Force Secure Pages (SSL / HTTPS) with Zend Framework
February 18, 2012

Securing Zend Framework

If you have a PHP web application built using the Zend Framework, securing all its pages becomes very easy. You just go ahead and add the following tiny function to your Bootstrap file:


<?php

protected function _initForceSSL() {
    if($_SERVER['SERVER_PORT'] != '443') {
        header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
        exit();
    }
}

What this does is that it captures any non-secure request (Over plain HTTP) and redirects it to HTTPS (HTTP Secure). As an added bonus, Zend Framework will now automatically include HTTPS in all the links that your application outputs (That is, if you're using the ZF utility functions to create your links).

Of course, you’ll need to have an SSL certificate properly configured and installed for your domain name. This is another topic for another post and you’ll find plenty of resources on this one on the net. As always, I recommend using DreamHost, they make the whole process of SSL-related tasks a few clicks away and I couldn’t be happier with their service.


Security Zend Framework Development

Share this post


Written by
Mario Awad

Founder of SOFTKUBE, lead developer, and getting things done addict. Passionate about open source, user interface design, business development, and the tech world.

More about Mario Awad


About
SOFTKUBE

A small team of experts developing simple, usable, and high-quality web solutions. We blog about business, entrepreneurship, web development, and technology.

More about us


Recent Posts

Transform your Custom PHP Script into a Globally Available CLI Command

Shared Office Space for Rent in Dekwaneh, Beirut, Lebanon as a Professional Work Environment

Using Google for Live Unit Conversions

Declaring a Constant Array in PHP

View all posts


All Posts Categories

Business CLI Development Downloads Drupal Email Google Apps Multilingualism Open Source PHP Security SEO Technology Windows Zend Framework