We are having an issue with our Lucee installation where the https, server_port, and server_port_secure variables in the CGI scope have the wrong value.
Our infrastructure routes requests through a Sophos Firewall/Load balancer to Apache (on CentOS 6) and finally proxied to Tomcat. The server was set up some months ago using the Lucee installer with (I think) mod_cfml 1.0. The SSL certificate is installed on the Sophos, and it is set up to use an HTTPS connection to Apache and pass the host header. Our VHOST file for the site I'm testing with *only* contains an entry for *:443 so there's no chance that Apache is choosing the wrong site config.
The CGI values come across as below:
https: <empty string>
server_port: 80
server_port_secure: 0
One of their techs sent me to this article from the Railo mailing list from last year which sounds like the same issue. I did put the 'RequestHeader set https on' directive into the Apache config and saw the cgi.https value change to "on" so I know we're in the correct config.
The legacy code base we're trying to migrate to this new infrastructure runs 150+ sites and uses those CGI variables in all kinds of places. I'm trying to come up with a way to resolve this without having to go digging through hundreds of thousands of lines of code and changing references everywhere.
My only idea right now is to upgrade to the latest Lucee stable (an issue in an of itself b/c of issues with Taffy on another app we need to test), then in the top of the application.cfm (yes I know...not my code) change the value of the cgi variables if cgi.https = 'on' so that the rest of the code functions as expected.
So, that's a long-winded setup to say, doesn't this seem like a bug in Lucee if the request is getting to the correct HTTPS Apache config but Lucee isn't reporting correctly?
Thanks in advance,
Dan