in apache, well, i'm not much of a MOD_REWRITE guy...
in PHP, it's rather simple (at least for me... lol).
http://us3.php.net/manual/en/reserved.v ... les.server
danvasile at pentest dot ro
21-Mar-2007 02:22
If you have problems with $_SERVER['HTTPS'], especially if it returns no values at all you should check the results of phpinfo(). It might not be listed at all.
Here is a solution to check and change, if necessary, to ssl/https that will work in all cases:
- Code: Select all
<?php
if ($_SERVER['SERVER_PORT']!=443) {
$sslport=443; //whatever your ssl port is
$url = "https://". $_SERVER['SERVER_NAME'] . ":" . $sslport . $_SERVER['REQUEST_URI'];
header("Location: $url");
}
?>
Of course, this should be done before any html tag or php echo/print.
now remember, for me, all i ever wanna SSL/HTTPS are pages that must be encrypted.
take gmail as an example, only time they HTTPS is when you are at the login screen. all other screens are just regular HTTP'ed.
all of the HTTPS'ing places additional load on the server due to the encryption and decryption process...