EgenSajt Posted September 3, 2017 Share Posted September 3, 2017 (edited) Our hosting uses loadbalancers with ssl, requests are made on port 80 to the backend servers with no ssl. We are adding in apache config in backend: SetEnvIfNoCase X-Forwarded-Proto https HTTPS=on So in the PHP sees the following variables: $_SERVER[sSL] => on $_SERVER[HTTPS] => on$_SERVER['SERVER_PORT'] = 443 All PHP applications works fine with this setup EXCEPT PrestaShop. Older versions of PrestaShop is working When accessing the site on https, it redirects to http, something that I believe PHP should never do in any case. Nobody should ever redirect away from SSL as a general rule. To my knowledge, PrestaShop is the only PHP program doing this. If we force the ssl in PrestaShop admin, we only get a redirect loop. So if anyone could give some help it would be appreciated! Edited September 3, 2017 by EgenSajt (see edit history) Link to comment Share on other sites More sharing options...
bellini13 Posted September 5, 2017 Share Posted September 5, 2017 If SSL is disabled in Prestashop, or force ssl is disabled, then yes of course Prestashop will redirect you to http, so that is working as it was designed to work. If SSL is enabled, then Prestashop will try to redirect you https with port 443 as the default, so that is also working as designed. Needless to say, Prestashop is not designed to work behind a load balancer in the manner you are trying. There is likely some logic within the FrontController and most likely in the .htaccess rewrite rules that you will need to edit to fit your needs. Link to comment Share on other sites More sharing options...
EgenSajt Posted September 6, 2017 Author Share Posted September 6, 2017 How does prestashop decide if there is working ssl on the server? If I knew that, I could cheat prestashop with correct variable set. In older version is was: $_SERVER[sSL] => on $_SERVER[HTTPS] => on$_SERVER['SERVER_PORT'] = 443 But it seems that is not enough. Link to comment Share on other sites More sharing options...
bellini13 Posted September 6, 2017 Share Posted September 6, 2017 it would help to know which version of Prestashop you are using... PS v1.7.1.2 FrontController does several checks, but one of those checks calls the usingSecureMode in the Tools class. It is open source code, you can just start digging into it. public static function usingSecureMode() { if (isset($_SERVER['HTTPS'])) { return in_array(Tools::strtolower($_SERVER['HTTPS']), array(1, 'on')); } // $_SERVER['SSL'] exists only in some specific configuration if (isset($_SERVER['SSL'])) { return in_array(Tools::strtolower($_SERVER['SSL']), array(1, 'on')); } // $_SERVER['REDIRECT_HTTPS'] exists only in some specific configuration if (isset($_SERVER['REDIRECT_HTTPS'])) { return in_array(Tools::strtolower($_SERVER['REDIRECT_HTTPS']), array(1, 'on')); } if (isset($_SERVER['HTTP_SSL'])) { return in_array(Tools::strtolower($_SERVER['HTTP_SSL']), array(1, 'on')); } if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) { return Tools::strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https'; } return false; } however that is just one check, and then Prestashop will also add htaccess rewrite rules 1 Link to comment Share on other sites More sharing options...
EgenSajt Posted September 6, 2017 Author Share Posted September 6, 2017 (edited) It's the latest version. I have set all those variables to on, and the prestashop is continuing to redirect https => http. This does not make sense for me, if access is made to https, that means that https is working. Prestashops php code is doing like this. Oh, is someone making an access on https, strange, that should not be possible, https does not exsist, lets redirect to http. Here is another one with the same opinion, he recommends not to use prestashop: https://igotaprinter.com/blog/prestashop-redirect-loop.html Edited September 6, 2017 by EgenSajt (see edit history) Link to comment Share on other sites More sharing options...
bellini13 Posted September 8, 2017 Share Posted September 8, 2017 Prestashop is designed to work a certain way. If that does not work for you, it is open source, change it to the way you want it to work. Link to comment Share on other sites More sharing options...
EgenSajt Posted October 10, 2017 Author Share Posted October 10, 2017 (edited) Prestashop is designed to work a certain way. If that does not work for you, it is open source, change it to the way you want it to work. Prestashop is designed to work a certain way. If that does not work for you, it is open source, change it to the way you want it to work. The problem is not for us to change the code, the problem is that our hosting customers can't all be expected to change the code. We need to find which server variable we need to fake, like theese ones: $_SERVER[sSL] => on $_SERVER[HTTPS] => on$_SERVER['SERVER_PORT'] = 443 But those are not enough. The function usingSecureMode() is returning true on ssl exists, but the site is still redirecting from http => https. The insane thing is that https://domain.com redirects to http://domain.com/index.php? There must be a second check of https somewhere else, but I can't find it. classes/Tools.php har now redirecting correctly to https, but some other code in another file is redirecting back to http://domain.com/index.php? Edited October 10, 2017 by EgenSajt (see edit history) Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now