On Thu, 3 Aug 2000, Stas Bekman wrote:
> > use Apache::URI ();
> > $r->parsed_uri->scheme;
> >
> > returns http or https
>
> Not really, you can spoof both:
Does the user have to spoof it deliberately in order for the wrong one to
be detected?
If spoofing requires the user to do it on purpose, then in this case the
$r->parsed_uri->scheme should be sufficient. The other method (putting
HTTPS on a different port and using mod_rewrite to make it transparent) is
better of course, but in case you can't do it for some reason, I think
this will work too.
They don't gain anything by spoofing http/https deliberately; it just
makes their connection not secure.
-Philip Mak ([EMAIL PROTECTED])
