Make WordPress Core

Opened 20 months ago

Last modified 20 months ago

#57260 new defect (bug)

Static home page redirect error using post name premalinks behind reverse proxy

Reported by: kappe72's profile kappe72 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 6.1.1
Component: Canonical Keywords:
Focuses: Cc:

Description (last modified by SergeyBiryukov)

In a WP site behind a reverse proxy all was working ok.
I then set a static home page and all was still working.
After I set post name permalinks, all pages kept working except home page, which had redirect errors.
After some time spent researching the problem, I found that the problem was on line 69 of wp-includes/canonical.php:

<?php
$requested_url .= $_SERVER['HTTP_HOST'];

Instead of the value in $_SERVER['HTTP_HOST'], the value in $_SERVER['HTTP_X_FORWARDED_HOST'] should be used.
I wonder if that could be definitively fixed changing line 69 of wp-includes/canonical.php with

<?php
$requested_url .= isset($_SERVER['HTTP_X_FORWARDED_HOST']) ? $_SERVER['HTTP_X_FORWARDED_HOST'] : $_SERVER['HTTP_HOST'];

Change History (2)

#1 follow-up: @SergeyBiryukov
20 months ago

  • Description modified (diff)

Hi there, welcome to WordPress Trac! Thanks for the report.

This appears to be similar to #31288, #40013, #49970 and some other related tickets.

This is something that comes up often, but is not something that can be fixed due to the nature of handling client-provided headers, which is what's needed to address the issue. See comment:17:ticket:31288 for more info.

The long and short of it is that this is a server-level configuration issue with reverse proxy web servers. It's not a WordPress issue, and it's not limited to WordPress. There's no need to modify the redirect_canonical() function.

You just need to add something along the lines of the following code fragment to your wp-config.php file, before the /* That's all, stop editing! Happy publishing. */ comment, that way it won't be overwritten on updates:

if ( isset( $_SERVER['HTTP_X_FORWARDED_HOST'] ) ) {
	$_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST'];
}

Any proxy configuration is "supported" by WordPress, you just need to remap the $_SERVER['HTTP_HOST'] server variable based the particular proxy configuration you're using.

#2 in reply to: ↑ 1 @kappe72
20 months ago

Replying to SergeyBiryukov:

Hi there, welcome to WordPress Trac! Thanks for the report.

This appears to be similar to #31288, #40013, #49970 and some other related tickets.

This is something that comes up often, but is not something that can be fixed due to the nature of handling client-provided headers, which is what's needed to address the issue. See comment:17:ticket:31288 for more info.

The long and short of it is that this is a server-level configuration issue with reverse proxy web servers. It's not a WordPress issue, and it's not limited to WordPress. There's no need to modify the redirect_canonical() function.

You just need to add something along the lines of the following code fragment to your wp-config.php file, before the /* That's all, stop editing! Happy publishing. */ comment, that way it won't be overwritten on updates:

if ( isset( $_SERVER['HTTP_X_FORWARDED_HOST'] ) ) {
	$_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST'];
}

Any proxy configuration is "supported" by WordPress, you just need to remap the $_SERVER['HTTP_HOST'] server variable based the particular proxy configuration you're using.

Thank you,
editing my wp-config.php is what I already did to solve the issue.
I thought it was WP related, that's why I reported it.
BTW I didn't find any documentation about remapping the $_SERVER['HTTP_HOST'] when behind a reverse proxy.

Note: See TracTickets for help on using tickets.