Fix "Force HTTPS Redirect" for reverse proxy like Cloudflare
As a web-hosting provider, I would like "Force HTTPS Redirect" option stop creating a redirect loop when the client uses a reverse proxy, so that it will benefit all hosting companies that deal with several different systems like reverse proxy and our customers as well.
When activating the "Force HTTPS Redirect" option in cPanel, the customer's website enters a redirection loop (ERR_TOO_MANY_REDIRECTS). This is because the redirection rule cPanel create does not take X-Forwarded-Proto into account, which is sented by all reverse proxies and is extensively documented.
A simple solution for this would be to just add the rule below along with the existing rule inside /etc/apache2/conf/httpd.conf:
RewriteCond %{HTTP:X-Forwarded-Proto} !httpsAs in the attached image. Simple and effective.
More about it can be read here:
https://aws.amazon.com/pt/premiumsupport/knowledge-center/redirect-http-https-elb/
To reproduce this problem, just use a reverse proxy or Cloudflare with the Flex option enabled and activate the option "Force HTTPS Redirect".
I reproduced this problem with Varnish Cache, Nginx as a proxy, Cloudflare and load balancers.
Replies have been locked on this page!