Possible to fix admin URL behind proxy issue without hacking core?

All we need is an easy explanation of the problem, so here it is.

In a previous question I was trying to solve an issue where WordPress was using the wrong url in sortable column headers & pagination in the admin when behind a proxy, the only solution that worked involved modifying core files, specifically

On lines 491 and 658 in wp-admin/includes/class-wp-list-table.php, replace this line

$current_url = ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];

with

if(!empty($_SERVER['HTTP_X_FORWARDED_HOST'])) {
    $hostname = $_SERVER['HTTP_X_FORWARDED_HOST'];
} else {
    $hostname = $_SERVER['HTTP_HOST'];
}
$current_url = ( is_ssl() ? 'https://' : 'http://' ) . $hostname . $_SERVER['REQUEST_URI'];

Anyone know how to do this without modifying the core?

How to solve :

I know you bored from this bug, So we are here to help you! Take a deep breath and look at the explanation of your problem. We have many solutions to this problem, But we recommend you to use the first method because it is tested & true method that will 100% work for you.

Method 1

I threw this question around on Twitter and asked for feedback from some other core developers. My gut instinct was to make $current_url either filterable or generated by a function that could be overridden. This is, apparently, the wrong way about it.

@markoheijnen:
@EricMann Resetting $_SERVER['HTTP_HOST'] sounds like a hackish solution. Same code then can be in wp-config.php

‏@nacin:
@EricMann @markoheijnen Putting it in wp-config is proper. It is not WP’s job to handle reverse proxy situations.

@EricMann @markoheijnen Ideally, they should be set properly before WP (or even PHP) is loaded. wp-config is the alternative.

@markoheijnen:
@nacin @ericmann In this case the server/proxy is wrong configured. So I can see why it then should be fixed in wp-config

From the sounds of this converation, you have two options:

  1. Reconfigure your proxy to set the correct host values before things even get to PHP/WP.
  2. Manually clean and set up $_SERVER['HTTP_HOST'] in your wp-config.php file.

I thought a bit more, and here’s some actual code you could add to wp-config.php to set things up (based on the hacky patch that changes core files):

if ( ! empty( $_SERVER['HTTP_X_FORWARDED_HOST'] ) ) {
    $_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST'];
}

This should set things up such that the default core files don’t need any modification to function correctly. But please note that I can’t test this since I don’t have any kind of proxy setup to verify it against … so if this code doesn’t help fix your situation, please report back and we can try something else.

Method 2

I was having this same issue. We were using Apache as the proxy (ProxyPass & ProxyPassReverse defined) and the simple addition of the following to the virtual host resolved it:

Add to the virtual host:

ProxyPreserveHost on

Method 3

Using Apache httpd v2.4 I use the following to operate /wp-admin under a private apache instance with no modifcation to any code or additions to wp-config.php.

Note: I had to obfuscate the example too much to get past the filter. Hopefully the keywords are enough to get you started.

RequestHeader set Host yourdomain
Header edit* Location ^yourdomain privatedomain

SetOutputFilter Sed
OutputSed “s#yourdomain/#/#g”

My public apache instance denies access to /wp-admin.

Note: Use and implement method 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply