[ic] Detecting a secure page

Grant emailgrant at gmail.com
Sun Jun 11 13:28:41 EDT 2006 

> > I don't know why but none of the
> > following work for me to detect a secure page:
> >
> > [is-secure]
> > [env SERVER_PORT]
> > [if session shost]
> >
> It would be interesting to know which setups prevent the global
> $CGI::secure from being set.  That variable is used by various parts
> of the Interchange core which would not function as designed/expected
> if the $CGI::secure variable is not set correctly.
>
> By the way, $CGI::secure is set from the value of the "HTTPS" environment
> variable (HTTP request environment - not the shell environment).
>
> You should be able to see the HTTPS variable if you put [env] on a test
> page and call it using a https URI.  You should also be able to see 1
> or 0 returned from my [is-secure] tag, if it's all working as expected.

[env HTTPS] returns nothing via http or https.

> Perhaps there's a "problem" with later Apache versions.  Has the name
> of the "HTTPS" environment variable changed recently?  I hope not, but
> we can deal with it easily enough if it has.  I always use Apache 1.3
> and mod_interchange, and it all still works for me.  Some version
> numbers and link program types would be useful from posters to this
> thread.

Here's some version info:

apache-2.0.55-r1
mod_perl-2.0.2
interchange-5.2.0
Interchange::Link-1.9

Over a year ago Mike pinpointed what was preventing me from executing
CGI scripts such as that required by AWStats.  I've taken a year off
from my business and the details have faded, but I believe it was
because of the nature of this block for Interchange::Link in
httpd.conf:

<Location />
SetHandler perl-script
PerlResponseHandler Interchange::Link
PerlOptions +GlobalRequest
PerlSetVar InterchangeServer /usr/local/interchange/etc/socket
PerlSetVar DropRequestList "/interchange-5 /favicon.ico /robots.txt
/_vti_bin/owssvr.dll /MSOffice/cltreq.asp"
PerlSetVar OrdinaryFileList "/catalog/images/"
</Location>

The solution had to do with setting up VirtualHost blocks inside
httpd.conf but I opted to ditch AWStats instead and I currently have
no VirtualHost blocks there at all.  Could this have to do with my
inability to detect https?

- Grant

More information about the interchange-users mailing list