Hi I just moved my wordpress site mydomain.com domain from Incapsula over to Cloudflare and enabled flexible ssl and installed Cloudflare wordpress plugin. The front end of site works fine with always HTTPS enabled.
But the wp-login.php url is going in a redirect loop with 302 status when accessing HTTPS version of site
here’s non-https curl header
curl -I http://mydomain.com/wp-login.php
HTTP/1.1 301 Moved Permanently
Date: Tue, 24 Oct 2017 08:04:26 GMT
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 24 Oct 2017 09:04:26 GMT
Location: https://mydomain.com/wp-login.php
Server: Cloudflare-nginx
CF-RAY: 3b2b6ce0c3b68454-ATL
it redirects 301 to properly HTTPS version
but curl header for HTTPS version is doing a 302 temp redirect to HTTPS thus causing a redirect loop
curl -I https://mydomain.com/wp-login.php
HTTP/1.1 302 Found
Date: Tue, 24 Oct 2017 08:04:28 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Set-Cookie: __cfduid=db3468d3a4385f519e54425195181fa001508832268; expires=Wed, 24-Oct-18 08:04:28 GMT; path=/; domain=.mydomain.com; HttpOnly; Secure
Location: https://mydomain.com/wp-login.php
X-Powered-By: centminmod
Server: Cloudflare-nginx
CF-RAY: 3b2b6cef994c5e8e-TPA
I do not have any 302 redirects in my nginx vhost. I checked via a recursive grep of nginx conf directories
grep -rn 302 /usr/local/nginx/conf/
But prior to setting always HTTPS, i did temporarily try a page rule with forward 302 redirect to HTTPS version
*.mydomain.com/*
set to
forward 302 to https://mydomain.com/$2/
but i removed that rule and cleared cache and even tried development mode and still HTTPS version of wp-login.php at https://mydomain.com/wp-login.php
HTTP/1.1 302 Found is giving a 302 temp redirect via curl header checks which aren’t subject to browser level caching.
- Is the old page rule forward with 302 still stuck ?
- I have opened a Cloudflare support ticket but not getting anywhere so far.
- Was wondering if anyone else experienced this where a page rule even if removed is stuck or similar issue with wp-login.php doing a 302 redirect ?