This can get more complicated depending on where PHP sits in your environment, since your question is quite broad. This may depend on whether there's a load-balancer and how it's configured. Here are are a few related questions:
- How can I prevent access to PHP files if the caller isn't using HTTPS?
- Detecting HTTPS vs HTTP on server sending back nothing useful
