On 11/24/2012 10:58 AM, André Warnier wrote:
Hi.
Inside a mod_perl2 request handler, how can I find out if the current
request was received via HTTP or HTTPS ?
Have you looked into:
$r->scheme; # Will return 'http' or 'https'
Maybe you want to set environment variables:
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html
Could dig into the server config, looking for 'SSLEngine' eq 'on':
my $tree = Apache2::Directive::conftree(); # Not sure how to distill a
tree for the 'current request'
my @nodes = $tree->lookup('SSLEngine');
Note that if you're sitting behind a reverse-proxy, it will be the one
negotiating SSL with the client.
Note that one can form urls such as "//www.example.com" and the browser
will use the protocol which served the page.
I mean :
The client (browser e.g.) gets a URL "http://host.x.y/path1/path2..";, and
- translates host.x.y to an IP
- makes a connection to that IP (and port)
- sends a request like :
GET /path1/path2.. HTTP/1.1
Host: host.x.y
...
OR
The client (browser e.g.) gets a URL "https://host.x.y/path1/path2..";,
and
- translates host.x.y to an IP
- makes an *SSL* connection to that IP (and port)
- sends a request like :
GET /path1/path2.. HTTP/1.1
Host: host.x.y
...
and
Inside a handler, I can get
$r->hostname ==> host.x.y
$r->uri and $r->unparsed_uri ==> /path1/path2..
and I can also get the port on which the request was received
(presumably), via
$r->get_server_port
but that is not really a guarantee, any port could be set for either
HTTP or HTTPS.
and then I see
$r->proto and $r->proto_num
but these are relative to the protocol string as it appears in the
first request line, not to the type of connection that was used for
the request.
And in the request, I guess it would always be HTTP/1.1, or ?
(I don't have a HTTPS host right now to check this)
And I haven't really found anything yet in Apache2:RequestRec,
Apache2::Connection or Apache2::ServerRec which would provide that
information.
Is there somewhere a "is_secure()" or something which provides that ?
Or can I rely on the presence/absence of some request header ?
Help..
The point is, I'd like to write the handler once, and use it inside a
HTTP or a HTTPS host indifferently. And if possible, I'd also like to
avoid having to tell the handler where he lives via some PerlSetVar
just for that.
But maybe that's the easiest solution ?
