dsghpgmay31938863 2017-01-04 09:42
浏览 292
已采纳

使用PHP检查SSL [关闭]

I need to force my web application to only work over HTTPS, now ordinarily I would check for the existence of the $_SERVER['HTTPS'] value however due to the fact that I use AWS Certificate Manager for issuing and managing my SSL certificate and the application is behind an AWS Load Balancer which terminates the SSL at the LB and sends it on internally using normal HTTP the server is not populating that value.

What I am looking for is a way to detect if the connection is being made over HTTP or HTTPS taking into account the fact that the SSL certificate is on the load balancer and terminates there.

  • 写回答

1条回答 默认 最新

  • drxm5014 2017-01-04 09:57
    关注

    You may check the X-Forwarded-Proto header.

    https://en.wikipedia.org/wiki/List_of_HTTP_header_fields

    a de facto standard for identifying the originating protocol of an HTTP request, since a reverse proxy (or a load balancer) may communicate with a web server using HTTP even if the request to the reverse proxy is HTTPS. An alternative form of the header (X-ProxyUser-Ip) is used by Google clients talking to Google servers.

    X-Forwarded-Proto: https

    With PHP you can check this with:

    apache_response_headers();

    http://php.net/manual/de/function.apache-response-headers.php

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 sub地址DHCP问题
  • ¥15 delta降尺度计算的一些细节,有偿
  • ¥15 Arduino红外遥控代码有问题
  • ¥15 数值计算离散正交多项式
  • ¥30 数值计算均差系数编程
  • ¥15 redis-full-check比较 两个集群的数据出错
  • ¥15 Matlab编程问题
  • ¥15 训练的多模态特征融合模型准确度很低怎么办
  • ¥15 kylin启动报错log4j类冲突
  • ¥15 超声波模块测距控制点灯,灯的闪烁很不稳定,经过调试发现测的距离偏大