Menu
I want to detect whether or not a user is viewing a secure page and redirect if not (for logging in).
However, my site travels through a proxy before I see the server variables and the proxy (right now) is telling me that $_SERVER['HTTPS'] is 'on' when the URI clearly indicates otherwise. It also shows 'on' when the user is navigating 'securely'.
Navigating through http:// and https:// both output that $_SERVER['SERVER_PORT'] = 443.
I don't have the ability to make any changes to the proxy so I want to know:
I mined this question for ideas but they mostly revolve around the $_SERVER['HTTPS'] variable being trustworthy. Bah!
It appears that this question is experiencing at least something similar, but s/he was able to resolve it by adapting an apache solution.
Are there any other PHP SERVER variables or tricks available to detect what the user's URI begins with? The only difference between the $_SERVER variables when my site is viewed http versus https are the following:
Are any of these items strong enough to put one's weight upon without it splintering and causing pain later? Perhaps I shouldn't trust anything as filtered through the proxy since it could change at any given time.
Here is my plan to use JavaScript for this purpose; is it the best I have?
function confirmSSL() {
if(location.protocol != "https:") {
var locale = location.href;
locale = locale.replace(/http:\/\//,"https://");
location.replace(locale);
}
}
<body onLoad="confirmSSL()">...
I think if the user has JavaScript disabled in my community, then they hopefully know what they are doing. They should be able to manually get themselves into a secure zone. What sort of <noscript> suggestions would be commonplace / good practice? Something like this, perhaps?:
<noscript>Navigate using https://blah.more.egg/fake to protect your information.</noscript>
PHP solutions that work (with good explanation) will be given preference for the correct answer. Feel free to submit a better JavaScript implementation or link to one.
Many thanks!
911
SSL proxy intercepts traffic between your computer and the Internet. When you go to the “secured” site, the proxy (not your browser) gets a real server certificate and creates a SSL-connection between it and the web servers.
When you go to the “secured” site, the proxy (not your browser) gets a real server certificate and creates a SSL-connection between it and the web servers. The client sent a digital certificate, which looks like a Web server certificate. As a result, it created a “safe” connection between the browser and the proxy server.
While browsing the internet, you may face a variety of SSL connection issues. Some of these errors are caused by server-side issues, while issues with local setup cause others. Broadly specifying, the SSL connection errors will prevent you from browsing a website securely over the Hypertext Transfer Protocol Secure (HTTPS).
; For example, if an SSL connection comes into the ProxySG on port 80 ; (typically used for HTTP instead of SSL), and if Protocol Detection is enabled, ; the ProxySG will see that it is actually SSL traffic and handle it as such.
Although already partially discussed in the question's comments, I'll summarize some suggestions concerning the redirection logic in JavaScript:
window.location instead of location is advisable, an explanation can be found here.I suggest using the following code (adopted from here), which is short and efficient:
<head>
<script type="text/javascript">
if (window.location.protocol != "https:") {
window.location.href = "https:" + window.location.href.substring(window.location.protocol.length);
}
</script>
...
</head>
<body>
...
<noscript>Please click <a href="https://my-cool-secure-site.com">here</a> to use a secure connection!</noscript>
...
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
