[ic] Detecting a secure page
JT Justman
jt-lists at sirius.airdelights.com
Mon Jun 12 13:21:46 EDT 2006
Kevin Walsh wrote:
>> Here's some version info:
>>
>> apache-2.0.55-r1
>> mod_perl-2.0.2
>> interchange-5.2.0
>> Interchange::Link-1.9
>>
> It would be interesting to see what environment variables you do get
> from [env] and which of the above packages causes the HTTPS variable
> to not get set in the environment for secure pages. A package and
> version comparison with others who have the same problem will help
> here.
>
Well, I'm running:
apache-2.0.52
mod_perl-2.0.2
interchange-5.5.0-200605220658
I use mod_rewrite to fix urls and prevent access to sensitive pages via
http. Ie, a different set of rewrites for the SSL VirtualHost.
[env SERVER_PORT] - works correctly
[if session shost] - works correctly
$CGI::secure appears to be undefined.
Looking at the apache2 mod_ssl docs, the environment variable has been
changed from 'SSL' to 'HTTPS'. There are others, but it seems that HTTPS
is the one to test.
http://httpd.apache.org/docs/2.0/mod/mod_ssl.html
mod_ssl offers compatibility environment variables, but it doesn't seem
that 'SSL' is one of them:
http://httpd.apache.org/docs/2.0/ssl/ssl_compat.html#variables
JT
--
|Waiting to fix the world since 1995|
"Progress isn't made by early risers. It's made by lazy men trying to
find easier ways to do something."
- Robert Heinlein
More information about the interchange-users
mailing list