Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Problems with secure and unsecure Base URL: 302 Redirect Loop
 
hengman
Jr. Member
 
Avatar
Total Posts:  30
Joined:  2008-07-21
 

Hello,

we have an load balancer, which I can access via a https address. the balancer, and some other servers behind, translate the URL to http://127.0.0.1:[port] and access a virtual machine with the Magento installation. If I enter the address http://127.0.0.1:[port] in Magentos secure and unsecure BaseURL Paths, I can access Magento via the https adress, but all Links(JS, CSS) are written with htpp:127.0.0.1:[port]. Apache Module mod_substitude is a possible solution, but it dont work very well together with mod_proxy… If I enter the https adress in Magento BaseURLs, I get a 302 Redirect Loop. Session Validation Settings are all set to No. So, what is the problem?

 
Magento Community Magento Community
Magento Community
Magento Community
 
hengman
Jr. Member
 
Avatar
Total Posts:  30
Joined:  2008-07-21
 

Hello,

i found the error: The loadbalancer terminates https connection, magento is accessed with http protocoll. BaseURL is an https address and secured pages should be used in frontend. Through th termination by the loadbalancer, the request is unsecure(http), but should be secure. So, Magento redirects to the secure BaseURL(https). But this https session is terminated by the loadbalancer again and translated to http. Same case, redirect again, and so on until Redirect Error.

I found a method in app/code/code/Mage/Core/Controller/Varien/Router/Standard.php: _checkShouldBeSecure($request, $path=’’), which causes the error and try to override this method with my own extension, but i dont succeed.

Is it possible to override it with my own extension? I dont want to source out all methods in this Class.

 
Magento Community Magento Community
Magento Community
Magento Community
 
hengman
Jr. Member
 
Avatar
Total Posts:  30
Joined:  2008-07-21
 

Hello,

the problem/solution is described in this post: How to extend Mage_Core_Model_App?

Greetings!

 
Magento Community Magento Community
Magento Community
Magento Community
 
nheinrichs
Jr. Member
 
Total Posts:  10
Joined:  2010-03-10
 

I realize this is an old post, but if you add this code before the `Mage::run...` line at the bottom of `index.php` Magento will not attempt to redirect secure connections that were handled by your load balancer.

I happen to be using Amazon EC2, which uses the X-Forwarded-Proto header, but the same method works for any header (eg, if you set your load balancer to add a “Magento-Secure” header, or whatnot, then you could check for `$_SERVER[’HTTP_MAGENTO_SECURE’]` below):

/**
 * EC2's load balancer sets these for us so we know we're secure,
 *  preventing Magento from performing a redirect loop.
**/
if( isset($_SERVER['HTTP_X_FORWARDED_PROTO']) ) {
    $_SERVER[
'HTTPS''on';
    
$_SERVER['SERVER_PORT'443;
}
 
Magento Community Magento Community
Magento Community
Magento Community
 
EE_WebDesign
Jr. Member
 
Avatar
Total Posts:  11
Joined:  2009-03-05
 

Thank you SO much!

This code here just saved my life! wink

nheinrichs - 20 January 2011 06:53 PM

/**
 * EC2's load balancer sets these for us so we know we're secure,
 *  preventing Magento from performing a redirect loop.
**/
if( isset($_SERVER['HTTP_X_FORWARDED_PROTO']) ) {
    $_SERVER[
'HTTPS''on';
    
$_SERVER['SERVER_PORT'443;
}
 
Magento Community Magento Community
Magento Community
Magento Community
 
S Macfarlane
Member
 
Avatar
Total Posts:  53
Joined:  2010-10-24
Southampton
 

You should really be setting these values at Apache or Nginx config level if you can as it seems pointless doing it at code level like this.

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top