[ic] Detecting a secure page

JT Justman jt-lists at sirius.airdelights.com
Mon Jun 12 13:21:46 EDT 2006

Kevin Walsh wrote:
>> Here's some version info:
>> apache-2.0.55-r1
>> mod_perl-2.0.2
>> interchange-5.2.0
>> Interchange::Link-1.9
> It would be interesting to see what environment variables you do get
> from [env] and which of the above packages causes the HTTPS variable
> to not get set in the environment for secure pages.  A package and
> version comparison with others who have the same problem will help
> here.

Well, I'm running:


I use mod_rewrite to fix urls and prevent access to sensitive pages via
http. Ie, a different set of rewrites for the SSL VirtualHost.

[env SERVER_PORT] - works correctly
[if session shost] - works correctly
$CGI::secure appears to be undefined.

Looking at the apache2 mod_ssl docs, the environment variable has been
changed from 'SSL' to 'HTTPS'. There are others, but it seems that HTTPS
is the one to test.


mod_ssl offers compatibility environment variables, but it doesn't seem
that 'SSL' is one of them:



	|Waiting to fix the world since 1995|
"Progress isn't made by early risers. It's made by lazy men trying to
find easier ways to do something."
	- Robert Heinlein

More information about the interchange-users mailing list