Cloudflare Infinite Redirect Loop

Home Forums BulletProof Security Free Cloudflare Infinite Redirect Loop

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • February 22, 2017 at 2:39 pm #32515
    Hannah
    Participant

    Hi, I’m setting up a bunch of clients with SSL this week, and I’ve run into trouble with two of them having redirect loops. I’m using Cloudflare, and their companion plugin + Really Simple SSL is not doing the trick for these two. After exhausting what little I know about this type of redirect ( I used redirect code provided to me by another support person here for my own site a while back that I was sure would work, but wasn’t that lucky), I even tried another plugin that’s supposed to resolve this Cloudflare infinite redirect loop issue, but it didn’t work either. Then I felt like an idiot for trying to take the lazy man’s approach. Right now I have all the pages and admin working fine, but both home pages are blank. So, what I need to know is how to redirect all versions of the domain to the secure, www version in a way that works with and not against the BPS rewrite rules so I can eliminate the redirect loop.

    I have turned off the Automatic https Rewrites in the Cloudflare account settings, and after unsuccessfully trying both the Enable javascript redirection to SSL and Enable WordPress 301 redirection to SSL setting in Really Simple SSL’s plugin settings, I have them disabled as well.

    The sites are: https://www.judybuswell.com and https://www.ekpcreations.com and I would be happy to provide an admin login if you need to get in there yourself. Let’s see if I can implement your guidance myself first.

    Thank you for your expertise!

    February 22, 2017 at 2:53 pm #32516
    AITpro Admin
    Keymaster

    We have created SSL/HTTPS htaccess redirect code, the steps to add it and a checklist of additional things here in this forum topic:  https://forum.ait-pro.com/forums/topic/wordpress-ssl-htaccess-code-rewrite-ssl-rewritecond-server_port/#post-7233  If the problem is with CloudFlare then you should contact them about the problem.  I don’t really know anything about CloudFlare besides any known issues between BPS and CloudFlare. 😉

    February 23, 2017 at 10:58 am #32517
    AITpro Admin
    Keymaster

    hmm maybe you have duplicate SSL/HTTPS and standard htaccess rewriting/redirect code?  The BPS SSL/HTTPS htaccess redirect code works with Cloudflare or anything/everything else.  So you would only need to add the BPS SSL/HTTPS htaccess redirect code.  If you are adding additional SSL/HTTPS htaccess redirect code in addition to the existing BPS standard rewriting/redirect code then that will cause an infinite redirect loop because you only want to rewrite/redirect everything once and not multiple times or with duplicate rewriting/redirect htaccess code.  Email your root htaccess file to:  info at ait-pro dot com.  So I can see if that is the problem.

    February 23, 2017 at 2:50 pm #32518
    AITpro Admin
    Keymaster

    Wow yeah your root htaccess code is a mess.  At this point I advise you to start all over from scratch and just use the BPS SSL/HTTPS htaccess redirect code.  I saw 4-5 blocks of rewrite/redirect code and you MUST ONLY have 1 block of rewrite/redirect code otherwise you will be rewriting/redirecting over and over and that will definitely cause an infinite redirect loop problem.

    Example:  This is 1 block of rewrite/redirect htaccess code.  Your server/site processes this code and rewrites/redirects all pages from http to https.  If you have additional blocks of rewrite/redirect htaccess code then you would be forcing your server/site to do additional rewrites/redirects again.

    Rewrite/Redirect HTTP (non-SSL) to HTTPS (SSL)

    # WP REWRITE LOOP START
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} !=on
RewriteCond %{SERVER_PORT} ^80
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteRule ^index\.php$ - [L]
    February 25, 2017 at 6:24 pm #32530
    AITpro Admin
    Keymaster

    Oh and you should probably take a look at the recent Cloudflare Cloudbleed bug details that were publicly disclosed 2 days ago to see if you need to do anything with or to any sites that you are using Cloudflare on.

    March 2, 2017 at 1:09 pm #32554
    AITpro Admin
    Keymaster

    As it turns out the htaccess code that I saw at the bottom of your Root htaccess file is automatically created by the Endurance Page Cache must-use plugin, which is automatically installed by your Web Host.  See this forum topic for the steps to use/setup this EPC plugin htaccess code on your website:  https://forum.ait-pro.com/forums/topic/endurance-page-cache-infinite-redirect-loop-css-and-js-broken/

    March 3, 2017 at 9:48 am #32555
    Hannah
    Participant

    Thank you. Fortunately, all but two of the sites I have on Cloudflare were added after they had fixed the leak.

    Hannah

    March 3, 2017 at 9:49 am #32556
    Hannah
    Participant

    Thank you so much! I will add that code to this htaccess file now, and there may be other sites that need this but don’t have it too. You guys are such rockstars!

  • Author
    Posts
Viewing 8 posts - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.