Hello, after upgrading to server 5.0.3 I am getting a "Too many redirects" error on just my https pages. The http pages work just fine still. Anyone have ideas? Thanks!
Xserve, OS X Server
Are you using a self-signed certificate to secure the server?
I'm using the default certificate (local development). After upgrading both I and another developer are receiving this message.
This is in my htaccess to enforce SSL. Without it the site loads (non-https) with it I get too many redirects. It worked fine under v4 and it works on our CentOS server.
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Thanks! These were endless loops on pages that were already on HTTPS. I actually just got it figured out for my case, I use Perl and the $ENV variables changes with this last update. $ENV{HTTPS} is no longer a value on my server, I did find the new $ENV{HTTP_X_FORWARDED_PROTO} value which should be set to 'https' so I am verifying my scripts that way now. I originally thought this was something to do with mod_rewrite. Took a long time to track it down. Thanks again for your help!
spjonez,
I'm having the same problem. I've got a real certificate, but web SSL was working before upgrading from Server 4.x to 5.0.3.
I have a .htaccess file to redirect HTTP users immediately to HTTPS. Among other things in it, it has (for that purpose);
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,NE,L]
That was working under Server 4, but now perhaps it's still redirecting after it's already redirected to HTTPS.
Did you solve your problem?
Did you understand what MacGuyDVD did, as we'd need to apply for .htaccess use?
Troy
Yes you can use this instead:
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
spjonez,
Thank you, success!!
Troy
Very nice! This also would have saved me a lot of hours yesterday, thanks spjonez!
So just add those two lines in the .htaccess file?
The .htaccess file in my site's PHP root?
Any particular place in the file?
Tom,
Those lines redirect HTTP access of your site to try again using HTTPS. If you have your site already set up to do this, and you are having the problem where HTTPS access causes the "too many redirects" error, then you should locate the spot were you originally set it up to do the redirect.
In my case and some others here, the original method of enforcing HTTPS is in the .htaccess file which is at the root of your site... the path may be something like:
/Volumes/Server 1 HD/Library/Server/Web/Data/Sites/Default/.htaccess
But do you have a method like that set up? If so, you'd want to replace that redirect method with the new one. What do you have in your .htaccess file?
Troy
Hi Troy and community,
I tried adding it to my .htaccess file but it didn't have any affect. I am attempting to run a Magento store and I did eventually find the answer elsewhere. It turns out that is its related as the answer did involve HTTP:X-Forwarded-Proto
That involved changing a line in the getSheme function in /magento/lib/Zend/Controller/Request/Http.php to read:
return ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') ? self::SCHEME_HTTPS : self::SCHEME_HTTP;
Thanks to zigojacko at http://www.ukbusinessforums.co.uk/threads/magento-secure-checkout-redirect-loop. 333119/page-2 for that one!
Cheers,
Tom
Tom,
That makes sense. In addition to the .htaccess changes, I had to change some PHP files too. A number of the server environment variables have been changed... if you have an old archived PHPINFO output compare it with a new one. Anywhere in your PHP if $_SERVER['something'] is mentioned (maybe do a multifile search for: $_SERVER[ ) the values returned may have changed, or some server variable names eliminated, because of the new way Apache is set up in Server 5... so new server variable names need to be used.
Besides the one you mentioned, for example, if you are trying to get the IP address of the visitor, your PHP might have used:
$_SERVER['REMOTE_ADDR']
but that won't work now because it returns 127.0.0.1 instead, so you must use:
$_SERVER['HTTP_X_FORWARDED_FOR']
and that gives you the actual remote IP address.
I think it's because Server 5 places another layer between the network and Apache so that you can use different ports to have more than just one HTTP and one HTTPS port. If you look at the port numbers for Apache, it's not 443 for SSL, but (internally to Server) for "remote" it's 63709 and Apache it's 34543. To find out the actual remote port, you need $_SERVER['HTTP_X_FORWARDED_PORT'] which evaluates as the expected 443.
Anyway, since it's caused one problem, there may be others. Look at all those $_SERVER[ ] uses in the PHP code!
Troy
Apache https too many redirects after server 5.0.3 upgrade
