?
avatar bpeterson69
bpeterson69
20 Sep 2015

Steps to reproduce the issue

Install Joomla (tested version was Joomla 3.4.4) on an OS X Server running Server 5.0.3. Set Joomla to Force SSL on entire site.

Expected result

All pages on the site should load via SSL

Actual result

No page will load and the browser reports 'Too Many Redirects'

System information (as much as possible)

Mac Pro Server Running OS X 10.10.5 with Server 5.0.3 installed. Joomla 3.4.4, MySQL 5.6.22, PHP version 5.5.27, Apache 2.4.16.

Additional comments

Apple setup apache in Server 5.0.3 as a Reverse Proxy. With Joomla set to force SSL, the client would connect to the proxy and the proxy would forward the request to the Joomla site. Joomla would check $_SERVER['HTTPS'] to verify if the connection was over SSL. With the Apache Reverse Proxy, the variable $_SERVER['HTTPS'] doesn't exist so Joomla would assume that the connection was not SSL so it would redirect the user to SSL. The client would now connect to the proxy via SSL. Again, the proxy would send the request to the Joomla site and again, Joomla would check $_SERVER['HTTPS'] and find the variable didn't exist and assume the client was coming in as non SSL and redirect them. This continues until the browser gives up and and gives the error 'Too Many Redirects'. After researching the Apache Reverse Proxy (and others) I determined that the proxy sends the variable $_SERVER['HTTP_X_FORWARDED_PROTO'] to indicate SSL (the value in the variable for SSL is 'https'). To solve the issue, I edited the uri.php file in 'libraries/joomla/uri' and at line 66 I changed this:

if ((isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off')))

to this:

if ((isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off')) ||
    (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && !empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && (strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) != 'off')))

Now Joomla checks $_SERVER['HTTPS'] and $_SERVER['HTTP_X_FORWARDED_PROTO'] to validate if the client is connecting via SSL. This has solved the problem on the Joomla sites I am hosting. If I see other side effects moving forward, I will post them.

Votes

# of Users Experiencing Issue
5/5
Average Importance Score
4.20

avatar bpeterson69 bpeterson69 - open - 20 Sep 2015
avatar brianteeman
brianteeman - comment - 8 May 2016

Hi you created this issue sometime ago but have not provided any code for people to evaluate. As no one else has shown any interest in providing the code and you have not then I am closing this issue at this time. If code is provided (a pull request) it can always be re-examined.


This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/7916.

avatar brianteeman
brianteeman - comment - 8 May 2016

Hi you created this issue sometime ago but have not provided any code for people to evaluate. As no one else has shown any interest in providing the code and you have not then I am closing this issue at this time. If code is provided (a pull request) it can always be re-examined.


This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/7916.

avatar brianteeman brianteeman - close - 8 May 2016
avatar brianteeman brianteeman - change - 8 May 2016
Status New Closed
Closed_Date 0000-00-00 00:00:00 2016-05-08 17:09:31
Closed_By brianteeman
avatar brianteeman brianteeman - close - 8 May 2016
avatar ableanswers
ableanswers - comment - 8 Jun 2016

The example code is kindly specified above by line number, in place of pre--- & post+++ change notation.

The issue raised is more frequent than suggested.

Test latest Joomla using CloudFlare and enable their SSL. Put the debugger on and review your site in HTTPS and you will see the lockups + database down issues with too many redirects = refused connection in some MySQL configs. Circular hits are throttled at the database connection level on some servers or the browser stops on multiple redirects. Also see the page reference javascript code being rejected then make this change to core as suggested ... (sorry folks, core change not recommended but to prove a point).

CloudFlare + SSL works after applying this amendment.

My site now runs in CloudFlare SSL: https://broadbandwithoutaphoneline.com/

SSL "free as in beer..."

My thanks to bpeterson69.

Anton


This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/7916.

avatar brodave
brodave - comment - 10 Oct 2016

Fixed the issue for me on J 3.6.2, also when using Cloudflare free SSL. Clearly something that needs implemented.


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/7916.

avatar ableanswers
ableanswers - comment - 31 Jan 2017

Not fixed in 3.6.5 so re-apply patch.


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/7916.

avatar hamlingordon
hamlingordon - comment - 5 Apr 2017

I've been having this problem for over a year know luckily the above patch works perfectly


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/7916.

avatar ableanswers
ableanswers - comment - 5 Apr 2017

Don't forget to check for this going into core Joomla.

If you take a look above you can see that it was aborted as a Joomla bug problem to solve.


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/7916.

Add a Comment

Login with GitHub to post a comment