Skip to content
Permalink
Browse files

Improve checking the use of SSL

Servers that are behind a proxy will always have `%{HTTPS} === off`.
To prevent infinite redirect loops in this scenario this commit adds a
check on the
[X-Forwarded-Proto](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto)
header before defaulting back to the `%{HTTPS}` check. This should cover
about 99% of possible htaccess/ssl related scenarios.
  • Loading branch information...
StijnVrolijk committed Mar 27, 2019
1 parent b660d40 commit f79fa172387e0b4467c950d76995cbfca28564fd
Showing with 2 additions and 1 deletion.
  1. +2 −1 .htaccess
@@ -80,7 +80,8 @@ deny from env=stayout
# <IfModule headers_module> # <IfModule headers_module>
# Header set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS # Header set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS
# </IfModule> # </IfModule>
# RewriteCond %{HTTPS} !=on # RewriteCond %{HTTP:X-Forwarded-Proto} !https
# RewriteCond %{HTTPS} off
# RewriteCond %{HTTP_HOST} !.*\.dev [NC] # RewriteCond %{HTTP_HOST} !.*\.dev [NC]
# RewriteCond %{HTTP_HOST} !.*localhost(:\d+)?$ [NC] # RewriteCond %{HTTP_HOST} !.*localhost(:\d+)?$ [NC]
# RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] # RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

0 comments on commit f79fa17

Please sign in to comment.
You can’t perform that action at this time.