[wp-trac] [WordPress Trac] #15902: is_ssl() Proxy Modification

WordPress Trac wp-trac at lists.automattic.com
Thu Apr 5 23:51:29 UTC 2012 

#15902: is_ssl() Proxy Modification
--------------------------+-----------------------
 Reporter:  ctsonline     |       Owner:
     Type:  defect (bug)  |      Status:  reopened
 Priority:  normal        |   Milestone:
Component:  General       |     Version:
 Severity:  normal        |  Resolution:
 Keywords:                |
--------------------------+-----------------------
Changes (by gnotaras):

 * status:  closed => reopened
 * resolution:  wontfix =>


Comment:

 I've been talking about this on #wordpress.

 In the following example setup, a secure apache virtualhost (listening on
 192.168.0.200:443) is set to work as a proxy that terminates the SSL
 connection and forwards the unencrypted traffic to the backend server
 running Wordpress, which in this setup is another apache virtualhost
 (listening on 127.0.0.1:8080).

 These apache virtualhosts are used as an example.

 {{{

 <VirtualHost 192.168.0.200:443>

     ServerName example.org:443

     SSLEngine on
     SSLCertificateFile /etc/pki/certs/example.org.crt
     SSLCertificateKeyFile /etc/pki/keys/example.org.key

     # Needs mod_proxy
     ProxyPreserveHost On
     ProxyErrorOverride Off
     ProxyPass / http://127.0.0.1:8080/
     ProxyPassReverse / http://127.0.0.1:8080/

     # Needs mod_headers
     # These headers are passed to the server running WP
     RequestHeader set X-Forwarded-Protocol https
     RequestHeader set X-Forwarded-Ssl on
     RequestHeader set X-Ssl-Is-On key123

 </VirtualHost>


 <VirtualHost 127.0.0.1:8080>
     ServerName example.org:8080
     DocumentRoot /var/www/vhosts/example.org/public_html
     <Directory /var/www/vhosts/example.org/public_html>
         AllowOverride None
         Options FollowSymLinks
         Order allow,deny
         Allow from All
         #
         # Configure it to execute PHP scripts
         #
     </Directory>
 </VirtualHost>

 }}}

 My suggestion is that Wordpress should let the user define a list of
 trusted HTTP headers that wordpress should interpret as "''our proxy has
 sent us a trusted header, so let is_ssl() be True''".

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/15902#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list