id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
15277	FORCE_SSL_LOGIN or _ADMIN go to death loops when using an load-balancer	jackewit		"Dear community,

first of all, I had to apologize for my english pronunciation. I am not a native speaker.

Now, here is my problem or rather my feature request and patch.

'''Problem'''

I use WordPress in an infrastructure with a load-balancer (hardware) before two webserver in a dmz and behind the dmz the database server. And (that is important) the connections between the load balancer and the webserver are always http - not https. The ssl certificate is installed on the load balancer. So the https connection is only between the client (browser) and the load balancer.

Now a want to use ssl for login and admin section.

IF I use FORCE_SSL_ADMIN or _LOGIN I got into a death loop, because:

1) connection client -> load balancer: https
2) connection load balancer -> webserver: http
3) webserver WordPress -> client: reload to https because of FORCE_SSL_*

4) connection client -> load balancer: https
5) connection load balancer -> webserver: http
6) webserver WordPress -> client: reload to https because of FORCE_SSL_*

7) goto 4 or 1

'''Feature Request'''

I want a FORCE_SSL_* light. Something like USE_SSL_* but do not make a redirect.

'''Patch (see attached)'''

I defined two constants USE_SSL_LOGIN and USE_SSL_ADMIN like the FORCE_SSL_* and the functions use_ssl_admin, use_ssl_login like the force_ssl_*. And I integrate these functions in the function get_site_url in wp-includes/link-template.php

At my installation, it works.

It would be great, if you can take over these two config constants.

I hope I could descriped my problem and solution clearly.

Great tool ... Iver Jackewitz"	enhancement	new	normal	Future Release	Security	3.0.1	normal		needs-patch