#34298 closed defect (bug) (duplicate)
Amazon LB SSL / HTTP_X_FORWARDED_PROTO
Reported by: | OskHa | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | General | Keywords: | |
Focuses: | Cc: |
Description
extend is_ssl() method. Otherwise its not working with SSL over loadbalancer.
function is_ssl() { if ( isset($_SERVER['HTTPS']) ) { if ( 'on' == strtolower($_SERVER['HTTPS']) ) return true; if ( '1' == $_SERVER['HTTPS'] ) return true; } elseif ( isset($_SERVER['SERVER_PORT']) && ( '443' == $_SERVER['SERVER_PORT'] ) ) { return true; } if ( isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https' ) { return true; } return false; }
Change History (7)
#1
@
9 years ago
- Component changed from HTTP API to General
- Milestone Awaiting Review deleted
- Resolution set to duplicate
- Status changed from new to closed
- Version 4.3.1 deleted
#3
@
9 years ago
I'm not sure if this helps or not .. we run behind several proxies as well and set this in wp-config.php to handle inconsistencies how SSL is handled in WP Core.
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') { $_SERVER['HTTPS']='on'; }
#4
follow-up:
↓ 5
@
9 years ago
yes, but its "dirty".
If someone likes it, here is the complete solution.
function additionalHttpsCheck () { if ( isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https' ) { $_SERVER['HTTPS'] = "on"; $_SERVER['SERVER_PORT'] = '443'; } is_ssl(); } add_action ( 'init', 'additionalHttpsCheck', 1 );
#5
in reply to:
↑ 4
;
follow-up:
↓ 7
@
9 years ago
Replying to OskHa:
yes, but its "dirty".
It's worth pointing out that this isn't "dirty". This is literally the correct solution in order to add support for non-standard HTTP headers such as X_FORWARDED_PROTO
which are sent as a result of using a reverse proxy, irrespective of whether you're using WordPress or not.
Also, there's no need for that code to be placed in an init
callback (and will cause issues for code that uses URL functions prior to that hook). It should go directly in your wp-config.php
file (minus the unnecessary call to is_ssl()
.
#6
@
9 years ago
No offense taken.. it's also good to point out that you should have your reverse proxy servers remove the X_FORWARDED_PROTO headers and re-add them such that you can trust the values coming from your proxy servers; as noted in a few other comments on other tickets.
#7
in reply to:
↑ 5
@
9 years ago
Replying to johnbillion:
the is_ssl()
should not be there, bad copy/paste.
I describe that as dirty
only because you dont want to have all done in wp-config which is in .gitignore or have limited access to provisioned environment.
Replying to jasonheffner :
Yes its true. im just writing about some special case, which is for me AWS and the way i receive headers from the LB.
Hello OskHa, welcome to Trac.
Thanks for your report, it's something that comes up often:
Please take a look at #31288 which provides information on how to solve this for your environment.