[ic] Detecting a secure page
jt-lists at sirius.airdelights.com
Mon Jun 12 13:21:46 EDT 2006
Kevin Walsh wrote:
>> Here's some version info:
> It would be interesting to see what environment variables you do get
> from [env] and which of the above packages causes the HTTPS variable
> to not get set in the environment for secure pages. A package and
> version comparison with others who have the same problem will help
Well, I'm running:
I use mod_rewrite to fix urls and prevent access to sensitive pages via
http. Ie, a different set of rewrites for the SSL VirtualHost.
[env SERVER_PORT] - works correctly
[if session shost] - works correctly
$CGI::secure appears to be undefined.
Looking at the apache2 mod_ssl docs, the environment variable has been
changed from 'SSL' to 'HTTPS'. There are others, but it seems that HTTPS
is the one to test.
mod_ssl offers compatibility environment variables, but it doesn't seem
that 'SSL' is one of them:
|Waiting to fix the world since 1995|
"Progress isn't made by early risers. It's made by lazy men trying to
find easier ways to do something."
- Robert Heinlein
More information about the interchange-users