[wp-trac] [WordPress Trac] #28443: SSL behind a load balancer

WordPress Trac noreply at wordpress.org
Mon Aug 18 02:00:01 UTC 2014

#28443: SSL behind a load balancer
 Reporter:  lracicot      |       Owner:
     Type:  defect (bug)  |      Status:  reopened
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  Security      |     Version:  trunk
 Severity:  normal        |  Resolution:
 Keywords:                |     Focuses:

Comment (by tellyworth):

 I agree with Andrew. There's simply no way to know if X-Forwarded-Proto
 can be trusted, and doing so naively opens the possibility of bugs and

 The only reliable way to fix this is to ensure that the load balancer and
 server config accurately sets the PHP server vars.

Ticket URL: <https://core.trac.wordpress.org/ticket/28443#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list