How to find out if you're using HTTPS without

2019-01-01 03:24发布

站内问答 / PHP
1011 24 5

I've seen many tutorials online that says you need to check $_SERVER['HTTPS'] if the server is connection is secured with HTTPS. My problem is that on some of the servers I use, $_SERVER['HTTPS'] is an undefined variable that results in an error. Is there another variable I can check that should always be defined?

Just to be clear, I am currently using this code to resolve if it is an HTTPS connection:

if(isset($_SERVER['HTTPS'])) {
    if ($_SERVER['HTTPS'] == "on") {
        $secure_connection = true;
    }
}

标签: php https
举报
24条回答
残风、尘缘若梦
2楼-- · 2019-01-01 04:09

I have just had an issue where I was running the server using Apache mod_ssl, yet a phpinfo() and a var_dump( $_SERVER ) showed that PHP still thinks I'm on port 80.

Here is my workaround for anyone with the same issue....

<VirtualHost *:443>
  SetEnv HTTPS on
  DocumentRoot /var/www/vhost/scratch/content
  ServerName scratch.example.com
</VirtualHost>

The line worth noting is the SetEnv line. With this in place and after a restart, you should have the HTTPS environment variable you always dreamt of

查看更多
0人赞 添加讨论(0) 举报
余生请多指教
3楼-- · 2019-01-01 04:10

If You use nginx as loadbalancing system check $_SERVER['HTTP_HTTPS'] == 1 other checks will be fail for ssl.

查看更多
0人赞 添加讨论(0) 举报
余欢
4楼-- · 2019-01-01 04:11

On my server (Ubuntu 14.10, Apache 2.4, php 5.5) variable $_SERVER['HTTPS'] is not set when php script is loaded via https. I don't know what is wrong. But following lines in .htaccess file fix this problem:

RewriteEngine on

RewriteCond %{HTTPS} =on [NC] 
RewriteRule .* - [E=HTTPS:on,NE]
查看更多
0人赞 添加讨论(0) 举报
浮光初槿花落
5楼-- · 2019-01-01 04:12

This should always work even when $_SERVER['HTTPS'] is undefined:

function isSecure() {
  return
    (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
    || $_SERVER['SERVER_PORT'] == 443;
}

The code is compatible with IIS.

From the PHP.net documentation and user comments :

1) Set to a non-empty value if the script was queried through the HTTPS protocol.

2) Note that when using ISAPI with IIS, the value will be "off" if the request was not made through the HTTPS protocol. (Same behaviour has been reported for IIS7 running PHP as a Fast-CGI application).

Also, Apache 1.x servers (and broken installations) might not have $_SERVER['HTTPS'] defined even if connecting securely. Although not guaranteed, connections on port 443 are, by convention, likely using secure sockets, hence the additional port check.

查看更多
0人赞 添加讨论(0) 举报
十年一品温如言
6楼-- · 2019-01-01 04:12

Making my own function from reading all previous posts:

public static function isHttps()
{
    if (array_key_exists("HTTPS", $_SERVER) && 'on' === $_SERVER["HTTPS"]) {
        return true;
    }
    if (array_key_exists("SERVER_PORT", $_SERVER) && 443 === (int)$_SERVER["SERVER_PORT"]) {
        return true;
    }
    if (array_key_exists("HTTP_X_FORWARDED_SSL", $_SERVER) && 'on' === $_SERVER["HTTP_X_FORWARDED_SSL"]) {
        return true;
    }
    if (array_key_exists("HTTP_X_FORWARDED_PROTO", $_SERVER) && 'https' === $_SERVER["HTTP_X_FORWARDED_PROTO"]) {
        return true;
    }
    return false;
}
查看更多
0人赞 添加讨论(0) 举报
公子世无双
7楼-- · 2019-01-01 04:13

If you are using Incapsula's load balancer you'll need to use an IRule to generate a custom header for your server. I created an HTTP_X_FORWARDED_PROTO header that is equal to either "http" if the port is set to 80 and "https" if it is equal to 443.

查看更多
0人赞 添加讨论(0) 举报
上一页 1 2 3 4
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)