Force Secure Pages (SSL / HTTPS) with Zend Framework
If you have a PHP web application built using the Zend Framework, securing all its pages becomes very easy. You just go ahead and add the following tiny function to your Bootstrap file:
protected function _initForceSSL() {
if($_SERVER['SERVER_PORT'] != '443') {
header('Location: https://' . $_SERVER['HTTP_HOST'] .
$_SERVER['REQUEST_URI']);
exit();
}
What this does is that it captures any non-secure request (Over plain HTTP) and redirects it to HTTPS (HTTP Secure). As an added bonus, Zend Framework will now automatically include HTTPS in all the links that your application outputs (That is, if you’re using the ZF utility functions to create your links).
Of course, you’ll need to have an SSL certificate properly configured and installed for your domain name. This is another topic for another post and you’ll find plenty of resources on this one on the net. As always, I recommend using DreamHost, they make the whole process of SSL-related tasks a few clicks away and I couldn’t be happier with their service.