re-direct SSL pages using header statement based on port

Question

I found this in the header.php file of a e-commerce site. Is this better done in a .htaccess file.

Also what would happen to any post parameters that get caught in the header statement.

// flip between secure and non-secure pages
$uri = $_SERVER['REQUEST_URI'];

// move to secure SSL pages if required
if (substr($uri,1,12) == "registration") 
{
    if($_SERVER['SERVER_PORT'] != 443) {   
       header("HTTP/1.1 301 Moved Permanently");
       header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
       exit();
    }
}
// otherwise us regular non-SSL pages
else
{
     if($_SERVER['SERVER_PORT'] == 443) {   
        header("HTTP/1.1 301 Moved Permanently");
        header("Location: http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
        exit();   
    }
}

score 0 · Answer 1 · answered Sep 01 '10 at 14:38

Yes, this could be done in the .htaccess file using mod_rewrite for instance. But why bother ? The application writer probably did not want to assume a specific web server or increase the complexity of the server configuration, and so handled it at the application level.

I believe the POST parameters would be lost in translation, but one must assume that's something the application writer took into consideration.

re-direct SSL pages using header statement based on port

1 Answers1