public void ValidateRequestSecurity() { var useSSL = BehaviorsConfiguration.HTTPSecurity == HTTPSecurity.SSL; if (useSSL || ShouldEnforceSecureRequests(AppInfo.GetAppInfo())) { if (!RuntimePlatformUtils.RequestIsSecure(HttpContext.Current.Request, !useSSL)) { throw new ExposeRestException("HTTPS connection required.", HttpStatusCode.Forbidden); } } if (BehaviorsConfiguration.InternalAccessOnly) { if (!RuntimePlatformUtils.InternalAddressIdentification(HttpContext.Current.Request)) { throw new ExposeRestException("Access Denied.", HttpStatusCode.Forbidden); } } }