Lately our installation of WordPress seems to be misbehaving with regards to HTTPS/SSL so we've been trying to understand why some pages are redirected to the unencrypted site (i.e., In some instances, vistors are redirected from https://www.rocket-powered.com to http://www.rocket-powered.com) and others are not.
While investigating this, we discovered that some WHMCS pages are redirected from https://www.rocket-powered.com/whmcs/foo.php to http://www.rocket-powered.com/whmcs/foo.php) and others are not. e.g.,
These scripts redirect from HTTPS to HTTP...
...and these scripts do not redirect from HTTPS to HTTP...
...so we started using openssl to determine what's really going on:
...so now we're wondering if some of these PHP scripts (e.g., index.php, knowledgebase.php) force a redirect to the unencrypted page or if there's some other mechanism at work.
While investigating this, we discovered that some WHMCS pages are redirected from https://www.rocket-powered.com/whmcs/foo.php to http://www.rocket-powered.com/whmcs/foo.php) and others are not. e.g.,
These scripts redirect from HTTPS to HTTP...
- /whmcs/index.php
- /whmcs/knowledgebase.php
...and these scripts do not redirect from HTTPS to HTTP...
- /whmcs/domainchecker.php
- /whmcs/clientarea.php
...so we started using openssl to determine what's really going on:
Code:
eric@eric-x1:~$ openssl s_client -connect rocket-powered.com:443
...
---
GET /whmcs/index.php HTTP/1.1
HOST:www.rocket-powered.com
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Wed, 16 Apr 2014 23:54:30 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: WHMCS1c2qbdetsdVY=e0a8l02gj4t14tnth97nljcit4; path=/; HttpOnly
Location: http://www.rocket-powered.com/whmcs/index.php
X-Powered-By: PleskLin
MS-Author-Via: DAV
GET /whmcs/knowledgebase.php HTTP/1.1
HOST:www.rocket-powered.com
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Wed, 16 Apr 2014 23:55:27 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: WHMCS1c2qbdetsdVY=2mo13cjhoshst68nqqcf8bcgu6; path=/; HttpOnly
Location: http://www.rocket-powered.com/whmcs/knowledgebase.php
X-Powered-By: PleskLin
MS-Author-Via: DAV
GET /whmcs/clientarea.php HTTP/1.1
HOST:www.rocket-powered.com
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 16 Apr 2014 23:57:07 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: WHMCS1c2qbdetsdVY=ha591al583jvjj6sdckfu35d60; path=/; HttpOnly
X-Powered-By: PleskLin
MS-Author-Via: DAV
1207
...<HTML OUTPUT>...
GET /whmcs/domainchecker.php HTTP/1.1
HOST:www.rocket-powered.com
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 17 Apr 2014 00:01:12 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: WHMCS1c2qbdetsdVY=drd70dq09klifj4enmupkb6mb2; path=/; HttpOnly
X-Powered-By: PleskLin
MS-Author-Via: DAV
2ae6
...<HTML OUTPUT>...