WordPress + CloudFront Flexible SSL ends up in redirect loop (https)

wordpress ssl cloudflare
12,220

Solution 1

This is due to the fact that CloudFlare's Flexible SSL operates as a reverse proxy and connects to the WordPress installation via http. Wordpress thinks you're connecting via http and does a redirect to the https resource. The browser requests the https resource from CloudFlare and CloudFlare again requests the resource over http from the WordPress server, resulting in another redirect.

Fortunately there's a solution. CloudFlare sends an http header X-FORWARDED-PROTO that is the protocol used in the connection from the browser to the CloudFlare server. We can use this to tell WordPress that even though the request is happening over http, the link to the browser is over https.

In the wp-config.php file add the following line:

if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') $_SERVER['HTTPS']='on';

It's also crucial that the above line comes before the following line:

require_once(ABSPATH . 'wp-settings.php');

After making that modification the redirect loop will stop and you'll be able to use the admin again.

This ultimately applies to all reverse proxy servers, not just CloudFlare.

Solution 2

In my case we getting this problem because I configure CloudFront origin incorrect.

cloudfront-> origin -> Origin Protocol Policy -> Match Viewer

after this setting my website working fine

Share:
12,220

Related videos on Youtube

Daniel
Author by

Daniel

I love the crossroads of software & marketing (ad-tech). Also interested in Bitcoin. Feel free to reach out to me at [email protected] These days I spend most of my time developing in Node.js.

Updated on June 11, 2022

Comments

  • Daniel
    Daniel about 2 years

    Having problems accessing the admin over https when it's setup behind CloudFront Flexible SSL.

    The admin works fine when accessing over http, but as soon as I change to secure https it ends up in a redirect loop.

    I'm adding the following line to wp-config.php to force SSL in the admin.

    define('FORCE_SSL_ADMIN', true);
  • Altryne
    Altryne over 8 years
    Thank you! the crucial part for me is putting it ABOVE require_once(ABSPATH . 'wp-settings.php');
  • user967710
    user967710 about 3 years
    In my case, that didn't fix the problem - then I realized I also needed to invalidate the cloudfront, because it had cached that 301

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Cloudflare flexible SSL and redirects
Wordpress - Sorry, you are not allowed to edit this item
Clearing cache with CloudFlare?
Nginx Nextcloud too many redirects
Why I have set HTTP_X_FORWARDED_PROTO and unset HTTPS on Apache 2.4?
Wordpress behind nginx reverse proxy doesnt work in https
getting ERR_SSL_VERSION_OR_CIPHER_MISMATCH on nginx webserver via cloudflare
enabling ssl connection from wordpress to mysql
SSL23_GET_SERVER_HELLO:unknown protocol when trying to access HTTPS URL
Can I use the same SSL certificate on the CDN and the origin