Jump to content

How enforce that everything on a page has to be from https?


someguy321

Recommended Posts

You don't want to be doing this with PHP. This is a good for Apache or mod_rewrite or what ever web-server software you are using.  You could use something like;

 

RewriteEngine On

RewriteCond %{SERVER_PORT} !443$

RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]

 

if you really want to use php perhaps something like;

 

if($_SERVER['SERVER_PORT'] != '443') {
    //Force SSL upon this page
    header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']);
}

 

However, neither of these solutions will ensure that any item on the page it called via SSL. The only way to ensure that is to include it via SSL in the code and using SSL via the web browser. Any item like an image called from say;

 

<img src="http://mydomain.com/images/myimage.jpg"  />

 

Will be insecure because it wasn't called via https, but http, and the users browser will allow access to the page but give them a choice to not load that image. hope this helps. Perhaps others have better solutions..

 

Bill.

 

 

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.