Technically Feasible

Solving a Pound HTTPS Redirect Issue

Likeness of Michael Oldroyd
Michael Oldroyd
⚠️ This content was imported from a previous incarnation of this blog, and may contain formatting errors

I recently had a problem where a Magento store would infinitely redirect, from TLD to sub-domain (i.e. non-www to www). The server was configured behind a reverse proxy, which was handled by Pound (acting as a load balancer and SSL wrapper). Pound is great for handling hand-overs between a caching proxy and application servers, in addition to load balancing multiple servers and wrapping SSL connections to the client. The issue was quite difficult to track down; redirects can be issued at any point in the application stack. We tested adding redirection at each level of the stack in isolation; web server, caching proxy and within the application. All exhibited the same problem, no matter where the redirect was executed from. The redirect loop didn't present itself when redirects were removed either.

Configuring a Solution #

The solution was found by testing each back-end. As we were able to access each back-end independently, we were able to determine that redirection was in fact working. Pound must have been causing the redirects to loop, but we didn't see any reason why it should be doing so.

After some research, Pound does in fact rewrite location headers returned from the server, under certain circumstances. This depends on the aptly named configuration option RewriteLocation 0|1|2. The default setting is 1 when not specified, which means that any Location headers that seem to point to the application server (instead of pound) are rewritten to point to pound. In this case RewriteLocation 0 needed to be set, which fixed the redirection to Magento.

This is necessary where Pound is handling SSL—which it needs to do to function—and application server is configured with SSL offloaded. Pound communicates with the application server via HTTP, and translates any responses from the web server according to the protocol and server address that was initially requested.

Image of me

Michael Oldroyd

Michael is a Software Engineer working in the North West of England.