someguy321 Posted September 21, 2010 Share Posted September 21, 2010 I want to make sure that a specific page (login.php) only has stuff from my https and none from my (or other) http sites. How can I do this? Quote Link to comment Share on other sites More sharing options...
billckr Posted September 22, 2010 Share Posted September 22, 2010 You don't want to be doing this with PHP. This is a good for Apache or mod_rewrite or what ever web-server software you are using. You could use something like; RewriteEngine On RewriteCond %{SERVER_PORT} !443$ RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L] if you really want to use php perhaps something like; if($_SERVER['SERVER_PORT'] != '443') { //Force SSL upon this page header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']); } However, neither of these solutions will ensure that any item on the page it called via SSL. The only way to ensure that is to include it via SSL in the code and using SSL via the web browser. Any item like an image called from say; <img src="http://mydomain.com/images/myimage.jpg" /> Will be insecure because it wasn't called via https, but http, and the users browser will allow access to the page but give them a choice to not load that image. hope this helps. Perhaps others have better solutions.. Bill. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.