Manne Anliot wrote:
> So in short: How can a module check if the current request is a secure one?
> (without workarounds à la specifying secure ports in configuration files
> etc)
Why is this a "workaround"? This is exactly how SSL is supposed to work.
If you set up a separate VirtualHost on port 443, with a distinct
DocumentRoot (not shared by plain HTTP) and use a SSLRequireSSL
directive you can be guaranteed that any incoming requests are secure.
You sound like you want to serve the same directory on 80 and 443 and
detect when a user is SSL to connect. If so, why not just check the URI
- it has to begin "https".
Rgds,
Owen Boyle.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
