How to find out if you're using HTTPS without

2019-01-01 03:24发布

站内问答 / PHP
1008 24 5

I've seen many tutorials online that says you need to check $_SERVER['HTTPS'] if the server is connection is secured with HTTPS. My problem is that on some of the servers I use, $_SERVER['HTTPS'] is an undefined variable that results in an error. Is there another variable I can check that should always be defined?

Just to be clear, I am currently using this code to resolve if it is an HTTPS connection:

if(isset($_SERVER['HTTPS'])) {
    if ($_SERVER['HTTPS'] == "on") {
        $secure_connection = true;
    }
}

标签: php https
举报
24条回答
忆尘夕之涩
2楼-- · 2019-01-01 03:48

just for interest, chrome canary at the moment sends 

HTTPS : 1

to the server, and depending on how the server is configured can mean that you get back the following

HTTPS : 1, on

This broke our application because we were testing if on, which it obviously isn't. At the moment, only chrome canary seems to do this, but its worth noting that things from canary generally land in "normal" chrome a short while later.

查看更多
0人赞 添加讨论(0) 举报
梦醉为红颜
3楼-- · 2019-01-01 03:50

If your are using Apache you may always count on

$_SERVER["REQUEST_SCHEME"]

to verify the scheme of the URL requested. But, as mentioned in other answers, it is prudent to verify other parameters before assuming SSL is really being used.

查看更多
0人赞 添加讨论(0) 举报
大哥的爱人
4楼-- · 2019-01-01 03:52

What do you think of this?

if (isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off')
    $scheme = 'https';
else
    $scheme = 'http';
查看更多
0人赞 添加讨论(0) 举报
素衣白纱
5楼-- · 2019-01-01 03:53

I don't think that adding a port is good idea - specially when you got many servers with different builds. that just adds one more thing to remember to change. looking at doc's I think the last line of kaisers is quite good, so that:

if(!empty($_SERVER["HTTPS"]))
  if($_SERVER["HTTPS"]!=="off")
    return 1; //https
  else
    return 0; //http
else
  return 0; //http

seems like perfectly enough.

查看更多
0人赞 添加讨论(0) 举报
高级女魔头
6楼-- · 2019-01-01 03:53

I find these params acceptable as well and more then likely don't have false positives when switching web servers.

  1. $_SERVER['HTTPS_KEYSIZE']
  2. $_SERVER['HTTPS_SECRETKEYSIZE']
  3. $_SERVER['HTTPS_SERVER_ISSUER']

  4. $_SERVER['HTTPS_SERVER_SUBJECT']

    if($_SERVER['HTTPS_KEYSIZE'] != NULL){/*do foobar*/}
查看更多
0人赞 添加讨论(0) 举报
人间绝色
7楼-- · 2019-01-01 03:55 
$secure_connection = ((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') || (!empty($_SERVER['HTTP_HTTPS']) && $_SERVER['HTTP_HTTPS'] != 'off') || $_SERVER['REQUEST_SCHEME'] == 'https' || $_SERVER['SERVER_PORT'] == 443) ? true : false;

Code is checking anything possible and works also on IIS web server. Chrome since v44 do not set header HTTP: 1 so checking HTTP_HTTPS is OK. If this code does not match https it means your webserver or proxy server is poorly configured. Apache itself sets HTTPS flag correctly but there can be problem when you use proxy (e.g. nginx). You must set some header in nginx https virtual host

proxy_set_header   X-HTTPS 1;

and use some Apache module to set HTTPS flag correctly by looking for X-HTTPS from proxy. Search for mod_fakessl, mod_rpaf, etc.

查看更多
0人赞 添加讨论(0) 举报
1 2 3 4 下一页
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)