Cannot detect $_SERVER['HTTPS'] even though SSL is enabled

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
vox php
Forum Newbie
Posts: 3
Joined: Mon Mar 15, 2004 10:38 pm

Cannot detect $_SERVER['HTTPS'] even though SSL is enabled

Post by vox php »

Hi everybody -

[System Specs]
PHP Version 4.1.2
Server API = CGI
OpenSSL Version = 0.9.6b
Apache 2.0.44 (Unix) - Linux server
SSL is enabled and working on the server

Display Errors: On
Error Level: Not E_ALL
Register Globals: On (should be and will be turned off soon, heh)
There have been no changes to the server specs other than a 'storage space' upgrade.

I've searched the web, Phuse, checked various php manuals/books, searched various forums, but I can't find a clue as to what's
wrong with the following code. I'm relatively new to php and I don't know anyone else who codes so you folks are my last resort :)

I've placed this code (and many variants) in a .php page on my server and it always returns a 'false', even though SSL is enabled and working on the server. If I type "https://...mytestpageaddress..." into the address bar of the browser (I've tried 4 different browsers just to see if my browser config was wonky) the https page loads fine except I get the "Must be a secure connection" line. This code has always returned a "Hello" when the page request came in from https, but for some reason it now does not. All I need to do is detect if https is on; really I'm just curious as to what I'm doing wrong...

Code: Select all

<?php

if ($_SERVER['HTTPS'] !== 'on') {
	die("Must be a secure connection.");
}

echo 'HELLO!';
exit;

?>
I've also tried this variant:

Code: Select all

<?php

if ('on' == $_SERVER['HTTPS']) {
	print "SSL enabled.";
} else {
     print "Must be a secure connection.";
}
?>
...etc., etc. This should be an easy answer, but I can't understand why the code would suddenly return a 'false'.

Thanks in advance for the help!

Vox
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

try this script:

Code: Select all

echo "<pre>";
var_dump($_SERVER);
echo "</pre>";
to see which server vars are set.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

or use the port number - 443 is https, 80 is http
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
vox php
Forum Newbie
Posts: 3
Joined: Mon Mar 15, 2004 10:38 pm

Post by vox php »

Thanks for the quick responses :)

Weirdan: var_dump() doesn't show anything out of the ordinary, and it doesn't mention https. I checked it through an http request and then an https request. I don't think ['HTTPS'] would show as 'set' in the $_SERVER array in the var_dump, would it? Pardon my newbness here :O

pickle: I'll look in to checking the port #. Not sure how, but I'll figure it out :)

What I would like to do is to have a piece of code in the top of a page that checks to see if the request came in through https. If so, proceed. If not, die. The aforementioned code worked fine for months. I just can't figure out why it does not work all of a sudden. :(
vox php
Forum Newbie
Posts: 3
Joined: Mon Mar 15, 2004 10:38 pm

Post by vox php »

Anybody have any other ideas about this? I don't have access to php.ini or the server config files, so I'm pretty much out of ideas. I just don't understand what could be preventing the above code from detecting whether SSL is on. If the $_SERVER['HTTPS'] variable is not set, how would one detect if the page request came in through ssl (port only shows as 80 - does this mean it's proxied?)? And why *wouldn't* it be set in the first place? <sigh>

I sure could use the help!


vox
Post Reply