https multiple redirects

I am in the process of changing my protocol from http to https.

I have wordpress installed as a subdirectory (eg: www.example.com/blog)

I have the server behind a load balancer, requests to the load balancer are encrypted but requests from the load balancer to the server are not.

I updated the home and siteurl parameters to reflect the https adddress.
And I added the following code to my wp-config.php file:

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
       $_SERVER['HTTPS']='on';

For some reason, when I go to the url https://www.example.com/blog, the following redirects occur:
https://…blog -> http://…blog/

http://…blog/ -> https://…blog/

I can live with one redirect (the one for adding the slash), but I don’t understand why it redirects to the http:// address. I don’t see anything in my setup that still references http://.

Why is it doing this?

I have tried clearing my browser’s cache. I also have an .htaccess file but I suspect it doesn’t have anything to do with it because the redirects occur even when all the code in the .htaccess file is commented

In someone still finds the htaccess file relevant: I have two rules in the htaccess file:

RewriteEngine On

RewriteCond %{HTTP:X-Forwarded-Proto} =http

RewriteRule . https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]

for redirecting http to https

and

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /blog/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /blog/index.php [L]
</IfModule>

for adding the slash (I think).

Although the first rule isn’t relevant (because I am going directly to the https address). And commenting the second rule has no effect on the issue in question.

Is there anywhere else in my setup where I need to update wordpress about the fact that I’m using https?

Thanks.

Solutions Collecting From Web of "https multiple redirects"

This is somewhat of a guess, but it is probably a result of the web server configuration. What your server probably does is to see that the request want to load the blog url of the site. It checks out and sees that blog is a directory adds a slash and redirects to it. Now because the load balancer sends an http request the web server redirect to http. After that the request is made to the wordpress directory and all your htaccess and wordpress logic kicks in and provides the correct info/redirects etc.

Solution… if this is not only a good story, but also a true one, an http to https redirection in an htaccess of the root directory should probably fix it.

If it actually does fix the issue (and you think the fix worth your time) you will want to consider merging the “wordpress” htaccess into the root one as apache reads all the htaccess in each directory in the hierarchy on each request and “runs” them which is a pointless waste of time.

You need to update the baseurls in your database. Namely the option_values for siteurl and home in the options table.

The following code will do that for you robustly. Watch out for the prefix, which here I have indicated is “wp_” but which of course, it should not be! 🙂 Also of course you need to change the site name:

UPDATE wp_options SET option_value = replace(option_value, 'http://www.example.com/blog', 'https://www.example.com/blog') WHERE option_name = 'home' OR option_name = 'siteurl';
UPDATE wp_posts SET guid = REPLACE (guid, 'http://www.example.com/blog', 'https://www.example.com/blog');
UPDATE wp_posts SET post_content = REPLACE (post_content, 'http://www.example.com/blog', 'https://www.example.com/blog');
UPDATE wp_postmeta SET meta_value = REPLACE (meta_value, 'http://www.example.com/blog','https://www.example.com/blog');

Try this in your .htaccess file

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /blog/

RewriteCond %{ENV:HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /blog/index.php [L]
</IfModule>

See if it helps

You should not have to edit WordPress files yourself. WordPress can be used with either http or https without the need of manual code change.

If you have to change the protocol for an existing WordPress site, you can do two things:

  1. Make sure, your blog is accessible through http and https. Then switch to your WordPress settings in the backend and just update the blogs url from http://example.org to https://example.org
    WordPress should update the database and .htaccess-file itself

  2. you can do a search & replace on the database. To do so, you have to be aware of serialized data, which is not recognized with a simple search & replace process. I suggest you to use a tool like from interconnect

Make sure your wp-config.php does not contain a hardcoded url (see “Changing The Site URL”), which will overwrite your changes again.