diff -Nur mod_auth_tkt-2.3.99b1.old/src/mod_auth_tkt.c mod_auth_tkt-2.3.99b1/src/mod_auth_tkt.c --- mod_auth_tkt-2.3.99b1.old/src/mod_auth_tkt.c 2015-07-31 00:12:55.000000000 -0400 +++ mod_auth_tkt-2.3.99b1/src/mod_auth_tkt.c 2016-06-13 01:54:03.994000000 -0400 @@ -1225,6 +1225,7 @@ char *url = location; char *cookie, *back; const char *hostinfo = 0; + char *xproto = 0 ; int port; /* Get the scheme we use (http or https) */ @@ -1243,6 +1244,9 @@ /* Use X-Forward-Host header for host:port info if available */ /* Failing that, use Host header */ hostinfo = apr_table_get(r->headers_in, "X-Forwarded-Host"); + xproto = apr_table_get(r->headers_in, "X-Forwarded-Proto"); + if ( xproto && (strncasecmp(xproto, "http", 4) == 0) ) { + scheme= xproto;} if (! hostinfo) hostinfo = apr_table_get(r->headers_in, "Host"); if (! hostinfo) { /* Fallback to using r->hostname and the server port. This usually