PHP: Force https://

KMatle

Expert
Licensed User
Longtime User
If you use php as the backend of your app, this is how you ensure your script is used via https:// only

B4X: 
if($_SERVER["HTTPS"] != "on")
    {
        header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
        exit();
    }

It just calls your own script with all given parameters and https:// and closes the actual one.
Just add this snippet to the top of you php script.
 
S

sorex

Expert
Licensed User
Longtime User
the problem is that your data is already sent over without encryption.

you can remove port 80 as listening port in apache then you're sure nobody can connect to it without https first.
 

KMatle

Expert
Licensed User
Longtime User
You must log in or register to reply here.
Menu
Log in
Register
Cookies are required to use this site. You must accept them to continue using the site. Learn more…