Index: openacs-4/packages/acs-tcl/tcl/security-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/security-procs.tcl,v
diff -u -r1.38 -r1.38.2.1
--- openacs-4/packages/acs-tcl/tcl/security-procs.tcl	1 Mar 2005 00:01:25 -0000	1.38
+++ openacs-4/packages/acs-tcl/tcl/security-procs.tcl	20 Nov 2006 20:00:13 -0000	1.38.2.1
@@ -470,12 +470,24 @@
     ad_set_signed_cookie -secure t "ad_secure_token" "[ad_conn session_id],[ad_conn user_id],[ns_time]"
 }
 
-ad_proc -public -deprecated -warn ad_secure_conn_p {} { 
-    Use security::secure_conn_p instead.
+ad_proc -public ad_secure_conn_p {} {
+        Returns true if the connection [ad_conn] is secure (HTTPS), or
+        false otherwise. Takes into account that the web server might be
+        behind a SSL proxy. If so, all connections from the SSL proxy to
+        the server use the HTTP protocol but HTTPS requests to the SSL
+        proxy have an additional header. These HTTPS requests can be
+        identified by the header 'X-SSL-Request' with value 'true'.
+
+        Supports reverse proxies. See kernel parameter UseReverseProxyP
     
-    @see security::secure_conn_p
+        @see security::secure_conn_p
 } {
-    return [security::secure_conn_p]
+
+    if {[ad_parameter -package_id [ad_acs_kernel_id] UseReverseProxyP security 0]} {
+	return [expr [string match "https:*" [ad_conn location]] || [string equal "true" [ns_set get [ad_conn headers] X-SSL-Request]]]
+    } else {
+	return [security::secure_conn_p]
+    }
 }
 
 
@@ -1331,7 +1343,11 @@
 ad_proc -public security::secure_conn_p {} { 
     Returns true if the connection [ad_conn] is secure (HTTPS), or false otherwise. 
 } {
-    return [string match "https:*" [util_current_location]]
+    if {[string equal [ns_set get [ns_conn headers] "X-SSL-Request"] 1]} {
+            return 1
+    } else {
+	return [string match "https:*" [util_current_location]]
+    }
 }
 
 ad_proc -public security::RestrictLoginToSSLP {} {
@@ -1490,8 +1506,12 @@
         set secure_location $current_location
     } else {
         # Current location is insecure - get location from config file
-        set secure_location [ad_conn location]
-        # Prefix with https
+	if {[ad_parameter -package_id [ad_acs_kernel_id] UseReverseProxyP security 0]} {
+	    set secure_location $current_location
+        } else {
+	    set secure_location [ad_conn location]
+        }
+	# Prefix with https
         regsub {^(?:http://)?} $secure_location {https://} secure_location
 
 	# remove port number if using nonstandard port