I have made a sweet api but I want to only accept requests to ssl version so if users submit their $_REQUEST to http://example.com then I would like to detect that and show them a warning.
3
-
Possible duplicate of PHP Get Site URL Protocol - http vs httpsCherryDT– CherryDT2016-05-09 17:05:00 +00:00Commented May 9, 2016 at 17:05
-
Is there any reason that PHP needs to know that https was not used other than displaying the error? Would it be possible to use an .htaccess redirect instead?MonkeyZeus– MonkeyZeus2016-05-09 17:08:14 +00:00Commented May 9, 2016 at 17:08
-
Not really becasue once they have made the insecure request its game over already so I want to block them after the first request and say "hey guy, you can only query this api with ssl otherwise you are going to leak data across the internet which is not going to do anyone any favours".Craig Edmonds– Craig Edmonds2016-05-09 19:14:40 +00:00Commented May 9, 2016 at 19:14
Add a comment
|
1 Answer
If you're using apache with mod_ssl, check the directive called SSLRequireSSL And for nginx should be something similar here. This is used to allow/deny access to your files/scripts depending on the port which the request comes from.
