WordPress.org

Ready to get started?Download WordPress

Forums

Force SSL Admin -- Broken in 2.6.1? (5 posts)

  1. windexh8er
    Member
    Posted 5 years ago #

    Just a question, is this broke in 2.6.1? If I enable:

    define(’FORCE_SSL_LOGIN’, true);

    …everything works fine. Obviously I want to always be on HTTPS for administration however, so I also have:

    define(’FORCE_SSL_ADMIN’, true);

    …but when I enable this it breaks everything. If I try to go to ‘mysite.tld/wp-admin’ via HTTP it gets the redirect fine, however if I watch the logs I keep getting back 302 responses from my site until Firefox says there’s a loop and that it will never end so it stops the request.

    I am running 2.6.1 on Ubuntu 8.04.1 with nginx and FastCGI. The only other thing I can think of is that I am using WP Super Cache, but none of the admin pages should be cached based on the default rules. Thoughts?

    Thanks!
    –windexh8er

  2. windexh8er
    Member
    Posted 5 years ago #

    *bump*

    Anyone have this issue?

  3. prattfall
    Member
    Posted 5 years ago #

    I'm having these exact same symptoms with Debian/stable, Apache 2.2 and the php5 module. No idea how to get around it, though. I had the same issue with 2.6.0.

  4. windexh8er
    Member
    Posted 5 years ago #

    Hmmm... *bump* again.

    Anyone else figure this one out??? Looks like it might not be my nginx / fastcgi if others are having the same problem.

    TIA!
    --windexh8er

  5. Peter Butler
    Member
    Posted 5 years ago #

    I recently had a similar problem (although not exactly the same) - maybe the two are related.

    I needed one page of my site secured with ssl - but after I got the cert installed, every time I tried to pull up a page under https:, I ended up in an endless redirect. Upon checking my server logs, it was 302ing back to the same page over and over again.

    It turned out to be my hosts (mediatemple) fault. For some reason, mediatemple appears to append :443 to the end of secured urls - I'm not terribly knowledgeable on how ssl works, so I dont quite get what is going on, but :443 doesnt even show up in the address bar generally - you can only see it if you check your $_SERVER['HTTP_HOST'] (which is used in the redirect function found in wp-includes/canonical.php).

    The solution for me was to add this line at about line 50 in wp-includes/canonical.php:

    $requested_url = str_replace(':443', '', $requested_url);

    If you're not on mediatemple, the problem may not be exactly the same, but you may want to have a look at your $_SERVER['HTTP_HOST'] variable.

    I can't take much credit for this, just as I was resigning myself to a new career flipping burgers, I found this post:

    http://www.experts-exchange.com/Networking/Protocols/Application_Protocols/SSL/Q_22969232.html

    Good luck!

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags