3. Settings¶
3.1. SSL_URLS¶
SSL_URLS is a list of regular expressions that are matched against the request url by SSLRedirectMiddleware to determine if a request should be processed or redirected to a secure or non-secure url. See SSLRedirectMiddleware for an explanation of how SSL_URLS are used.
SSL_URLS = (
'^/login/',
'^/purchase/'
...
)
3.2. SSL_IGNORE_URLS¶
SSL_IGNORE_URLS are urls that can be accessed by secure as well as non-secure requests.
SSL_IGNORE_URLS = (
'^/static/',
...
)
3.3. SSL_HOST¶
Sometimes websites serve secure pages via a seperate domain such as secure.example.com to further express that the page that the user is visiting is secure.
SSL_HOST sets the domain of the ssl host. When redirecting to ssl urls beproud.django.ssl will redirect to this host. The default is to redirect to the same host as the non-secure request.
SSL_HOST = 'secure.example.com'
3.4. HTTP_HOST¶
HTTP_HOST sets the domain of the non-secure host. When redirecting non-secure urls beproud.django.ssl will redirect to this host. The default is to redirect to the same host as the secure request. So when SSL_HOST is set you will almost always want to set this setting as well.
HTTP_HOST = 'example.com'
3.5. SSL_REQUEST_HEADER¶
When using the SSLProxyMiddleware, SSL_REQUEST_HEADER should be set to the name and value of the HTTP header, in the form of a two tuple, that is forwarded from the reverse proxy server for secure requests.
Typical settings for the SSL_REQUEST_HEADER setting would be (‘HTTP_X_FORWARDED_SSL’, ‘on’) or (‘HTTP_X_FORWARDED_PROTOCOL’, ‘https’)
The default value for SSL_REQUEST_HEADER is shown below.
SSL_REQUEST_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https')