[wp-trac] [WordPress Trac] #15277: FORCE_SSL_LOGIN or _ADMIN go to death loops when using an load-balancer

WordPress Trac wp-trac at lists.automattic.com
Mon Nov 1 15:07:33 UTC 2010 

#15277: FORCE_SSL_LOGIN or _ADMIN go to death loops when using an load-balancer
-----------------------------+----------------------------------------------
 Reporter:  jackewit         |       Owner:                 
     Type:  feature request  |      Status:  new            
 Priority:  normal           |   Milestone:  Awaiting Review
Component:  Security         |     Version:  3.0.1          
 Severity:  normal           |    Keywords:  SSL            
-----------------------------+----------------------------------------------
 Dear community,

 first of all, I had to apologize for my english pronunciation. I am not a
 native speaker.

 Now, here is my problem or rather my feature request and patch.

 '''Problem'''

 I use WordPress in an infrastructure with a load-balancer (hardware)
 before two webserver in a dmz and behind the dmz the database server. And
 (that is important) the connections between the load balancer and the
 webserver are always http - not https. The ssl certificate is installed on
 the load balancer. So the https connection is only between the client
 (browser) and the load balancer.

 Now a want to use ssl for login and admin section.

 IF I use FORCE_SSL_ADMIN or _LOGIN I got into a death loop, because:

 1) connection client -> load balancer: https
 2) connection load balancer -> webserver: http
 3) webserver WordPress -> client: reload to https because of FORCE_SSL_*

 4) connection client -> load balancer: https
 5) connection load balancer -> webserver: http
 6) webserver WordPress -> client: reload to https because of FORCE_SSL_*

 7) goto 4 or 1

 '''Feature Request'''

 I want a FORCE_SSL_* light. Something like USE_SSL_* but do not make a
 redirect.

 '''Patch (see attached)'''

 I defined two constants USE_SSL_LOGIN and USE_SSL_ADMIN like the
 FORCE_SSL_* and the functions use_ssl_admin, use_ssl_login like the
 force_ssl_*. And I integrate these functions in the function get_site_url
 in wp-includes/link-template.php

 At my installation, it works.

 It would be great, if you can take over these two config constants.

 I hope I could descriped my problem and solution clearly.

 Great tool ... Iver Jackewitz

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/15277>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list