Skip to Content

X-Cart Behind Load Balancer with SSL Termination

We recently had some issues with one of our X-Cart sites.  The site is behind a Cloud Load Balancer with SSL termination at Rackspace and X-Cart wouldn’t play nicely, it kept causing an infinite redirect loop because it wouldn’t detect that the request was already secure.

The solution was to have X-Cart properly detect if the request was coming in via HTTPS.  The way the load balancer works is that it accepts traffic on both port 80 and 443.  It forwards all traffic to the server on port 80 (even traffic secured by HTTPS!) and also includes a custom header “HTTP_X_FORWARDED_PROTO” in the response.  X-Cart doesn’t check this header by default, and causes a redirection loop, constrantly trying to forward the user to HTTPS because it doesn’t know that user is actually already in HTTPS.

There’s an easy solution to the problem.  There is an include file that does detection for HTTPS.  That file is located in /include/https_detect.php.

Change that code in that file to include the following lines, notice the check for HTTP_X_FORWARDED_PROTO.

$HTTPS = (
        && stristr($_SERVER[‘HTTP_X_FORWARDED_PROTO’], ‘https’)
    ) || (
        && $_SERVER[‘HTTPS’] == 1
    ) || (
        $_SERVER[‘SERVER_PORT’] == 443
    ) || (
        && is_string($_SERVER[‘SCRIPT_URI’])
        && !strncmp($_SERVER[‘SCRIPT_URI’], ‘https://’, 8)

Get in touch so we can start your
next web project!

Let us know what you’re looking for. We strive to respond in 48 hours, but, every now and then, life gets in the way, so be patient if there’s a delay.

    Back to top