Forced SSL

  • Affected Version
    WoltLab Suite 5.4

    Hi,


    I've got some problems with forcing https:// for incoming requests. I think this conflicts with the URL Rewriting of WoltLab. I use an apache Webserver.


    This is my /etc/apache/sites-enabled file.


    And this is my .htaccess file in /var/www/html:

    With the current configuration I get an error that there cannot be more than 20 redirects (different error than the one when I uncomment)


    When uncommenting the commented statements it results into a Failed to open page (too many redirects). Can anyone help me solve this? I would appreciate some help a lot after trying to figure this out for quite some time...


    Best regards

    Mr. Smirk


    PS: Please move this topic to the correct forum, if I've chosen the wrong one. This is more about apache than about WoltLab Suite, though I hoped to find some help here.

    • Official Post

    When uncommenting the commented statements it results into a Failed to open page (too many redirects). Can anyone help me solve this? I would appreciate some help a lot after trying to figure this out for quite some time...

    You can try looking into the developer tools of your browser (right click, inspect element). The network tab will show all network activity, once it is open, uncomment the redirect and try visiting your site. It will show you what is happening in the background, especially the Location headers are important. This should help you tracking down the conflicting rewrite rules.

  • You can try looking into the developer tools of your browser (right click, inspect element). The network tab will show all network activity, once it is open, uncomment the redirect and try visiting your site. It will show you what is happening in the background, especially the Location headers are important. This should help you tracking down the conflicting rewrite rules.

    I've reset the server, completely fresh restart. When adding Redirect / https://afternight.eu to the <VirtualHost *:80> tag and then the error starts appearing again (no other edits done, fresh installation of WoltLab Suite and Apache)...


    I'm not a network administrator, so Redirect might not be the right thing to do, can you tell me what would work for sure on a fresh installation?

  • There is currently no redirect in effect. It is not really possible to tell what kind of redirect is happening if you disable the rule immediately afterwards ;)

    Yes, I had to do the WoltLab configuration again. Now I've tried it with RewriteEngine, same issue. Here is the current configuration (the only thing I've edited so far):


    I have not commented it out again, so you can test it out yourself: http://afternight.eu/

    • Official Post

    That is very strange, I can see that there is a redirect from https://afternight.eu to https://afternight.eu, effectively redirecting to itself over and over again. This is notable, because usually one sees a pattern like "https to http" and then "http to https" and repeating.


    I don't really know what is going wrong there, possibly there is something borked inside Apache (haven't used it in over a decade). I can see that you are using Cloudflare: Disable your rewrite rule, then use one of their page rules to enforce https and call it a day. Debugging redirects is a very tedious (and annoying!) process, so if you already have a tool at your hand, use it instead ;)

  • Here is the current configuration

    Could you please provide the full configuration? Including the :443-Server.


    Btw. I'm able to access the site regularly using https:


    http redirects me to https - but only for the domain's root.

  • Cloudflare: Disable your rewrite rule, then use one of their page rules to enforce https and call it a day

    I could have thought of that myself... Thank you very much. I do it over Cloudflare now, and it works just fine :D


    Btw. I'm able to access the site regularly using https:

    Yes, I am using Cloudflare right now, which seems to be working (for the root at least).


    EDIT: Thanks for letting me know MysteryCode, I changed the Cloudflare settings to apply to afternight.eu/*, which includes all subsystems as well :)

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!