Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

detecting protocal and redirecting to https

Posted on 2012-03-25
6
Medium Priority
?
168 Views
Last Modified: 2012-04-05
I know of two methods to verify the protocal, Im just wondering which one is more efficient

if ($_SERVER["HTTPS"] == "off")
// DO THIS

if($_SERVER["SERVER_PORT"] != "443")
// DO THIS

Thanks
0
Comment
Question by:prowebinteractiveinc
6 Comments
 
LVL 2

Accepted Solution

by:
prerakg earned 2000 total points
ID: 37763048
Efficient in which manner? These are simply if statements. Both look good to me depending on the case.
0
 
LVL 8

Expert Comment

by:fundacionrts
ID: 37763049
If you use

if($_SERVER["SERVER_PORT"] != "443")

you always must have your https webs under 443 tcp port and this is not always true. Sometimes, tcp ports like 8443 are used to https.

You can use $_SERVER["SERVER_PROTOCOL"] and search inside for http or https
0
 
LVL 7

Expert Comment

by:Lalit Chandra
ID: 37763179
According to the Standards:

'HTTPS'
Set to a non-empty value if the script was queried through the HTTPS protocol.
Note: Note that when using ISAPI with IIS, the value will be off if the request was not made through the HTTPS protocol.

'REMOTE_PORT'
The port being used on the user's machine to communicate with the web server.

So,If you are using IIS then the above (fist) one is ok.other wise the value will be empty.
In case of PORT, if you use default port to install SSL Certificate,the above code(second) is good,other wise you have to know the port on which your site is working.

So,Which should you use,it tatally depends on you.Both of it will work in the same context.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 111

Expert Comment

by:Ray Paseur
ID: 37763194
This is my teaching example of how to get HTTPS only.  HTH, ~Ray
<?php // RAY_https_only.php
error_reporting(E_ALL);


// DEMONSTRATE HOW TO RESTRICT A SCRIPT SO THAT IT ONLY RUNS BEHIND HTTPS


// IF NOT HTTPS
if (empty($_SERVER["HTTPS"]))
{
    // CONSTRUCT THE HTTPS URL WE WANT, PRESERVING GET VARS
    $my_uri
    = 'https://'
    . $_SERVER["HTTP_HOST"]
    . $_SERVER["REQUEST_URI"]
    ;

    // BAIL OUT WITH 301 AND LOCATION
    header("HTTP/1.1 301 Moved Permanently");
    header("Location: $my_uri");
    exit;
}

// ELSE WE ARE ALREADY IN HTTPS - START SESSION FOR HTTPS ONLY IN ALL SUBDIRECTORIES AND ALL SUBDOMAINS
$x = explode('.', strtolower($_SERVER["HTTP_HOST"]));
$y = count($x);
if ($y == 1) // MAYBE 'localhost'?
{
    $cookie_domain = $x[0];
}
else // SOMETHING LIKE 'www2.atf70.whitehouse.gov'?
{
    // USE THE LAST TWO POSITIONS TO MAKE THE HOST DOMAIN
    $cookie_domain = '.' . $x[$y-2] . '.' . $x[$y-1];
}

$sess_name = session_name();
if (session_start())
{
    // MAN PAGE: http://us2.php.net/manual/en/function.setcookie.php
    setcookie($sess_name, session_id(), NULL, '/', $cookie_domain, TRUE, TRUE);
}

Open in new window

0
 
LVL 7

Expert Comment

by:designatedinitializer
ID: 37804357
Notice that Ray's solution won't work in IIS, which is the case in question ...
YES, in IIS, this:

$_SERVER['HTTPS']=='off'

...will return TRUE if the request was not for https.

NO, you must not rely on the port number.
This is a matter of efficacy, not efficiency, as both things you are trying to compare are exactly the same from an efficiency (memory, processing) point of view.
It's a matter of efficacy, because one method (port number) will fail more often than the other.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 37807770
From the question, I did not get that this was IIS (and I would never use IIS anyway), but if it is a question for IIS, maybe someone can take my code which works correctly on *nix systems and show the Asker how it can be done in IIS.  @prowebinteractiveinc: You might save yourself some time if you run this script (shown here in its entirety) on both HTTP and HTTPS platforms and compare the output carefully.  The parts you want to see are likely to be near the bottom of the output.
<?php phpinfo();

Open in new window

Best to all, over-and-out, ~Ray
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
There are times when I have encountered the need to decompress a response from a PHP request. This is how it's done, but you must have control of the request and you can set the Accept-Encoding header.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question