Regarding: symfony-docs / cookbook / security / force_https.rst

The default proxy header that Symfony2 looks for from load balancers or proxies is $_SERVER['X_FORWARDED_PROTO']. However there is no standard for this and Amazon load balancers provide $_SERVER['HTTP_X_FORWARDED_PROTO'] . As a result, $request->isSecure() returns as http, even when force https is set, and there is an endless redirect loop. I'm not sure how to override the default values but the cookbook should make a note about this gotcha.