One of my clients had an issue installing 1.5.4. PHP 5.4.22, MySQL 5.5.42-cll, Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.0-fips mod_bwlimited/1.4 mod_fcgid/2.3.6. The install went fine but when the catalog url was accessed noe of the css was being applied. When I investigated I found that the base href was being set to https://domain name even though ssl was not turned on in the configs. I found some code in another similar thread which had some code to test the $_SERVER globals. This doesn't seem to be working correctly as the $request_type variable is being set to SSL. I added some code to loop through and print the settings. I also had it echo the contents of $request_type before the if which tested if request_type was set to NONSSL. Here is the output of that script execution:
Code:
$_SERVER IS
Array
(
[PATH] => /sbin:/usr/sbin:/bin:/usr/bin
[PWD] => /usr/local/cpanel/cgi-sys
[SHLVL] => 0
[SCRIPT_NAME] => /ssltest.php
[REQUEST_URI] => /ssltest.php
[QUERY_STRING] =>
[REQUEST_METHOD] => GET
[SERVER_PROTOCOL] => HTTP/1.0
[GATEWAY_INTERFACE] => CGI/1.1
[REMOTE_PORT] => 48036
[SCRIPT_FILENAME] => /home/domain/public_html/ssltest.php
[SERVER_ADMIN] => [email protected]
[DOCUMENT_ROOT] => /home/domain/public_html
[REMOTE_ADDR] => xx.xx.xx.xx
[SERVER_PORT] => 80
[SERVER_ADDR] => xx.xx.xx.xx
[SERVER_NAME] => domain.com
[SERVER_SOFTWARE] => Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.0-fips mod_bwlimited/1.4 mod_fcgid/2.3.6
[SERVER_SIGNATURE] =>
Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.0-fips mod_bwlimited/1.4 mod_fcgid/2.3.6 Server at domain.com Port 80
[HTTP_CACHE_CONTROL] => max-age=0
[HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.5
[HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
[HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 6.3; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0
[HTTP_CONNECTION] => close
[HTTP_X_FORWARDED_FOR] => xx.xx.xx.xx
[HTTP_X_FORWARDED_SERVER] => domain.com
[HTTP_X_FORWARDED_HOST] => domain.com
[HTTP_X_REAL_IP] => xx.xx.xx.xx
[HTTP_HOST] => domain.com
[UNIQUE_ID] => id@xxxxx
[FCGI_ROLE] => RESPONDER
[PHP_SELF] => /ssltest.php
[REQUEST_TIME_FLOAT] => 1430237242.92
[REQUEST_TIME] => 1430237242
[argv] => Array
(
)
[argc] => 0
)
HTTPS server https://domain.com
Protocol was detected: SSL
Array
(
[PATH] => /sbin:/usr/sbin:/bin:/usr/bin
[PWD] => /usr/local/cpanel/cgi-sys
[SHLVL] => 0
[SCRIPT_NAME] => /ssltest.php
[REQUEST_URI] => /ssltest.php
[QUERY_STRING] =>
[REQUEST_METHOD] => GET
[SERVER_PROTOCOL] => HTTP/1.0
[GATEWAY_INTERFACE] => CGI/1.1
[REMOTE_PORT] => 48036
[SCRIPT_FILENAME] => /home/domain/public_html/ssltest.php
[SERVER_ADMIN] => [email protected]
[DOCUMENT_ROOT] => /home/domain/public_html
[REMOTE_ADDR] => xx.xx.xx.xx
[SERVER_PORT] => 80
[SERVER_ADDR] => xx.xx.xx.xx
[SERVER_NAME] => domain.com
[SERVER_SOFTWARE] => Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.0-fips mod_bwlimited/1.4 mod_fcgid/2.3.6
[SERVER_SIGNATURE] =>
Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.0-fips mod_bwlimited/1.4 mod_fcgid/2.3.6 Server at domain.com Port 80
[HTTP_CACHE_CONTROL] => max-age=0
[HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.5
[HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
[HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 6.3; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0
[HTTP_CONNECTION] => close
[HTTP_X_FORWARDED_FOR] => xx.xx.xx.xx
[HTTP_X_FORWARDED_SERVER] => domain.com
[HTTP_X_FORWARDED_HOST] => domain.com
[HTTP_X_REAL_IP] => xx.xx.xx.xx
[HTTP_HOST] => domain.com
[UNIQUE_ID] => id@xxxxxx
[FCGI_ROLE] => RESPONDER
[PHP_SELF] => /ssltest.php
[REQUEST_TIME_FLOAT] => 1430237242.92
[REQUEST_TIME] => 1430237242
[argv] => Array
(
)
[argc] => 0
)
This is the code I found in the other thread
PHP Code:
<?php
define('HTTPS_SERVER', 'https://put-your-https-URL-here');
$request_type = (((isset($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) == 'on' || $_SERVER['HTTPS'] == '1'))) ||
(isset($_SERVER['HTTP_X_FORWARDED_BY']) && strpos(strtoupper($_SERVER['HTTP_X_FORWARDED_BY']), 'SSL') !== false) ||
(isset($_SERVER['HTTP_X_FORWARDED_HOST']) && (strpos(strtoupper($_SERVER['HTTP_X_FORWARDED_HOST']), 'SSL') !== false || strpos(strtolower($_SERVER['HTTP_X_FORWARDED_HOST']), str_replace('https://', '', HTTPS_SERVER)) !== false)) ||
(isset($_SERVER['SCRIPT_URI']) && strtolower(substr($_SERVER['SCRIPT_URI'], 0, 6)) == 'https:') ||
(isset($_SERVER['HTTP_X_FORWARDED_SSL']) && ($_SERVER['HTTP_X_FORWARDED_SSL'] == '1' || strtolower($_SERVER['HTTP_X_FORWARDED_SSL']) == 'on')) ||
(isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && (strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'ssl' || strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https')) ||
(isset($_SERVER['HTTP_SSLSESSIONID']) && $_SERVER['HTTP_SSLSESSIONID'] != '') ||
(isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == '443')) ? 'SSL' : 'NONSSL';
if ($request_type=='NONSSL') {
if (isset($_SERVER['HTTP_X_FORWARDED_SERVER']) && strpos(strtolower($_SERVER['HTTP_X_FORWARDED_SERVER']), str_replace('https://', '', HTTPS_SERVER)) !== false) {
$request_type .= '<br> ... BUT HTTP_X_FORWARDED_SERVER may contain useful info. You may need to upgrade to a newer ZC version';
}
}
echo 'Protocol detected: ' . $request_type . '<br /><br /><br /><pre>' . print_r($_SERVER, TRUE) . '</pre>';
It looks to me like
PHP Code:
(isset($_SERVER['HTTP_X_FORWARDED_HOST']) && (strpos(strtoupper($_SERVER['HTTP_X_FORWARDED_HOST']), 'SSL') !== false || strpos(strtolower($_SERVER['HTTP_X_FORWARDED_HOST']), str_replace('https://', '', HTTPS_SERVER)) !== false))
should have caused NONSSL to be set. Am I interpreting this incorrectly or do I have some sort of an error or hosting config problem?
Bookmarks