3

I am having a problem with $_SERVER['HTTPS'] being empty when I am actually accessing a page over https.

According to the docs for $_SERVER, this should be non-empty when accessing a page over HTTPS.

Accoding the docs for mod_ssl

This module provides a lot of SSL information as additional environment variables to the SSI and CGI namespace.

Does this mean that I need to explicitly

SetEnv HTTPS on

in Apache if PHP is running as mod_php to get $_SERVER['HTTPS'] set?

I am trying to figure out if something is wrong in my system or if I am seeing normal behavior.

Improve this question

3 Answers 3

Reset to default
4

to properly use SetEnv in your .htaccess you need the mod_env module, like:

<IfModule mod_env.c>
   SetEnv HTTPS on
</IfModule>

otherwise, the $_SERVER["HTTPS"] will be empty..

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I tried this, but now $_SERVER["HTTPS"] is coming as "on" even if I am not using HTTPS.
1

I believe that SetEnv will not work with PHP module; are you using mod_userdir by any chance? This may have an impact.

Alternatively, you could use this kind of detection:

if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off'
    || $_SERVER['SERVER_PORT'] == 443) {

    $secure_connection = true;
}

Btw, this might also happen if you site is load balanced and the balancer runs on regular HTTP connections internally.

Update

I'm not sure whether mod_userdir always has this effect, even if it's not in use.

As for the example, instead of assigning a value to $secure_connection you could (make sure no one is looking) write it into $_SERVER['HTTPS'] itself :)

Improve this answer

2 Comments

No load balancer. mod_userdir is compiled in, but not in use. The SetEnv works; I am mainly trying to figure out if this is normal behavior or if I have an actual problem. Unfortunately, your example doesn't work for me as there is 3rd-party code that is checking $_SERVER['HTTPS']
@MPD can't say much about how mod_userdir exactly affects it, but fwiw i've added a way to still use the example code I posted :)
0

Are you using Apache 2.x or 1.x? I found a comment on the PHP docs for $_SERVER which says that it will not be set with Apache 1.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.