Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

detecting protocal and redirecting to https

Posted on 2012-03-25
6
Medium Priority
?
163 Views
Last Modified: 2012-04-05
I know of two methods to verify the protocal, Im just wondering which one is more efficient

if ($_SERVER["HTTPS"] == "off")
// DO THIS

if($_SERVER["SERVER_PORT"] != "443")
// DO THIS

Thanks
0
Comment
Question by:prowebinteractiveinc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 2

Accepted Solution

by:
prerakg earned 2000 total points
ID: 37763048
Efficient in which manner? These are simply if statements. Both look good to me depending on the case.
0
 
LVL 8

Expert Comment

by:fundacionrts
ID: 37763049
If you use

if($_SERVER["SERVER_PORT"] != "443")

you always must have your https webs under 443 tcp port and this is not always true. Sometimes, tcp ports like 8443 are used to https.

You can use $_SERVER["SERVER_PROTOCOL"] and search inside for http or https
0
 
LVL 7

Expert Comment

by:Lalit Chandra
ID: 37763179
According to the Standards:

'HTTPS'
Set to a non-empty value if the script was queried through the HTTPS protocol.
Note: Note that when using ISAPI with IIS, the value will be off if the request was not made through the HTTPS protocol.

'REMOTE_PORT'
The port being used on the user's machine to communicate with the web server.

So,If you are using IIS then the above (fist) one is ok.other wise the value will be empty.
In case of PORT, if you use default port to install SSL Certificate,the above code(second) is good,other wise you have to know the port on which your site is working.

So,Which should you use,it tatally depends on you.Both of it will work in the same context.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 111

Expert Comment

by:Ray Paseur
ID: 37763194
This is my teaching example of how to get HTTPS only.  HTH, ~Ray
<?php // RAY_https_only.php
error_reporting(E_ALL);


// DEMONSTRATE HOW TO RESTRICT A SCRIPT SO THAT IT ONLY RUNS BEHIND HTTPS


// IF NOT HTTPS
if (empty($_SERVER["HTTPS"]))
{
    // CONSTRUCT THE HTTPS URL WE WANT, PRESERVING GET VARS
    $my_uri
    = 'https://'
    . $_SERVER["HTTP_HOST"]
    . $_SERVER["REQUEST_URI"]
    ;

    // BAIL OUT WITH 301 AND LOCATION
    header("HTTP/1.1 301 Moved Permanently");
    header("Location: $my_uri");
    exit;
}

// ELSE WE ARE ALREADY IN HTTPS - START SESSION FOR HTTPS ONLY IN ALL SUBDIRECTORIES AND ALL SUBDOMAINS
$x = explode('.', strtolower($_SERVER["HTTP_HOST"]));
$y = count($x);
if ($y == 1) // MAYBE 'localhost'?
{
    $cookie_domain = $x[0];
}
else // SOMETHING LIKE 'www2.atf70.whitehouse.gov'?
{
    // USE THE LAST TWO POSITIONS TO MAKE THE HOST DOMAIN
    $cookie_domain = '.' . $x[$y-2] . '.' . $x[$y-1];
}

$sess_name = session_name();
if (session_start())
{
    // MAN PAGE: http://us2.php.net/manual/en/function.setcookie.php
    setcookie($sess_name, session_id(), NULL, '/', $cookie_domain, TRUE, TRUE);
}

Open in new window

0
 
LVL 7

Expert Comment

by:designatedinitializer
ID: 37804357
Notice that Ray's solution won't work in IIS, which is the case in question ...
YES, in IIS, this:

$_SERVER['HTTPS']=='off'

...will return TRUE if the request was not for https.

NO, you must not rely on the port number.
This is a matter of efficacy, not efficiency, as both things you are trying to compare are exactly the same from an efficiency (memory, processing) point of view.
It's a matter of efficacy, because one method (port number) will fail more often than the other.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 37807770
From the question, I did not get that this was IIS (and I would never use IIS anyway), but if it is a question for IIS, maybe someone can take my code which works correctly on *nix systems and show the Asker how it can be done in IIS.  @prowebinteractiveinc: You might save yourself some time if you run this script (shown here in its entirety) on both HTTP and HTTPS platforms and compare the output carefully.  The parts you want to see are likely to be near the bottom of the output.
<?php phpinfo();

Open in new window

Best to all, over-and-out, ~Ray
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
This article discusses how to implement server side field validation and display customized error messages to the client.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question