Running secure pages behind a proxy

If you plan to run frameworks that automatically try to detect protocol (http/https) behind a load balancer such as CloudFlare, there are some additional configuration steps that you need to take.

In order to detect what the protocol is in use, securepages tests the value of $_SERVER['HTTPS']. Out of the box, this merely reflects the immediate connection to your proxy. If this protocol differs from that used by the original client, then securepages can't work (the most likely outcome is a redirect loop).

To resolve this, you'll need to ask your proxy to send the X-Forwarded-Proto header. While you're free to use any header label you choose, X-Forwarded-Proto seems to have become the de facto standard.

For this to work, your Apache must be loaded with the Env module (All SwiftHost servers have this configuation)

Then you can simply add:


to your .htaccess file

  • 2 Users Found This Useful
Was this answer helpful?

Related Articles

Retain file permissions after git

Edit the .bashrc file in the home directory Add umask 022 to the...