Somacon.com: Articles on websites & etc.

§ Home > Index > Web Development

Force Redirect to SSL with PHP

The public domain code snippet below shows you how to forcibly redirect a web page to SSL using PHP, if you require the page to be SSL encrypted.

The code below works best on Apache web server. On IIS, you may need to use different variables from $_SERVER. Although the 301 header is optional, you may want to use it for search engine friendliness, as described in Permanent Redirect with HTTP 301

// If page requires SSL, and we're not in SSL mode, 
// redirect to the SSL version of the page
if($requireSSL && $_SERVER['SERVER_PORT'] != 443) {
   header("HTTP/1.1 301 Moved Permanently");
   header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
   exit();
}

Variation on the above.

if($_SERVER["HTTPS"] != "on") {
   header("HTTP/1.1 301 Moved Permanently");
   header("Location: https://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"]);
   exit();
}

Created 2008-02-15, Last Modified 2012-02-17, © Shailesh N. Humbad
Disclaimer: This content is provided as-is. The information may be incorrect.