Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

detecting protocal and redirecting to https

Posted on 2012-03-25
6
Medium Priority
?
166 Views
Last Modified: 2012-04-05
I know of two methods to verify the protocal, Im just wondering which one is more efficient

if ($_SERVER["HTTPS"] == "off")
// DO THIS

if($_SERVER["SERVER_PORT"] != "443")
// DO THIS

Thanks
0
Comment
Question by:prowebinteractiveinc
6 Comments
 
LVL 2

Accepted Solution

by:
prerakg earned 2000 total points
ID: 37763048
Efficient in which manner? These are simply if statements. Both look good to me depending on the case.
0
 
LVL 8

Expert Comment

by:fundacionrts
ID: 37763049
If you use

if($_SERVER["SERVER_PORT"] != "443")

you always must have your https webs under 443 tcp port and this is not always true. Sometimes, tcp ports like 8443 are used to https.

You can use $_SERVER["SERVER_PROTOCOL"] and search inside for http or https
0
 
LVL 7

Expert Comment

by:Lalit Chandra
ID: 37763179
According to the Standards:

'HTTPS'
Set to a non-empty value if the script was queried through the HTTPS protocol.
Note: Note that when using ISAPI with IIS, the value will be off if the request was not made through the HTTPS protocol.

'REMOTE_PORT'
The port being used on the user's machine to communicate with the web server.

So,If you are using IIS then the above (fist) one is ok.other wise the value will be empty.
In case of PORT, if you use default port to install SSL Certificate,the above code(second) is good,other wise you have to know the port on which your site is working.

So,Which should you use,it tatally depends on you.Both of it will work in the same context.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 111

Expert Comment

by:Ray Paseur
ID: 37763194
This is my teaching example of how to get HTTPS only.  HTH, ~Ray
<?php // RAY_https_only.php
error_reporting(E_ALL);


// DEMONSTRATE HOW TO RESTRICT A SCRIPT SO THAT IT ONLY RUNS BEHIND HTTPS


// IF NOT HTTPS
if (empty($_SERVER["HTTPS"]))
{
    // CONSTRUCT THE HTTPS URL WE WANT, PRESERVING GET VARS
    $my_uri
    = 'https://'
    . $_SERVER["HTTP_HOST"]
    . $_SERVER["REQUEST_URI"]
    ;

    // BAIL OUT WITH 301 AND LOCATION
    header("HTTP/1.1 301 Moved Permanently");
    header("Location: $my_uri");
    exit;
}

// ELSE WE ARE ALREADY IN HTTPS - START SESSION FOR HTTPS ONLY IN ALL SUBDIRECTORIES AND ALL SUBDOMAINS
$x = explode('.', strtolower($_SERVER["HTTP_HOST"]));
$y = count($x);
if ($y == 1) // MAYBE 'localhost'?
{
    $cookie_domain = $x[0];
}
else // SOMETHING LIKE 'www2.atf70.whitehouse.gov'?
{
    // USE THE LAST TWO POSITIONS TO MAKE THE HOST DOMAIN
    $cookie_domain = '.' . $x[$y-2] . '.' . $x[$y-1];
}

$sess_name = session_name();
if (session_start())
{
    // MAN PAGE: http://us2.php.net/manual/en/function.setcookie.php
    setcookie($sess_name, session_id(), NULL, '/', $cookie_domain, TRUE, TRUE);
}

Open in new window

0
 
LVL 7

Expert Comment

by:designatedinitializer
ID: 37804357
Notice that Ray's solution won't work in IIS, which is the case in question ...
YES, in IIS, this:

$_SERVER['HTTPS']=='off'

...will return TRUE if the request was not for https.

NO, you must not rely on the port number.
This is a matter of efficacy, not efficiency, as both things you are trying to compare are exactly the same from an efficiency (memory, processing) point of view.
It's a matter of efficacy, because one method (port number) will fail more often than the other.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 37807770
From the question, I did not get that this was IIS (and I would never use IIS anyway), but if it is a question for IIS, maybe someone can take my code which works correctly on *nix systems and show the Asker how it can be done in IIS.  @prowebinteractiveinc: You might save yourself some time if you run this script (shown here in its entirety) on both HTTP and HTTPS platforms and compare the output carefully.  The parts you want to see are likely to be near the bottom of the output.
<?php phpinfo();

Open in new window

Best to all, over-and-out, ~Ray
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
There are times when I have encountered the need to decompress a response from a PHP request. This is how it's done, but you must have control of the request and you can set the Accept-Encoding header.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question