How can I force users to access my page over HTTPS instead of HTTP?


Question

I've got just one page that I want to force to be accessed as an HTTPS page (PHP on Apache). How do I do this without making the whole directory require HTTPS? Or, if you submit a form to an HTTPS page from an HTTP page, does it send it by HTTPS instead of HTTP?

Here is my example:

http://www.example.com/some-page.php

I want it to only be accessed through:

https://www.example.com/some-page.php

Sure, I can put all of the links to this page pointed at the HTTPS version, but that doesn't stop some fool from accessing it through HTTP on purpose...

One thing I thought was putting a redirect in the header of the PHP file to check to be sure that they are accessing the HTTPS version:

if($_SERVER["SCRIPT_URI"] == "http://www.example.com/some-page.php"){
  header('Location: https://www.example.com/some-page.php');
}

But that can't be the right way, can it?

BTW, please pay no attention to the URL. I know that if it were actually a page where there was a shopping cart, etc., you would do it a different way. Think of it as a page from a site that sells one item for one price where you type in your credit card info to be submitted to a payment gateway on an external site for the express purpose of charging your card one time.

1
130
4/6/2017 10:14:06 AM

The way I've done it before is basically like what you wrote, but doesn't have any hardcoded values:

if($_SERVER["HTTPS"] != "on")
{
    header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
    exit();
}
168
6/21/2011 4:34:31 PM

Licensed under: CC-BY-SA with attribution
Not affiliated with: Stack Overflow
Icon