$_SERVER['HTTPS'] showing "on" despite not being a HTTPS request
we have a Lighttpd + PHP-FPM setup and getting sometimes non-https requests but the
$_SERVER['HTTPS'] global variable in PHP is showing "on". I'm not able to reproduce it, it happens from time to time - but if it happens it stays this way. All our vhosts on this server are then affected by that problem. We don't have any proxy/routing/load-balancing setup.
Lighttpd version is 1.4.31-4+deb7u5 (Debian Wheezy package). The header somehow gets "corrected" when i access a different vhost via a mod_proxy forwarded request... it feels like "HTTPS" gets cached and then fixed.
I searched the the issue tracker and checked the changelogs of newer Lighttpd versions. The only issue i found that might be somehow related is https://redmine.lighttpd.net/issues/1499 but i'm not really sure... or could this be an PHP issue (running 5.5.38-1~dotdeb+7.1)?
Updated by gstrauss about 1 year ago
- Status changed from New to Duplicate
Sorry. We can't accept bugs from distros whose lighttpd package maintainers do not responsibly take bug fixes into their "maintained" distros.
Also, Wheezy is so old it is no longer maintained by Debian.
What you are seeing was probably fixed almost two years ago in #1499.
Please don't report bugs in ANCIENT versions of the software. Try a modern version of lighttpd and see if you still have an issue. If you do, then please report it.
Also available in: Atom