id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc,focuses 31288,IS_SSL should check return true for SSL Terminated load balancing,bretterer,,"With cloud load balancing and load balancing in general, the option to do ssl termination at the load balancer and sending all traffic between the LB and nodes over plain http will cause issues with some WordPress Installs and Plugins. When you rely on is_ssl() to determine if you are secure so you can forward to secure site if you are not, it does not work on ssl terminated load balancing. The suggestion to do this in a server side configuration is not always an option but may still need to be used. My suggestion is we add a single check in the is_ssl function of checking the de facto standard for identifying the originating protocol of an HTTP request. By relying on the HTTP_X_FORWARDED_PROTO for this case is very standard on the internet today to test if your application should respond like it was coming from an https request. References for the standard http://tools.ietf.org/html/rfc7239 http://docs.rackspace.com/loadbalancers/api/v1.0/clb-devguide/content/SSLTermination-d1e2479.html http://en.wikipedia.org/wiki/List_of_HTTP_header_fields#cite_ref-15 ",defect (bug),closed,normal,,Security,2.6,normal,wontfix,has-patch,,