-1

Hello i have my site hosted on Hostinger and i enabled it to force HTTPS, so when people writes http://example.com it goes to https://example.com. I have an API that handles a POST from my program. I already have my api handling requests but i don't know how to "filter" HTTPS. Right now any request (http or https) are accepted by my API, but i want it to ignore or block HTTP request, and only answer to HTTPS.

@edit: Used suggestions on comments and came with the following: RewriteEngine on RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

When i do an HTTPS request it works, but when i do an HTTP request, it makes the request but when i echo the variables sent on the body, they are empty.

Lemon
  • 25
  • 5
  • using .htaccess – Kelvin Jan 11 '19 at 04:40
  • RewriteCond %{HTTPS} !=on RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] – Kelvin Jan 11 '19 at 04:41
  • Hello, i already have the following: RewriteEngine on RewriteCond %{HTTPS} off RewriteCond %{HTTP_HOST} ^example.com$ RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} should i replace that with what you wrote? – Lemon Jan 11 '19 at 04:47
  • Add this at the begin of your API file `if (empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == 'off') return;` this will reject requests made over HTTP! – mahdi azarm Jan 11 '19 at 04:56

3 Answers3

1

in .htaccess

  <IfModule mod_rewrite.c>
       RewriteEngine On
        # Redirection to HTTPS
            RewriteCond %{SERVER_PORT} 80
            RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
        .................
   </IfModule>
Nirina-aj
  • 192
  • 1
  • 3
  • 18
  • Thank you, this worked. I encountered a problem that i will update on the main question. – Lemon Jan 11 '19 at 05:28
0

This should reject HTTP requests with a 403

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ - [F]
user2182349
  • 9,569
  • 3
  • 29
  • 41
0

Since you tag php, you can also use $_SERVER['HTTPS']:

if(!isset($_SERVER['HTTPS'])) {
    header('HTTP/1.0 403 Forbidden');
    die 'You are not allowed to use http';
}
Michael Chourdakis
  • 10,345
  • 3
  • 42
  • 78