SSL Issues with Magento Behind Load Balancer (302 Loop)

ssl

In front of my Magento installation is a load balancer handling all the SSL stuff. If I don't tell Magento that it is receiving a secure connection it will go into a 302 redirect loop. The only solution I found so far is to patch the main index.php like so (code goes right above the Mage::run line at the bottom the index.php):

/**
 * Prevent Magento from performing a 302 redirect loop.
 *
**/

if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
    if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
        $_SERVER['HTTPS'] = 'on';
        $_SERVER['SERVER_PORT'] = 443;
    }
}

(I added the content from the blog post with the addition from a commenter here, in case the link goes dead).

How can I avoid to patch a core file?

Best Answer

Thanks to a tip on the #magento-de irc channel I found a much more elegant solution. Add these lines to the end of your .htaccess and it should be fine:

# Detect the Load-Balancer-Header and set the header magento expects
SetEnvIf X-Forwarded-Proto https HTTPS=on

Go here for a longer explanation.

Related Topic