On Fri, 9 Feb 2001, Daniel Tryba wrote:
>On Thu, Feb 01, 2001 at 04:29:09PM -0800, Michael Conley wrote:
>> I have several PHP files that I only want users to be able to access via
>> HTTPS. How can I control that on an Apache 1.3.14 server running on RedHat
>> 7? I have openssl and mod_ssl working fine. Currently, I can access all of
>> the files on my site via either http or https. I want to keep certain files
>> (with interesting information) from being accessed via http. I realize this
>> isn't really a PHP question, but I have no idea how to do this.
>
>You could check on which port the request was made for the php file.
>https is usually port 443
>
>if ($SERVER_PORT!=443)
> header("Location: https://server/$PHP_SELF");
While that will usually (99.9% of the time) work, this is closer to 100%:
if(preg_match("!/^https/i", REQUEST_URL)) {
...
}
But the other answer about seperating the server root of the SSL server and
standard server is really, truely, a 100%-of-the-time solution since the files
cannot be accessed any other way, and it doesn't require every page to be
parsed by PHP, so you can isolate PDF, plain text, and graphic files as well
as HTML.
--
____________________________________________________________________________
Adam Knight <[EMAIL PROTECTED]>
AIM: AdamKnight ICQ: 3848971
______________________________Codito, ergo sum______________________________
I'm not expendable, I'm not stupid, and I'm not going.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
