I have made a sweet api but I want to only accept requests to ssl version so if users submit their $_REQUEST to http://example.com then I would like to detect that and show them a warning.
Asked
Active
Viewed 503 times
1
-
Possible duplicate of [PHP Get Site URL Protocol - http vs https](http://stackoverflow.com/questions/4503135/php-get-site-url-protocol-http-vs-https) – CherryDT May 09 '16 at 17:05
-
Is there any reason that PHP needs to know that https was not used other than displaying the error? Would it be possible to use an [.htaccess redirect](http://www.inmotionhosting.com/support/website/ssl/how-to-force-https-using-the-htaccess-file) instead? – MonkeyZeus May 09 '16 at 17:08
-
Not really becasue once they have made the insecure request its game over already so I want to block them after the first request and say "hey guy, you can only query this api with ssl otherwise you are going to leak data across the internet which is not going to do anyone any favours". – Craig Edmonds May 09 '16 at 19:14
1 Answers
1
If you're using apache with mod_ssl, check the directive called SSLRequireSSL And for nginx should be something similar here. This is used to allow/deny access to your files/scripts depending on the port which the request comes from.
Polak
- 656
- 13
- 22