Detecting SSL

jeofoyster

I don't know if there is a PHP solution to this or not, if you know of another place I should look, let me know.
I've seen this before but don't know how to do it: Is there a way to detect if the user is connecting to a webpage via SSL (https://), and if not, send an error message informing them of the need to connect via SSL?

Thanks!
Jeof

Anon

The best solution that I've found is to set up your webserver to have all SSL connection go to a different root directory. This way you can keep all of your encrypted information in one place and keep the users from making a mistake and accessing sensitive information in an unsecured browser. Then you can create stub files in your non encrypted directory for all of the encrypted files that just re-directs the users browser to the proper place.

Or if you don't want to do that you can check the $HTTP_SERVER_VARS["SERVER_PORT"] and see if it = 80, and if so re-direct the browser to the secure link.

hawleyj

I agree with Rob, but I think what you are talking about is customized error pages. I use them at work especially for 128-bit encryption requirements.

The server has a default error page set somewhere, and to do this you'll need access to it. We set ours up so if the client has Javascript enabled, we do a redirect and pop a small window telling them they are being redirected and why. If Javascript is not enabled, they get a customized error page explaining the situation and gives them a link to the https equivalent of the page they requested, which is derived dynamically.

The key, though, is having access to your error pages.

HTH,

Jim Hawley