• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.4 Infinite redirect loop on admincp when forcing ssl

#1
I have enabled the ssl https:// inside admincp > options and decided to force all http to https therefore I added into .htaccess the following rule:

RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

The forums works fine under ssl, I can access all threads, etc, however when trying to visit admin.php page I get an infinite redirect loop message, any ideas?

Using cloudflare FULL ssl mode.
 
Last edited:

Mike

XenForo developer
Staff member
#2
Looking at the site listed in your customer account, if I go to admin.php with HTTPS currently, I get forcibly pushed back to HTTP. Based on the headers, this isn't a XenForo redirect. I think it might not even be hitting your server though I'm not positive.
 
#3
Looking at the site listed in your customer account, if I go to admin.php with HTTPS currently, I get forcibly pushed back to HTTP. Based on the headers, this isn't a XenForo redirect. I think it might not even be hitting your server though I'm not positive.
I currently removed ssl and the rule inside htaccess due to the infinite loop thing.
 

Mike

XenForo developer
Staff member
#4
Right, but I can access your main forum via HTTPS without issues. As soon as I go to admin.php, it gets forced back to HTTP. This is going to be the problem as when you have another rule that then forces it back to HTTPS, it'll create an infinite loop.

This HTTPS to HTTP redirect is not something from XF, but you'd need to track down where it's coming from to remove/disable it.
 
#5
You can access both http and https because i switched it to Flexible from cloudflare panel. I suppose you get redirected back to http because there is no forcing rule of https inside .htaccess and I've used http:// inside board information too, right? Also xenforo is not installed inside the root folder (/var/www) due to hosting multiple websites, therefore apache virtual host points to /var/www/xenforo_folder

What you said sounds logic, however there is no other extra rule inside .htaccess (it's default one), nor have any cloudflare redirect page rules
 
#9
I'm running plenty of websites through cloudflare ssl and they're fine, if it was problematic many people wouldn't use it anymore.
 
#10
Alright, this is odd but decided to do my tests with chrome as a browser this time and seems there was indeed a cloudflare page rule that was added long time ago which disables https and everything else for admin.php as recommended by cloudflare itself for xenforo. It is odd because I was not able to see it using latest mozilla version so downgraded and now I can see it just fine too. Solved, thanks.