#15902 closed defect (bug) (wontfix)
is_ssl() Proxy Modification
Reported by: | ctsonline | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | General | Keywords: | |
Focuses: | Cc: |
Description
The current function is_ssl() does not work when using a proxy or loadbalanced front end. If possible it would be nice to add
if ( isset($_SERVER['HTTP_FRONT_END_HTTPS']) ) { if ( 'on' == strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) ) return true; if ( '1' == $_SERVER['HTTP_FRONT_END_HTTPS'] ) return true; }
To the core of that function to ensure that SSL works in this type of environment.
Thanks,
Seth
Change History (4)
#1
@
14 years ago
- Milestone Awaiting Review deleted
- Resolution set to wontfix
- Status changed from new to closed
#2
@
12 years ago
- Resolution wontfix deleted
- Status changed from closed to reopened
I've been talking about this on #wordpress.
In the following example setup, a secure apache virtualhost (listening on 192.168.0.200:443) is set to work as a proxy that terminates the SSL connection and forwards the unencrypted traffic to the backend server running Wordpress, which in this setup is another apache virtualhost (listening on 127.0.0.1:8080).
These apache virtualhosts are used as an example.
<VirtualHost 192.168.0.200:443> ServerName example.org:443 SSLEngine on SSLCertificateFile /etc/pki/certs/example.org.crt SSLCertificateKeyFile /etc/pki/keys/example.org.key # Needs mod_proxy ProxyPreserveHost On ProxyErrorOverride Off ProxyPass / http://127.0.0.1:8080/ ProxyPassReverse / http://127.0.0.1:8080/ # Needs mod_headers # These headers are passed to the server running WP RequestHeader set X-Forwarded-Protocol https RequestHeader set X-Forwarded-Ssl on RequestHeader set X-Ssl-Is-On key123 </VirtualHost> <VirtualHost 127.0.0.1:8080> ServerName example.org:8080 DocumentRoot /var/www/vhosts/example.org/public_html <Directory /var/www/vhosts/example.org/public_html> AllowOverride None Options FollowSymLinks Order allow,deny Allow from All # # Configure it to execute PHP scripts # </Directory> </VirtualHost>
My suggestion is that Wordpress should let the user define a list of trusted HTTP headers that wordpress should interpret as "our proxy has sent us a trusted header, so let is_ssl() be True".
#3
@
12 years ago
- Resolution set to wontfix
- Status changed from reopened to closed
Instead of registering anything with WordPress (which is problematic, because plugins are loaded after we will want to know), just put something like this in your wp-config.php file to update $_SERVER with correct informaiton: http://core.trac.wordpress.org/ticket/9235#comment:40.
HTTP_FRONT_END_HTTPS isn't standard. We don't have support for this in core -- see #15733 and many other tickets.