Redirect loop on wp-login and wp-admin after switching to https:// URLs

  • Lunchbox Larry

    (@lunchbox-larry)


    11 years ago

    Hello folks,

    I’ve been pounding my head against my desk trying to solve this problem. Here’s the deal – When I change the WordPress Address URL to https:// and do the same for the Site Address URL, it throws the wp-login and wp-admin pages into a redirect loop that requires hacking the funtcions.php to force the URL back to http:// to resolve. Let me be more clear… The redirect loop freezes me out of the control panel, and makes me hack my way back in.

    The theme currently being used is JamesClip.

    Now, I have sort of an unusual setup in that I am NOT terminating SSL on the server, but rather at a load balancer upstream. So here’s the overview of the data flow path:

    Public IP address -> Load balancer port 80 or 443 (ssl termination) -> WP server on port 80 or 443 (I’ve tried both)

    So, the SSL termination is not a big deal, I’ve done it many times and it works. When I access the server via its internal IP address, I still get these redirect loops as soon as the URLs are switched to https. It’s just an endless stream of 302s. I’ve of course tried different browsers, and used incognito mode to rule out cookie poisoning. I’ve even tried setting the load balancer to switch the incoming URLs to https. None of it works.

    What do I need to look at to get to the bottom of these redirect loops?

    I’ve seen several other threads on this issue, and I’ve tried modifying .htaccess to no avail.

    Suggestions?

    Thanks very much for your time.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter Lunchbox Larry

    (@lunchbox-larry)

    11 years ago

    Well, I never did solve *why* WP is generating redirect loops when forced to serve https URLs, but I did figure out how to get around them by implementing the more complex solution of having the load balancer insert ‘X-Forwarded-Proto: https’

    I then edited the wp-config.php in /var/www/html and added:

    define(‘FORCE_SSL_ADMIN’, true);
    if ($_SERVER[‘HTTP_X_FORWARDED_PROTO’] == ‘https’)
    $_SERVER[‘HTTPS’]=’on’;

    Now all of a sudden, everything just works as it should. It seems like WP is trying to be too clever for its own good. Some script somewhere is defeating the forced https settings, and replying with a http URL, which then gets redirected back to https, ad infinitum.

    Now in order to make my site SSL only, I had to make my load balancer intercept port 80 requests and insert the https:// into the URL, which then forced the traffic through the correct port (443) on the load balancer.

    I don’t understand why WP tries to interfere with URL generation like that when manually set to https, but it does. I’d call that a bug, or at the very least, a severely annoying feature.

    My problem is solved, but I bet that lots of other people without such load balancer flexibility are going to have issues with this.

    TechGeek01

    (@techgeek01)

    11 years ago

    Yeah, I’m at the same problem here. 3.9.6 always has worked, but after an update to 4.2.2, I’m having the same problem with CloudFlare’s SSL cert.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Redirect loop on wp-login and wp-admin after switching to https:// URLs’ is closed to new replies.