FORCE_SSL_LOGIN or _ADMIN go to death loops when using an load-balancer
|Reported by:||jackewit||Owned by:|
first of all, I had to apologize for my english pronunciation. I am not a native speaker.
Now, here is my problem or rather my feature request and patch.
I use WordPress in an infrastructure with a load-balancer (hardware) before two webserver in a dmz and behind the dmz the database server. And (that is important) the connections between the load balancer and the webserver are always http - not https. The ssl certificate is installed on the load balancer. So the https connection is only between the client (browser) and the load balancer.
Now a want to use ssl for login and admin section.
IF I use FORCE_SSL_ADMIN or _LOGIN I got into a death loop, because:
1) connection client -> load balancer: https
2) connection load balancer -> webserver: http
3) webserver WordPress -> client: reload to https because of FORCE_SSL_*
4) connection client -> load balancer: https
5) connection load balancer -> webserver: http
6) webserver WordPress -> client: reload to https because of FORCE_SSL_*
7) goto 4 or 1
I want a FORCE_SSL_* light. Something like USE_SSL_* but do not make a redirect.
Patch (see attached)
I defined two constants USE_SSL_LOGIN and USE_SSL_ADMIN like the FORCE_SSL_* and the functions use_ssl_admin, use_ssl_login like the force_ssl_*. And I integrate these functions in the function get_site_url in wp-includes/link-template.php
At my installation, it works.
It would be great, if you can take over these two config constants.
I hope I could descriped my problem and solution clearly.
Great tool ... Iver Jackewitz
Change History (8)
- Keywords needs-patch added; SSL removed
- Milestone changed from Awaiting Review to Future Release
- Type changed from feature request to enhancement