Aug 312012
 

Scenario is this:

  •  Django App is running on an instance with web server and has no SSL installed.
  • SSL cert is installed on the ELB and the ELB is accepting requests for the django App (which is still non SSL)

 

 

Problem happens here is that URL’s that django generates is not secure i.e. HTTP as well as django isnot enforcing secure mode.

For this we can possibly use a Django middleware, example code

 

from django import http

class ELBMiddleware(object):
  def process_request(self, request):
   if 'HTTP_X_FORWARDED_PROTO' in request.META:
    if request.META['HTTP_X_FORWARDED_PROTO'] == 'https':
    request.is_secure = lambda: True
   return None

 

Remember to save this middleware in your django directory and enable it in settings.py You know how right. hint: filename.Classname 🙂

suggestions? ideas, improvements are welcome.