How can we improve WHMCS?

Share, discuss and vote for what you would like to see added to WHMCS


Use of Proxies and Load Balancers is very common, including SSL termination in environments with private networks for backend communications. HTTP_X_FORWARDED_PROTO may indicate that a client is using HTTPS, even if the web server is not communicating with SSL (in the case of SSL termination).

WHMCS understands HTTP_X_FORWARDED_IP (which is provided by proxies, etc), but completely ignores the HTTP_X_FORWARDED_PROTO header.

Because of this deficiency and other oddities in the way WHMCS is evaluating the need for a redirect, WHMCS sends the client on an infinite redirect loop if the web server is not using SSL ($_SERVER['HTTPS']='off') on the local server, even if the browser URL matches exactly with the SystemURL in the configuration database (i.e., HTTP_HOST and REQUEST_URI).

(FYI: In order to work around this issue of incorrect never ending redirects, you can add the following code to your configuration.php file:

if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')

This request is for WHMCS to either:
1. Support the HTTP_X_FORWARDED_PROTO header to recognize the client use of SSL as shown in the code above, or
2. Disavow support for Proxies and Load Balancers instead of providing only partial and broken support.

Post the first comment

Login to post a comment.