How to execute php page with ssl rules

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
shafiq2626
Forum Commoner
Posts: 88
Joined: Wed Mar 04, 2009 1:54 am
Location: Lahore
Contact:

How to execute php page with ssl rules

Post by shafiq2626 »

Hello to every one
i purchased ssl for my website. now i want to run specifice php page with https links.
Or that page only must be execute with https://abc.com/somepage.php.
As other page execute like http://abc.com/othepage.php.
please help me to solve this problem.
thanks
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: How to execute php page with ssl rules

Post by kaisellgren »

Either use .htaccess, or PHP code similar to this:

Code: Select all

function isHttps()
{
 if (strtolower($_SERVER["HTTPS"]) == "on") // IIS
  return true;
 elseif ($_SERVER["HTTPS"] == 1) // Most web servers
  return true;
 elseif ($_SERVER['SERVER_PORT'] == 443) // Others
  return true;
 else
  return false;
}
If it's not HTTPS, then redirect.
User avatar
flying_circus
Forum Regular
Posts: 732
Joined: Wed Mar 05, 2008 10:23 pm
Location: Sunriver, OR

Re: How to execute php page with ssl rules

Post by flying_circus »

kaisellgren wrote:

Code: Select all

function isHttps()
{
 if (strtolower($_SERVER["HTTPS"]) == "on") // IIS
  return true;
 elseif ($_SERVER["HTTPS"] == 1) // Most web servers
  return true;
 elseif ($_SERVER['SERVER_PORT'] == 443) // Others
  return true;
 else
  return false;
}

Hey Kai,

I've been thinking about this piece of code for a bit. Is there a reason you dont just test for the server port in the first place?

Code: Select all

$_SERVER['SERVER_PORT'] == 443
Why bother checking for $_SERVER['HTTPS'] = on || 1?

I have an idea of why you would do that, but I'd rather hear your rationale.
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: How to execute php page with ssl rules

Post by kaisellgren »

Because the port might be different. It's unlikely to happen and it would require the client to know the port, but it's still possible.
User avatar
flying_circus
Forum Regular
Posts: 732
Joined: Wed Mar 05, 2008 10:23 pm
Location: Sunriver, OR

Re: How to execute php page with ssl rules

Post by flying_circus »

kaisellgren wrote:Because the port might be different. It's unlikely to happen and it would require the client to know the port, but it's still possible.
That's what I figured. Would I be wrong to think that if the https port was OTHER than 443, then your script would return a false positive on "Others" web servers? The client wouldn't necessarily have to know the port if he followed a link.

I agree, it's not practical, but maybe possible.
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: How to execute php page with ssl rules

Post by kaisellgren »

flying_circus wrote: if the https port was OTHER than 443, then your script would return a false positive on "Others" web servers?
It would give a false positive. That's why web servers not giving any details about the protocol are not considered safe in today's standards.
shafiq2626
Forum Commoner
Posts: 88
Joined: Wed Mar 04, 2009 1:54 am
Location: Lahore
Contact:

Re: How to execute php page with ssl rules

Post by shafiq2626 »

Hi!
Thanks a lot
kaisellgren wrote:Either use .htaccess, or PHP code similar to this:

Code: Select all

function isHttps()
{
 if (strtolower($_SERVER["HTTPS"]) == "on") // IIS
  return true;
 elseif ($_SERVER["HTTPS"] == 1) // Most web servers
  return true;
 elseif ($_SERVER['SERVER_PORT'] == 443) // Others
  return true;
 else
  return false;
}
If it's not HTTPS, then redirect.
Post Reply