phpsymfonyhttpsredirect-loop

Redirect Loop in symfony2 when forcing https


In my Symfony2 app I have a firewall set up so that everything under the /admin route needs to be run through https, however when deployed I get a redirect loop. I've read the documentation on the Symfony2 site on firewalls, and setting up a login form. I've also read a few Stack Overflow articles and attempted their solutions, but nothing so far.

Below is my configuration, is there something I'm missing?

(As far as I know the server is running Apache, I've no direct access to server configuration from my hosting provider)

access_control:
    # require ROLE_ADMIN for /admin*
    - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
    - { path: ^/login_check, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
    - { path: ^/admin*, roles: ROLE_ADMIN, requires_channel: https}

Solution

  • Based on your own answer, it seems your website is behind a Load Balancer or a Reverse Proxy (since you need to check on the HTTP_X_FORWARDED_PROTO server variable, which is normally empty).

    Your hosting provider may have put such a setup in place without your explicit knowledge. By default, Symfony ignores the X-Forwarded-Proto and X-Forwarded-For headers, unless you add the proxy to a whitelist in your app/config/config.yml file:

    framework:
        trusted_proxies:  [127.0.0.1, ::1]
    

    Where 127.0.0.1 and ::1 should be replaced by the actual proxy/proxies that your hosting provider uses (they should be able to tell you that).

    Doing that should make it work without hacking the app.php file.