Zeus and WordPress Part 3: SSL Issues

While working to get WordPress functioning properly on a Zeus Web server, one of the issues I came across was the fact that I couldn’t seem to get any SSL functions working properly. I tried 2 or 3 different plugins, and all of them started causing infinite redirect loops as soon as they were activated.

Eventually, after quite a bit of investigating and testing, I found the cause of the issue: that particular server (and, presumably, all Zeus servers) doesn’t use any of the same indicators that SSL is being used that apache does. On apache servers, PHP usually has a handful of indicators that SSL is currently being used to serve the page. For instance, there’s a server global variable called “HTTPS” that gets set to “on” for many PHP configurations; SSL is generally served over port 443 instead of port 80; etc.

The WordPress HTTPS plugin runs four different checks to see if SSL is running, but all of them fail on Zeus. Following is the check that WordPress HTTPS runs:

public function is_ssl() {
    $https_url = parse_url($this->https_url);
    // Some extra checks for proxies and Shared SSL
    if ( is_ssl() && strpos($_SERVER['HTTP_HOST'], $https_url['host']) === false && $_SERVER['SERVER_ADDR'] != $_SERVER['HTTP_HOST'] ) {
        return false;
    } else if ( isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https' ) {
        return true;
    } else if ( $this->diff_host && !is_ssl() && isset($_SERVER['HTTP_X_FORWARDED_SERVER']) && strpos($this->https_url, 'https://' . $_SERVER['HTTP_X_FORWARDED_SERVER']) !== false ) {
        return true;
    } else if ( $this->diff_host && !is_ssl() && strpos($_SERVER['HTTP_HOST'], $https_url['host']) !== false && (!$this->ssl_port || $_SERVER['SERVER_PORT'] == $this->ssl_port) && (isset($https_url['path']) && !$https_url['path'] || strpos($_SERVER['REQUEST_URI'], $https_url['path']) !== false) ) {
        return true;
    }
    return is_ssl();
}

Like I said, at least on the Zeus server I was dealing with, all four of those checks failed, so it kept reporting that the page wasn’t running over SSL, so it caused an infinite redirect loop.

After a while, I did find a variable (actually, 3 of them) that, while it doesn’t seem to have any consistent value, always seems to be set when running SSL, and never seems to exist when running without SSL. That variable is the $_SERVER[‘HTTP_SSLCLIENTCERTSTATUS’] variable. Checking for the existence of that variable seems to consistently report whether or not SSL is running for the page.

For my purposes, I ended up editing a plugin called WPSSL (simply because it was simpler than making sure I’d edited all of the correct places within WordPress HTTPS) to check the existence of that variable.

Have you come across this same issue on a Zeus server? Is this common, or is this an issue unique to the particular host that’s being used for this project?

Post Your Comment

Your email address will not be published.