Solved

Relaibility of $_SERVER['HTTPS'] if user coming through proxy server?

Posted on 2004-09-23
4
220 Views
Last Modified: 2006-11-17

Hi, this may be a stupid question, but will the value of $_SERVER['HTTPS'] be affected if a user coming to my site through a proxy server?  I encountered some reliability issues around usign the $_SERVER['HTTP-REFERRER'] variable.  The PHP documentation mentions that HTTP-REFERRER is not reliabile, but makes no mention of ['HTTPS'].

Is it a reliable method? What is people's experience using $_SERVER['HTTPS'], especially in regards to proxy servers, etc?

Thanks for your help!
0
Comment
Question by:lauriebloyer
  • 3
4 Comments
 
LVL 48

Expert Comment

by:hernst42
ID: 12137843
$_SERVER['HTTPS'] is always set if the connection to your server is made via SSL regardingless wether the user uses a proxy or not.
0
 
LVL 48

Accepted Solution

by:
hernst42 earned 500 total points
ID: 12137877
the HTTP-REFERRER is set on the information given by the browser, so some proxies may remove that information from the clients request and you may not relia on that.
the  $_SERVER['HTTPS'] is set by the server and not taken from any information given by the user/browser
0
 
LVL 9

Expert Comment

by:_GeG_
ID: 12138109
afaik you cannot use a https connection over a proxy
0
 
LVL 48

Expert Comment

by:hernst42
ID: 12138190
If the proxy support SSL/https you can use the proxy also with https. Then the proxy only bypasses the connection. The proxy can't see which information is tunneld via https, it only transfers the data whichout any caching.
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question