在 $_SERVER PHP ,Codigniter,Load Balancer 后面的服务器中没有获得 https = on
Not getting https = on in $_SERVER PHP ,Codigniter, Server behind Load Balancer
我通过以下方式访问域:https://domainname.com,这是它的 $_SERVER 响应
Array
(
[UNIQUE_ID] => VcmHo6LRO1IAAB-fDU0AAAAK
[SCRIPT_URL] => /
[SCRIPT_URI] => http://DOMAIN/
[HTTP_USER_AGENT] => Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.125 Safari/537.36
[HTTP_X_FORWARDED_FOR] => 27.106.8.158
[HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
[HTTP_SSLCLIENTCERTSTATUS] => NoClientCert
[HTTP_X_FORWARDED_PROTO] => https
[HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.8
[HTTP_SSLCLIENTCIPHER] => SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA, version=TLSv1.2, bits=256
[HTTP_HOST] => DOMAIN NAME
[HTTP_SSLSESSIONID] => 93C33C49696542DC405250B49D36C222CBC06F747494EB56BB5C756A59DF8419
[HTTP_X_CLUSTER_CLIENT_IP] => 27.106.8.158
[HTTP_COOKIE] => fbm_153033148171841=base_domain=.DOMAIN; PHPSESSID=6gpp73p5k5ce4lg5lqut4ql3i5; PHPSESSID=v0vr962t7vtdtggo5tush5ndc1; X-Mapping-fjhppofk=843133EAD64CFF0FA30A00FC3D699430; fbsr_153033148171841=2MX-iaC6soGRrwIGXsPmsjGTdvLJ9UymLxPJS91gGyQ.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImNvZGUiOiJBUUNPenN5blVpbVZURVlBTHBiVERIaDl5REMtVC1sSEVCMUJLTWFxUno5bk0tT2M4eTFla256RktNYXdNSWZuWVExUWV1c09XUDNwU0M3dDJxZEdKWnhSZE9pLTRLRVdadTVkdW9OaVRiX2xEWmZ4Y0VuSHJBeFppOTVzbFhOQjlyajJUTWNTREdrNWhNX0VMUzBiXzJxbWtZSTNVX0lWVlllMjlTczh6LTA5azNPWFJVcko2elZOYkk2cGlLTk9nSGswcTVFd3BfVzlpcGJhYVJFd2dZVHo5U0pkSE9hTWFhSjJQY3dqV09SdWFHUVM1bXBDdFRDaDV2eVRXUTd6NEdDSlJFMHNQYXFOQmhSamhCbkNUdGFlMTJOVWIxR0ItcExhUWFZUzg1bW00VDlaMkFQX292Q1Q5QzlBMVVabWFDR3Frcm1YWWh5WE9kQ1lNYndINVB3MiIsImlzc3VlZF9hdCI6MTQzOTI2OTU5NywidXNlcl9pZCI6IjczMDA3MjI1NCJ9; _gat=1; _ga=GA1.2.1057126601.1438592752
[HTTP_CONNECTION] => keep-alive
[HTTP_X_FORWARDED_PORT] => 443
[HTTP_UPGRADE_INSECURE_REQUESTS] => 1
[HTTP_ACCEPT_ENCODING] => gzip, deflate, sdch
[PATH] => /sbin:/usr/sbin:/bin:/usr/bin
[SERVER_SIGNATURE] => <address>Apache Server at eventseeker.com Port 80</address>
[SERVER_SOFTWARE] => Apache
[SERVER_NAME] => Domain Name
[SERVER_ADDR] => Load balanacer IP
[SERVER_PORT] => 80
[REMOTE_ADDR] => Server IP
[DOCUMENT_ROOT] => /var/www/html/foldername/
[SERVER_ADMIN] => xyz@abc.com
[SCRIPT_FILENAME] => /var/www/html/foldername/index.php
[REMOTE_PORT] => 10052
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.1
[REQUEST_METHOD] => GET
[QUERY_STRING] =>
[REQUEST_URI] => /
[SCRIPT_NAME] => /index.php
[PHP_SELF] => /index.php
[REQUEST_TIME_FLOAT] => 1439270819.984
[REQUEST_TIME] => 1439270819
)
THE 数组没有 $_SERVER['https'] = on ,因此对我来说很难识别域上的有效 HTTPS 命中。
服务器似乎获得了 https 命中,然后将其重定向到 http,因为我们有 [HTTP_X_FORWARDED_PROTO] => https、[HTTP_X_FORWARDED_PORT] => 443 和 [SERVER_PORT] => 80
该域位于负载平衡器之后,它使用 SSL 卸载。可能是什么问题?
如果用户未登录,我需要我的网站在 http 上运行,并且当用户登录网站时应移到 https 之后,直到用户注销它,用户将只能浏览网站https。
谁能帮忙。谢谢你。
在您的设置中,SSL 在负载平衡器上终止。它通过纯 HTTP 将所有连接转发到您的站点,没有加密。但是它添加了 headers 例如 HTTP_X_FORWARDED_PROTO = https,它告诉你用户使用的协议到负载平衡器。
如果您想以不可知的方式检查 HTTPS,这样您的应用程序就不需要知道它是否在负载均衡器之后,请尝试检查两个 HTTPS || HTTP_X_FORWARDED_PROTO 字段。
我通过以下方式访问域:https://domainname.com,这是它的 $_SERVER 响应
Array
(
[UNIQUE_ID] => VcmHo6LRO1IAAB-fDU0AAAAK
[SCRIPT_URL] => /
[SCRIPT_URI] => http://DOMAIN/
[HTTP_USER_AGENT] => Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.125 Safari/537.36
[HTTP_X_FORWARDED_FOR] => 27.106.8.158
[HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
[HTTP_SSLCLIENTCERTSTATUS] => NoClientCert
[HTTP_X_FORWARDED_PROTO] => https
[HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.8
[HTTP_SSLCLIENTCIPHER] => SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA, version=TLSv1.2, bits=256
[HTTP_HOST] => DOMAIN NAME
[HTTP_SSLSESSIONID] => 93C33C49696542DC405250B49D36C222CBC06F747494EB56BB5C756A59DF8419
[HTTP_X_CLUSTER_CLIENT_IP] => 27.106.8.158
[HTTP_COOKIE] => fbm_153033148171841=base_domain=.DOMAIN; PHPSESSID=6gpp73p5k5ce4lg5lqut4ql3i5; PHPSESSID=v0vr962t7vtdtggo5tush5ndc1; X-Mapping-fjhppofk=843133EAD64CFF0FA30A00FC3D699430; fbsr_153033148171841=2MX-iaC6soGRrwIGXsPmsjGTdvLJ9UymLxPJS91gGyQ.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImNvZGUiOiJBUUNPenN5blVpbVZURVlBTHBiVERIaDl5REMtVC1sSEVCMUJLTWFxUno5bk0tT2M4eTFla256RktNYXdNSWZuWVExUWV1c09XUDNwU0M3dDJxZEdKWnhSZE9pLTRLRVdadTVkdW9OaVRiX2xEWmZ4Y0VuSHJBeFppOTVzbFhOQjlyajJUTWNTREdrNWhNX0VMUzBiXzJxbWtZSTNVX0lWVlllMjlTczh6LTA5azNPWFJVcko2elZOYkk2cGlLTk9nSGswcTVFd3BfVzlpcGJhYVJFd2dZVHo5U0pkSE9hTWFhSjJQY3dqV09SdWFHUVM1bXBDdFRDaDV2eVRXUTd6NEdDSlJFMHNQYXFOQmhSamhCbkNUdGFlMTJOVWIxR0ItcExhUWFZUzg1bW00VDlaMkFQX292Q1Q5QzlBMVVabWFDR3Frcm1YWWh5WE9kQ1lNYndINVB3MiIsImlzc3VlZF9hdCI6MTQzOTI2OTU5NywidXNlcl9pZCI6IjczMDA3MjI1NCJ9; _gat=1; _ga=GA1.2.1057126601.1438592752
[HTTP_CONNECTION] => keep-alive
[HTTP_X_FORWARDED_PORT] => 443
[HTTP_UPGRADE_INSECURE_REQUESTS] => 1
[HTTP_ACCEPT_ENCODING] => gzip, deflate, sdch
[PATH] => /sbin:/usr/sbin:/bin:/usr/bin
[SERVER_SIGNATURE] => <address>Apache Server at eventseeker.com Port 80</address>
[SERVER_SOFTWARE] => Apache
[SERVER_NAME] => Domain Name
[SERVER_ADDR] => Load balanacer IP
[SERVER_PORT] => 80
[REMOTE_ADDR] => Server IP
[DOCUMENT_ROOT] => /var/www/html/foldername/
[SERVER_ADMIN] => xyz@abc.com
[SCRIPT_FILENAME] => /var/www/html/foldername/index.php
[REMOTE_PORT] => 10052
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.1
[REQUEST_METHOD] => GET
[QUERY_STRING] =>
[REQUEST_URI] => /
[SCRIPT_NAME] => /index.php
[PHP_SELF] => /index.php
[REQUEST_TIME_FLOAT] => 1439270819.984
[REQUEST_TIME] => 1439270819
)
THE 数组没有 $_SERVER['https'] = on ,因此对我来说很难识别域上的有效 HTTPS 命中。
服务器似乎获得了 https 命中,然后将其重定向到 http,因为我们有 [HTTP_X_FORWARDED_PROTO] => https、[HTTP_X_FORWARDED_PORT] => 443 和 [SERVER_PORT] => 80
该域位于负载平衡器之后,它使用 SSL 卸载。可能是什么问题?
如果用户未登录,我需要我的网站在 http 上运行,并且当用户登录网站时应移到 https 之后,直到用户注销它,用户将只能浏览网站https。
谁能帮忙。谢谢你。
在您的设置中,SSL 在负载平衡器上终止。它通过纯 HTTP 将所有连接转发到您的站点,没有加密。但是它添加了 headers 例如 HTTP_X_FORWARDED_PROTO = https,它告诉你用户使用的协议到负载平衡器。
如果您想以不可知的方式检查 HTTPS,这样您的应用程序就不需要知道它是否在负载均衡器之后,请尝试检查两个 HTTPS || HTTP_X_FORWARDED_PROTO 字段。