Forum Discussion
Thomas_Schaefer
Jan 20, 2010Nimbostratus
I figured I would reply to my own question with my current thinking on how to handle this. I have two profiles: http (default) and https. Both are parent profiles so https is NOT a child of http.
In the https profile, add a header like "X-SSL". In the http profile, remove the header X-SSL just in case some joker adds this header to their request. The https profile enforces that only SSL traffic gets through the https virts so I know if the header X-SSL is present, this had to originated as an SSL transaction.
I hope that helps.
Tom