#15902 closed defect (bug) (wontfix)
is_ssl() Proxy Modification
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | |
| Component: | General | Keywords: | |
| Focuses: | Cc: |
Description
The current function is_ssl() does not work when using a proxy or loadbalanced front end. If possible it would be nice to add
if ( isset($_SERVER['HTTP_FRONT_END_HTTPS']) )
{
if ( 'on' == strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) )
return true;
if ( '1' == $_SERVER['HTTP_FRONT_END_HTTPS'] )
return true;
}
To the core of that function to ensure that SSL works in this type of environment.
Thanks,
Seth
Change History (4)
#1
@
15 years ago
- Milestone Awaiting Review deleted
- Resolution set to wontfix
- Status changed from new to closed
#2
@
14 years ago
- Resolution wontfix deleted
- Status changed from closed to reopened
I've been talking about this on #wordpress.
In the following example setup, a secure apache virtualhost (listening on 192.168.0.200:443) is set to work as a proxy that terminates the SSL connection and forwards the unencrypted traffic to the backend server running Wordpress, which in this setup is another apache virtualhost (listening on 127.0.0.1:8080).
These apache virtualhosts are used as an example.
<VirtualHost 192.168.0.200:443>
ServerName example.org:443
SSLEngine on
SSLCertificateFile /etc/pki/certs/example.org.crt
SSLCertificateKeyFile /etc/pki/keys/example.org.key
# Needs mod_proxy
ProxyPreserveHost On
ProxyErrorOverride Off
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
# Needs mod_headers
# These headers are passed to the server running WP
RequestHeader set X-Forwarded-Protocol https
RequestHeader set X-Forwarded-Ssl on
RequestHeader set X-Ssl-Is-On key123
</VirtualHost>
<VirtualHost 127.0.0.1:8080>
ServerName example.org:8080
DocumentRoot /var/www/vhosts/example.org/public_html
<Directory /var/www/vhosts/example.org/public_html>
AllowOverride None
Options FollowSymLinks
Order allow,deny
Allow from All
#
# Configure it to execute PHP scripts
#
</Directory>
</VirtualHost>
My suggestion is that Wordpress should let the user define a list of trusted HTTP headers that wordpress should interpret as "our proxy has sent us a trusted header, so let is_ssl() be True".
#3
@
14 years ago
- Resolution set to wontfix
- Status changed from reopened to closed
Instead of registering anything with WordPress (which is problematic, because plugins are loaded after we will want to know), just put something like this in your wp-config.php file to update $_SERVER with correct informaiton: http://core.trac.wordpress.org/ticket/9235#comment:40.
HTTP_FRONT_END_HTTPS isn't standard. We don't have support for this in core -- see #15733 and many other tickets.