Force https

**charlesh** · 11-12-2008

If you're running ssl and don't want a user to get to a page unsecured, i've created this function to force https based on URI. If you put it in an include file and then run the function at the top of your script, it will redirect back to the page with https invoked.

For those pages that don't require https, to minimize server load, i've created the oppposite function. Let me know how it works out if you use it:

PHP Code:

 function forcehttps(){
  if (!isset($_SERVER['HTTPS']))
 
  {
   $ref = $_SERVER['REQUEST_URI'];
   header("Location:https://wwww.yoursite.com".$ref);
   exit;
 
  }
}
function killhttps(){
  if (isset($_SERVER['HTTPS']))
 
  {
   $ref = $_SERVER['REQUEST_URI'];
   header("Location:http://wwww.yoursite.com".$ref);
   exit;
 
  }
}

**sergey** · 11-12-2008

Thanks for sharing it with us Charles. You can also redirect non-secure urls to secure links by adding one of the following directives to .htaccess file:

Code:

 RewriteEngine On
RewriteCond &#37;{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

or

Code:

 RewriteEngine On
RewriteCond %{SERVER_PORT} !443
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Thread: Force https

LinkBack

Thread Tools

Search Thread

Display

Force https

Similar Threads

[How To] Redirect from HTTP to HTTPS using mod_rewrite

Posting Permissions