Our features site is undergoing a refresh! Be sure to explore the revamped site and discover our latest product roadmap launching here on Monday, March 18th.

Fix "Force HTTPS Redirect" for reverse proxy like Cloudflare

Rodrigo Gomes shared this idea 13 months ago
Needs Review

As a web-hosting provider, I would like "Force HTTPS Redirect" option stop creating a redirect loop when the client uses a reverse proxy, so that it will benefit all hosting companies that deal with several different systems like reverse proxy and our customers as well.


When activating the "Force HTTPS Redirect" option in cPanel, the customer's website enters a redirection loop (ERR_TOO_MANY_REDIRECTS). This is because the redirection rule cPanel create does not take X-Forwarded-Proto into account, which is sented by all reverse proxies and is extensively documented.


A simple solution for this would be to just add the rule below along with the existing rule inside /etc/apache2/conf/httpd.conf:


RewriteCond %{HTTP:X-Forwarded-Proto} !https
As in the attached image. Simple and effective.


More about it can be read here:

https://aws.amazon.com/pt/premiumsupport/knowledge-center/redirect-http-https-elb/


To reproduce this problem, just use a reverse proxy or Cloudflare with the Flex option enabled and activate the option "Force HTTPS Redirect".

I reproduced this problem with Varnish Cache, Nginx as a proxy, Cloudflare and load balancers.

Leave a Comment
 
Attach a file