RE: Detecting HTTPS connections under Apache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The %{HTTPS} variable is not an Apache core variable. A more-portable
solution is to check %{SERVER_PORT} for port 80 or port 443 -- or for "not
port 80" or "not port 443." 

Also, you're requiring an *exact* match on "not /user" or "not /admin,"
meaning that directory and file paths below these directories will not be
matched -- They will always be redirected by the second rule. 

In addition, the URL-path in the Request_URI variable always starts with a
slash, and a RewriteCond should not be used to test the URL-path unless the
RewriteRule cannot be used to do this. 

Finally, since the rules are already scoped to http and https by their
locations within the vHost containers, checking %{HTTPS} or %{SERVER_PORT}
is probably not even necessary. 

Most likely, correcting the second problem will fix your code, and the other
inefficiencies can be removed as well: 

<VirtualHost *:80> 
RewriteRule ^/((user|admin)(/.*)?)$ https://example.com/$1 [R=301,L]
</VirtualHost>

<VirtualHost _default_:443>
RewriteCond $1 !^(user|admin)(/.*)?$
RewriteRule ^/(.*)$ http://example.com/$1 [R=301,L]
</VirtualHost>

[added] Alternative format for second rule -- I'm not sure, but it might be
faster: 
<VirtualHost _default_:443>
RewriteRule !^/(user|admin)(/.*)?$ http://example.com%{REQUEST_URI}
[R=301,L]
</VirtualHost>

Richard L. Buskirk

-----Original Message-----
From: Geoff Shang [mailto:geoff@xxxxxxxxxxxxxxx] 
Sent: Thursday, May 26, 2011 3:38 PM
To: php-general@xxxxxxxxxxxxx
Subject:  Detecting HTTPS connections under Apache

Hi,

Apologies if this is covered somewhere but I've searched fairly 
extensively and not found anything.

I'm working on an application which has a function for redirecting to a 
given URL.  This is generally used for redirecting after a form has been 
submitted.

Right now it sends an HTTP URL in the redirection, which means it can't 
work under a secure connection.

I'd like to be able to use it over HTTPS but don't want to force people to 
do this.   So ideally I'd like to be able to detect the protocol in use 
and send the appropriate protocol in the Location header.

The problem is that, at least on the system I'm working on, I can't see 
any way of detecting the protocol.  _SERVER["SERVER_SIGNATURE"] and 
_SERVER["SERVER_ADDR"] both give the port as 80, even if I specify port 
443 in the URL.  I've seen references to _SERVER["HTTPS"] or something 
similar but it's not in the output I get from either "print_r ($_SERVER)" 
or "phpinfo ()".

I'm running PHP Version 5.3.3-7+squeeze1 on Apache/2.2.16 (Debian).  The 
machine is an x86-64 VPS running Debian Squeeze.

I have full access to the VPS, so if something needs tweeking in Apache 
(or anything else) then I can do this.

Thanks in advance,
Geoff.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux