How can I prevent access to PHP files if the caller isn't using HTTPS?

Question

I have written several PHP web services where I pass in arguments via the URL. To prevent unauthorized access, I pass in a unique key as one of the arguments. I call the PHP

Answer 1

If you are using Apache, you could use mod_rewrite to redirect http requests to be https ones.

For e.g. This is what we use:

RewriteCond %{HTTPS} !=on
RewriteRule ^account(.*) https://%{SERVER_NAME}/account$1   [R=301,L]

This redirects http://domain/account to https://domain/account