Magento HTTPS Redirect Loop

So you’ve enabled HTTPS in your store and suddenly you are faced with a redirect loop. In Magento versions prior to 1.6.2.0, Magento was only capable of checking the Apache $_SERVER['HTTPS'] variable.

In ./lib/Zend/Controller/Request/Http.php the HTTPS sanity check would observe the contents of the HTTPS environment variable, if set to ‘on’ – it would be classed as HTTPS.

return ($this->getServer('HTTPS') == 'on') ? self::SCHEME_HTTPS : self::SCHEME_HTTP;

There are also some other checks within ./app/code/core itself, which include a case insensitive check of ‘on’ or ‘On’. However, when they added the SSL Offload field in 1.6.2.0, they managed to break the flexibility to support varying cases of ‘on/On’. So people are back to hitting redirect loops again.

The best solution

Change your hosting to Sonassi Hosting, seriously, we eat-sleep-breathe Magento and specialise in high performance Magento Hosting. Whether you have got 1,000 visitors a day or 230,000 visitors per day – we have got the right Magento hosting solution for you. Speak to Sonassi Hosting, the Magento Hosting specialists.

The solution (for Apache)

Add this to your ./.htaccess file

############################################
## Case sensitivity fix for Magento 1.6.2.0
SetEnvIf HTTPS On HTTPS=on

The solution (for Nginx, Lighttpd, Varnish or any other reverse proxy to Apache)

Add this to your ./.htaccess file

############################################
## Nginx proxy HTTPS fix for Magento 1.6.2.0
SetEnvIf X-Forwarded-Proto https HTTPS=on

And if you are using Nginx

Open up your virtualhost config for the domain, and within the location handler for the index.php bootstrap, add

location ... {
  fastcgi_param  HTTPS on;
}

The solution (for Nginx, when reverse proxing to Nginx)

If you are SSL unwrapping with another application, Eg. Pound, Stunnel then passing back to Nginx, you’ll need to make Nginx aware of the SSL state using whatever header has been set further up the chain, in our case, we’ve set X_FORWARDED_PROTO

So in your server declaration in Nginx, add some testing logic

server ... {
  set $my_http "http";
  set $my_ssl "off";
  set $my_port "80";

  if ($http_x_forwarded_proto = "https") {
    set $my_http "https";
    set $my_ssl "on";
    set $my_port "443";
  }
}

Then within the location handler, you can dynamically set the HTTPS state

location ... {
  fastcgi_param  HTTPS $my_ssl;
}
  • njwrigley

    Hi there,

    I’m having exactly this issue with 1.6.2.0.

    I tried your .htaccess solution, but this did not work for me.

    Following the advice here:
    http://www.magentocommerce.com/boards/26245/viewthread/276027/#t380041

    I have altered:
    lib/Zend/Controller/Request/Http.php (line 1013)

    thus:
    public function getScheme()
    {
    //return ($this->getServer(‘HTTPS’) == ‘on’) ? self::SCHEME_HTTPS : self::SCHEME_HTTP;
    return ($_SERVER[‘HTTPS’] === null) ? self::SCHEME_HTTPS : self::SCHEME_HTTP;
    }

    I know that this is a really bad idea, modifying core Zend files, but this solution works. I was wondering though if you can see any obvious pitfalls with this approach.

    Thanks,

    Nathan.

  • Pingback: Two Drifters - Off to see the world.

  • Pingback: Magento HTTPS and Amazon AWS Load Balancer | David MatarĂ³ i Ciller

  • Rufinus

    Thanks, this helped me a lot. Now Nginx runs magento with HTTPS without this nasty loop.

  • Sharif Sayfulloev

    Hey guys, thanks for such brilliant information. I’d like to add my 50 cents

    I have nginx as reverse proxy for apache

    I’ve tried to add your advice to .htaccess, but it didn’t work. After some googling I foung solution from here: http://habrahabr.ru/post/142363/

    1. In Nginx vhost config add this:

    server {

    location / {

    proxy_set_header X-Forwarded-Proto $scheme;

    }

    }

    2. in Apache vhost config add this:

    ServerName http://www.blabla.com

    SetEnvIf X-Forwarded-Proto https HTTPS=on

    3. (debian) /etc/init.d/apache2 restart
    /etc/init.d/nginx restart

    That’ it! This is how I’ve fixed infinite redirect loop on my website.

    thanks
    Sharif

  • Lee

    Thank you thank you!!

  • Jessica Kafor

    Your amazing works with the latest Magento version, thank you.