Skip to:
Content
Pages
Categories
Search
Top
Bottom

Infinite Redirect Problem with SSL at Network Solutions

  • We have our bbPress forum hosted at Network Solutions [unfortunately]. When we activated SSL in bbPress, any SSL-secured page would immediately go into an infinite redirect loop to itself. After a little PHP debugging, I determined that the cause was two-fold:

    1. $_SERVER does not exist, for some reason, at NetSol.

    2. $_SERVER always returns 80 at NetSol, even when accessing the site via https. It should return 443.

    This causes the two conditions in the is_ssl() function to fail, so the function incorrectly returns false. When the secured page redirects itself from http to https, bbPress still thinks it’s an unsecured page and redirect back to itself again… and again… and again.

    We had no choice but to hack the core, which is bad because it will get overwritten when we upgrade bbPress. is_ssl() resides in /bb-includes/backpress/functions.core.php. I added a condition to simply look at the scheme of the URI and return ‘true’ if it is ‘https’.

    I added this line to the first line of the function:

    $uri_ssl = parse_url(bb_get_option('uri_ssl'));

    Then this add’l elseif condition:

    } elseif ($uri_ssl == 'https') {

    // Hack to support NetSol's questionable setup.

    return true;

    }

    Has anyone else ever experienced this at NetSol?

Viewing 2 replies - 1 through 2 (of 2 total)
  • I heard back from Network Solutions about this issue. Their response was basically:

    Our SSL proxy doesn’t allow server-side variables to detect HTTPS (secure). All server-side coding will always detect HTTP (non-secure), and for programs that attempt to redirect non-secure connections (http://) to a secure connection (https://) will result in an infinite loop and server error after 30 seconds (newer technology browsers such as Firefox will detect this loop almost immediately and give up before 30 seconds). We cannot change this setting on our servers.

    There is a 2nd paragraph with their recommended workaround, which is similar to my approach above of looking for ‘https:’ in the scheme of the URL.

    I’m going to see if the bbPress developers would include the above code in their core. Seems like a worthwhile addition, or maybe they are aware of this and intentionally do not include it for various reasons.


    chrishajer
    Participant

    @chrishajer

    “We cannot change this setting on our servers.”

    I think they mean:

    “We will not change this setting on our servers.”

    Maybe you could do it with mod_rewrite?

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.