On 3/22/08, Isaak Malik <[EMAIL PROTECTED]> wrote: > Actually this has nothing to do with hacking, using PHP to redirect to SSL > URLs is a very good way to do it. > > If you want to force SSL for a few pages only PHP is the best way to do it > as the code can be modified easily, if your whole website requires SSL the > Apache configuration would be the recommended way to do this.
If you want the whole site to use HTTPS then mod_rewrite is the best method. To selectively protect pages, such as a login form or administrative screens, using a redirect within PHP is the best method. A standard post-router plugin that enforces HTTPS for selected paths would be nice. If the target path is designated to be HTTPS only and HTTPS is not in effect, the client is redirected to the same URL with the https:// protocol. If the target path is not designated to be HTTPS only and HTTPS is in effect, the client is redirected to the same URL with the http:// protocol. In all other cases, the plugin would do nothing. Mike -- Michael B Allen PHP Active Directory SPNEGO SSO http://www.ioplex.com/
