Force SSL not working either with Joomla or htaccess

Amol Chakane asked:

We have a multiple sites in Joomla. Following are the details.

  • Hosted on domain mydomain.co.in, sub.mydomain.co.in.
  • Amazon EC2 instance, behind load balancer.
  • We have bought WildCard SSL certificate for *.mydomain.co.in and configured it on load balancer.

I have set Live Site variable from Joomla configuration to https://sub.mydomain.co.in.
When I browse site with https://sub.mydomain.co.in or http://sub.mydomain.com, it works fine. But I would like to force all requests to https://.

I tried to achieve this by

  • Setting Force SSL variable to Entire Site in Joomla configuration.
  • Adding following code in .htaccess

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

But nothing works, when I do either of these two browser says This page has redirect loop.
I dug a little more to look whether redirection is happening from any other places like.

  • Virtual host configuration in httpd.conf
  • Any Joomla redirect plugins.

But there is no such code/plugin which is causing redirection loop.

Can anyone help?

Thanks in Advance.

My answer:


You are checking the wrong variable in your rewrite condition.

Because you are using Amazon Elastic Load Balancer to terminate your SSL sessions, Apache in your instance is unaware that they came in via HTTPS, and does not set HTTPS.

ELB sets the X-Forwarded-Proto header to http or https depending on how the request was received. You can check this header instead, to effect the redirect.

RewriteEngine on 
RewriteCond %{HTTP:X-Forwarded-Proto} !https 
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.