Why isn't _SERVER["HTTPS"] set to 1?

php apache webserver

21,575

Solution 1

It turns out that because of the Load Balancer, which handles the SSL encryption/decryption the Web Server doesn't get $_SERVER["HTTPS"], but $_SERVER["HTTP_USESSL"] is set and can be used as a flash for SSL traffic.

Solution 2

Behind a proxy / load balancer

$_SERVER['SERVER_PORT'] was always 80

$_SERVER["HTTPS"] and $_SERVER["HTTP_USESSL"] were NULL

I used $_SERVER['HTTP_X_FORWARDED_PROTO'] that return http or https

Solution 3

Adding to Arnaud Hallais' post, the only way I managed to get the correct protocol on my localhost (apache/mac), testing server (apache/linux) and production site (iis/win) was with:

define("PROTOCOL", isset($_SERVER['HTTP_X_FORWARDED_PROTO']) ? $_SERVER['HTTP_X_FORWARDED_PROTO'] : ((isset( $_SERVER["HTTPS"] ) && strtolower( $_SERVER["HTTPS"] ) == "on" ) ? 'https' : 'http'));

21,575

Author by

SomethingOn

Web/Mobile Developer. Experienced with electronics, embedded systems, database design and development.

Updated on October 31, 2020

Comments

SomethingOn over 3 years

My site has an SSL cert and I'm hitting https://mysite.com/info.php, but under the PHP Variables section _SERVER["HTTPS"] is not being reported. I believe this is causing a problem with a Drupal site where some URLs are being written to the page as https://... where others are being written as http://...

What determines if _SERVER["HTTPS"] is set?

EDIT: This may be the answer to my problem Detecting HTTPS vs HTTP on server sending back nothing useful. Could be a load balancer issue