We recently had some issues with one of our X-Cart sites.  The site is behind a Cloud Load Balancer with SSL termination at Rackspace and X-Cart wouldn’t play nicely, it kept causing an infinite redirect loop because it wouldn’t detect that the request was already secure.

The solution was to have X-Cart properly detect if the request was coming in via HTTPS.  The way the load balancer works is that it accepts traffic on both port 80 and 443.  It forwards all traffic to the server on port 80 (even traffic secured by HTTPS!) and also includes a custom header “HTTP_X_FORWARDED_PROTO” in the response.  X-Cart doesn’t check this header by default, and causes a redirection loop, constrantly trying to forward the user to HTTPS because it doesn’t know that user is actually already in HTTPS.

There’s an easy solution to the problem.  There is an include file that does detection for HTTPS.  That file is located in /include/https_detect.php.

Change that code in that file to include the following lines, notice the check for HTTP_X_FORWARDED_PROTO.

$HTTPS = (
    (
        isset($_SERVER[‘HTTP_X_FORWARDED_PROTO’])
        && stristr($_SERVER[‘HTTP_X_FORWARDED_PROTO’], ‘https’)
    ) || (
        isset($_SERVER[‘HTTPS’])
        && $_SERVER[‘HTTPS’] == 1
    ) || (
        $_SERVER[‘SERVER_PORT’] == 443
    ) || (
        isset($_SERVER[‘SCRIPT_URI’])
        && is_string($_SERVER[‘SCRIPT_URI’])
        && !strncmp($_SERVER[‘SCRIPT_URI’], ‘https://’, 8)
    )
);

Add Comment

Your email address will not be published. Required fields are marked *

This blog is meant for Corporate Zen employees to write about a variety of topics. Posts may contain information and views not directly related to Corporate Zen!