Hi I just moved my wordpress site mydomain.com domain from Incapsula over to Cloudflare and enabled flexible ssl and installed cloudflare wordpress plugin. The front end of site works fine with always HTTPS enabled.
But the wp-login.php url is going in a redirect loop with 302 status when accessing HTTPS version of site
here’s non-https curl header
curl -I http://mydomain.com/wp-login.php HTTP/1.1 301 Moved Permanently Date: Tue, 24 Oct 2017 08:04:26 GMT Connection: keep-alive Cache-Control: max-age=3600 Expires: Tue, 24 Oct 2017 09:04:26 GMT Location: https://mydomain.com/wp-login.php Server: cloudflare-nginx CF-RAY: 3b2b6ce0c3b68454-ATL
it redirects 301 to properly HTTPS version
but curl header for HTTPS version is doing a 302 temp redirect to HTTPS thus causing a redirect loop
curl -I https://mydomain.com/wp-login.php HTTP/1.1 302 Found Date: Tue, 24 Oct 2017 08:04:28 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Set-Cookie: __cfduid=db3468d3a4385f519e54425195181fa001508832268; expires=Wed, 24-Oct-18 08:04:28 GMT; path=/; domain=.mydomain.com; HttpOnly; Secure Location: https://mydomain.com/wp-login.php X-Powered-By: centminmod Server: cloudflare-nginx CF-RAY: 3b2b6cef994c5e8e-TPA
I do not have any 302 redirects in my nginx vhost. I checked via a recursive grep of nginx conf directories
grep -rn 302 /usr/local/nginx/conf/
But prior to setting always HTTPS, i did temporarily try a page rule with forward 302 redirect to HTTPS version
forward 302 to https://mydomain.com/$2/
but i removed that rule and cleared cache and even tried development mode and still HTTPS version of wp-login.php at https://mydomain.com/wp-login.php
HTTP/1.1 302 Found is giving a 302 temp redirect via curl header checks which aren’t subject to browser level caching.
- Is the old page rule forward with 302 still stuck ?
- I have opened a cloudflare support ticket but not getting anywhere so far.
- Was wondering if anyone else experienced this where a page rule even if removed is stuck or similar issue with wp-login.php doing a 302 redirect ?