1

my website https://stage.issufy.com/ , after setting up ssl, i get 302 redirect loop. Here is htaccess file

<IfModule mod_rewrite.c> <IfModule mod_negotiation.c> Options -MultiViews </IfModule> RewriteEngine On # Redirect Trailing Slashes If Not A Folder... RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)/$ /$1 [L,R=301] # Handle Front Controller... RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [L] # Handle Authorization Header RewriteCond %{HTTP:Authorization} . RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] </IfModule>

Here is Apache configuration for http:

<VirtualHost *:80> ServerName stage.issufy.com Redirect / https://stage.issufy.com DocumentRoot /var/www/html/stage.issufy.com <Directory "/var/www/html/stage.issufy.com"> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined RewriteEngine on RewriteCond %{SERVER_NAME} =stage.issufy.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent] </VirtualHost>

and here is ssl configuration:

<IfModule mod_ssl.c> <VirtualHost *:443> ServerName stage.issufy.com DocumentRoot /var/www/html/stage.issufy.com <Directory "/var/www/html/stage.issufy.com"> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLCertificateFile /etc/letsencrypt/live/stage.issufy.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/stage.issufy.com/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf </VirtualHost> </IfModule>

Website works fine without cloudfare, but as soon as cloudflare is enabled, it gives errors of 302 redirection.

here is error log

172.68.51.31 - - [17/Jan/2017:18:24:18 +0000] "GET / HTTP/1.1" 302 539 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Dragon/52.15.25.665 Chrome/52.0.2743.82 Safari/537.36" 172.68.51.31 - - [17/Jan/2017:18:24:18 +0000] "GET / HTTP/1.1" 302 538 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Dragon/52.15.25.665 Chrome/52.0.2743.82 Safari/537.36" 172.68.51.31 - - [17/Jan/2017:18:24:18 +0000] "GET / HTTP/1.1" 302 538 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Dragon/52.15.25.665 Chrome/52.0.2743.82 Safari/537.36" 172.68.51.31 - - [17/Jan/2017:18:24:19 +0000] "GET / HTTP/1.1" 302 538 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Dragon/52.15.25.665 Chrome/52.0.2743.82 Safari/537.36" 172.68.51.31 - - [17/Jan/2017:18:24:19 +0000] "GET / HTTP/1.1" 302 539 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Dragon/52.15.25.665 Chrome/52.0.2743.82 Safari/537.36" 172.68.51.31 - - [17/Jan/2017:18:24:19 +0000] "GET / HTTP/1.1" 302 538 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Dragon/52.15.25.665 Chrome/52.0.2743.82 Safari/537.36" 172.68.51.31 - - [17/Jan/2017:18:24:20 +0000] "GET / HTTP/1.1" 302 539 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Dragon/52.15.25.665 Chrome/52.0.2743.82 Safari/537.36" 172.68.51.31 - - [17/Jan/2017:18:24:20 +0000] "GET / HTTP/1.1" 302 539 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Dragon/52.15.25.665 Chrome/52.0.2743.82 Safari/537.36"
Improve this question
5
  • You need to add more information. What software runs the website? Show a curl, access and error logs for Apache, and potentially logs for your application. Commented Jan 17, 2017 at 18:19
  • i have added the error logs. apache is Apache/2.4.18 (Ubuntu) Commented Jan 17, 2017 at 18:28
  • I don't think your question can be answered with the information presented. If you want help you need to give people appropriate information. I suggested a number of pieces of information you should supply, you added one of them. Commented Jan 17, 2017 at 18:33
  • @Tim: can you please what more information do you need? i presented Logs, configuration, should i copy all website code too here? Commented Jan 17, 2017 at 18:35
  • As I said above, a curl (showing response headers), access log, and error log will be a good start. Telling is what the back end is - eg Wordpress, custom written application, etc. Right now question is too broad and has too little information to be answered IMHO. Commented Jan 17, 2017 at 19:04

3 Answers 3

Reset to default
1

If you're using Cloudflare's Flexible SSL offering - your origin web server will see traffic coming in unencrypted under port 80.

In order two resolve this you have a few options:

  • Set Cloudflare's SSL mode to Full or Full (Strict) if your origin supports it. You can even user Cloudflare's Origin CA service to get a free SSL certificate for your web server.
  • Install Mod_Cloudflare for Apache, which will ensure Cloudflare acts transparently - including recording IPs correctly or correcting the SSL environment variable to account for Flexible SSL.
  • Set Apache to account for X-Forwarded-Proto (which reveals what the user is connecting to Cloudflare as).
Improve this answer
0

Seems like Cloudflare's nginx is confused because of some redirect rule:

HTTP/1.1 302 Found Date: Tue, 17 Jan 2017 18:18:09 GMT Content-Type: text/html; charset=iso-8859-1 Connection: keep-alive Set-Cookie: __cfduid=da71659f540fb5dad0c47d48669012aa61484677089; expires=Wed, 17-Jan-18 18:18:09 GMT; path=/; domain=.issufy.com; HttpOnly Location: https://stage.issufy.com Server: cloudflare-nginx CF-RAY: 322bcedefcc859d2-VIE

Have you tried disabling your .htaccess file completely and then re-adding rule-by-rule to eliminate the issue there?

Improve this answer
1
  • yes, i did. but to no use yet. Commented Jan 17, 2017 at 18:25
0 
Redirect / https://stage.issufy.com

This would seem to be the only 302 (temporary) redirect in your config.

How is the CloudFlare SSL implemented? If you are using CloudFlare as a frontend proxy that handles the SSL (the only option on the free version AFAIK) then your website still serves content on HTTP (port 80) to CloudFlare and the connection is only encrypted from CloudFlare to the client. In this case, the above redirect would indeed result in a 302 redirect loop. (This should normally be implemented as a 301. ie. Redirect 301 ...)

If this is the case then there are some additional HTTP request headers you can check to see whether the client is accessing your site (or rather CloudFlare) by HTTPS or not.

RewriteEngine on RewriteCond %{SERVER_NAME} =stage.issufy.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

Incidentally, this is trying to do the same thing as your single Redirect directive above (albeit permanently). Use one or the other, not both.

Preferably you would use a single Redirect 301 (mod_alias) directive. However, if you are needing to check for proxy HTTP request headers in order to determine HTTPS then you will need mod_rewrite.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.