#49970 closed defect (bug) (duplicate)
Wrong is_ssl() result
Reported by: | duxabilii | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 5.4 |
Component: | Security | Keywords: | |
Focuses: | Cc: |
Description
wp-includes/load.php
function is_ssl
wrong result when use https load proxy as load balancer
posible solution (in my case)
<?php function is_ssl() { if ( isset( $_SERVER['HTTPS'] ) ) { if ( 'on' == strtolower( $_SERVER['HTTPS'] ) ) { return true; } if ( '1' == $_SERVER['HTTPS'] ) { return true; } } elseif ( isset( $_SERVER['SERVER_PORT'] ) && ( '443' == $_SERVER['SERVER_PORT'] ) ) { return true; } elseif ( isset( $_SERVER['HTTP_X_FORWARDED_PORT'] ) && ( '443' == $_SERVER['HTTP_X_FORWARDED_PORT'] ) ) { return true; } return false; }
Change History (2)
Note: See
TracTickets for help on using
tickets.
Hi there, welcome to WordPress Trac!
Thanks for the report, we're already tracking this issue in #31288.
This is something that comes up often, but is not something that can be fixed due to the nature of handling client-provided headers, which is what's needed to address the issue. See comment:17:ticket:31288 for more info.
The long and short of it is that this is a server-level configuration issue with reverse proxy web servers. It's not a WordPress issue, and it's not limited to WordPress. There's no need to modify the
is_ssl()
function. You just need to add something along the lines of the following to yourwp-config.php
file:Any proxy configuration is "supported" by WordPress, you just need to remap the
$_SERVER['HTTPS']
server variable based the particular proxy configuration you're using.