the browser onto HTTP.

We use HttpRequest.IsSecureConnection property to determine HTTP/HTTPS was
used to make the request. This all used to work fine until now.

Now the infrastructure group has taken out SSL responsibilities from the Web
Server and given it to an Hardware SSL offloader. What SSL offloader is doing
is it decrypts the request from client and sends an un encrypted request to
Web Server.
As a consequence HttpRequest.IsSecureConnection is always returning false
to the application?

Is anyone aware of a solution to the above problem i.e. for us to detect SSL
request in SSL Offloading scenario by other means than using
HttpRequest.IsSecureConnection (for e.g. checking headers??)

Thanks

 

[Guest]

If I understood correctly.. nope. If they are removing the request from the
HTTPS context, and rerouting to an HTTP URL in the backend then you are
probably out of luck. The offloader will be your only point of reference. If
the call comes from there, or if they can pass an additional flag, you should
be able to get to that.