• Hello,

    Firstly, thanks for the great plugin. It works very well under standard conditions.

    Today I encountered a use case where I was not able to use it:
    Wordpress installation on AWS behind an ELB (load balancer), which hosts SSL.

    I had to manually configure the following in the wp-config.php
    if ($_SERVER[‘HTTP_X_FORWARDED_PROTO’] == ‘https’)
    $_SERVER[‘HTTPS’]=’on’;

    This comes from:
    define(‘FORCE_SSL_ADMIN’, true);
    define(‘FORCE_SSL_LOGIN’, true);
    if ($_SERVER[‘HTTP_X_FORWARDED_PROTO’] == ‘https’)
    $_SERVER[‘HTTPS’]=’on’;

    It would be great to add that support to the plugin.

    http://wordpress.org/plugins/better-wp-security/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Hi togume

    I have a similar set-up but find that trying to enforce per content ssl (just for a couple of pages) results in a persistent redirect loop for those pages.

    Admin & login via ssl works as expected.

    Have you come across this problem yourself – or does everything work as expected for you? It would be nice to be able to just ‘tick the box’ and secure the page but it just doesn’t work for me.

    Thread Starter togume

    (@togume)

    No. My use case was only about Login & Admin, but I was not able to do so with just a checkbox.

    However, in our case, we’re also using load balanced web-servers without a shared filesystem. This means that a plugin like this one will modify a single wp-config.php, and the other one will be orphaned (resulting in funky behavior).

    In your case, I would suggest you add the same lines as above, and install the plugin. With the:

    if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
    $_SERVER['HTTPS']='on';

    you should be able to get past the issue.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Enable HTTP_X_FORWARDED_PROTO for Reverse Proxy/Load Balancers’ is closed to new replies.