#4075 (ok 4.0.10) Support A10 Networks load balancer

[Rob Spekschoor]

Enabling ForceSSL results in redirect loop. Tested with Chrome and Firefox (Mac)

$cfg['ForceSSL'] = TRUE;

[Abhishek Kandoi]

I would like to work on this bug.

There are a few things I would like to know regarding the same:
Do you have SSL enabled on your web server?
What should happen in the case where SSL is not enabled?

[Rob Spekschoor]

SSL is not enabled on the server. We use two servers with a loadbalancer appliance in front of it. SSL is offloaded on the loadbalancer.

If I use HTTPS manually in front of the URL it works BUT when the login window appears phpMyAdmin automtically redirects to HTTP. I have to change it to HTTPS manually again

[Isaac Bennetch]

I believe in this case setting ForceSSL to true is the correct procedure; if I understand correctly when you do that is when the redirect loop occurs.

To answer Abhishek Kandoi, I feel phpMyAdmin shouldn't do any specific testing, as in this case the webserver isn't actually doing the SSL but the application still should know it's running under SSL.

Is there any chance your load balancer is bouncing the request between two phpMyAdmin instances? That might potentially confuse phpMyAdmin if it's authenticated to one and then tries to redirect to the main page of the other.

[Rob Spekschoor]

That chance is very very small. The webservers use 1 shared pool for PHP sessions and loadbalancer uses one server per session.

[Isaac Bennetch]

Sorry, but I'm having trouble reproducing this, although I'm not running behind a load balancer and am handling the ssl directly in my Apache instance so the reproduction isn't exact. I'll see if I can get more input on this.

[Michal Čihař]

I guess the problem here is that phpMyAdmin is not able to correctly detect URL. Setting $cfg['PmaAbsoluteUri'] should help.

[Rob Spekschoor]

OK clear. I found out that $_SERVER['HTTPS'] from loadbalancer is forwarded as $_SERVER["HTTP_HTTPS_FROM_LB"] so that explains your post above.

However, what does not make sense to me is why I am automatically redirected to HTTP after logging into phpMyAdmin using HTTPS.

[Marc Delisle]

Rob,
see https://sourceforge.net/p/phpmyadmin/bugs/4120/ which is fixed in 4.0.9; please confirm.

[Rob Spekschoor]

Hi,

I’m still redirected to http after logging in through ssl. Problem is probably our loadbalancer which uses different variable than $_SERVER[‘HTTPS’].

Met vriendelijke groet / Regards,

Rob Spekschoor

On 12 nov. 2013, at 18:25, Marc Delisle lem9@users.sf.net wrote:

Rob,
see https://sourceforge.net/p/phpmyadmin/bugs/4120/ which is fixed in 4.0.9; please confirm.

[bugs:#4075] ForceSSL results in redirect loop

Status: open
Created: Wed Aug 28, 2013 09:54 AM UTC by Rob Spekschoor
Last Updated: Tue Sep 10, 2013 02:33 PM UTC
Owner: nobody

Enabling ForceSSL results in redirect loop. Tested with Chrome and Firefox (Mac)

$cfg['ForceSSL'] = TRUE;

Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/phpmyadmin/bugs/4075/

To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/

[Rob Spekschoor]

Hi Marc,

I checked documentation from A10 Networks (loadbalancer we use) and phpmyadmin code and was able to fix this in libraries/Config.class.php. Diff:

1553,1556d1552
< } elseif (PMA_getenv('HTTP_HTTPS_FROM_LB')
< && strtolower(PMA_getenv('HTTP_HTTPS_FROM_LB')) == 'on'
< ) {
< $url['scheme'] = 'https';

A10 uses by default following header forwards:
$_SERVER["HTTPS”] -> $_SERVER["HTTP_HTTPS_FROM_LB”]
If possible, at this change in future releases.

Met vriendelijke groet / Regards,

Rob Spekschoor

[Marc Delisle]

Hi Rob,
patch accepted and merged for 4.0.10, thanks:
https://github.com/phpmyadmin/phpmyadmin/commit/c7f3d8368d08d77ed16c12b2eae8dacf46fb45f3