0

I want visitors to my site who visit http://www.domain.com/user/xyz.php to be redirected to https://www.domain.com/user/xyz.php.

ie. if they are anywhere inside /user/ they're in the secure location. so must be redirected to https

My question is not specifically how to achieve this but which method is better?

My gut feeling says I should use a .htaccess Rewrite rule but I also considered something like:

 <?php if (!$_SERVER['HTTPS'] && strstr('user', $_SERVER['REQUEST_URI'])){ header('location:https://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']); }

I'd like to hear opinions on efficiency and security as well as other considerations.

Improve this question
5
  • What does "better" mean? Commented Jun 13, 2014 at 23:03
  • @Jon mainly would one method be more efficient over the other but if there are any other considerations it would be good to get opinions on them Commented Jun 13, 2014 at 23:05
  • 1
    .htaccess will be more efficient since it is internally redirecting the user and responding with the redirected request. Doing it the php method means php needs to be run and respond with that header and browser has to make another request. And php could maybe fail. But then so could your server. IOW there's more moving parts doing it the php way. Having said that.. doing it the php way gives you more control over injecting new requirements Commented Jun 13, 2014 at 23:05
  • @CrayonViolent ok, I hadn't really thought about it in respect of the fact the request need not go as far as php if handled by apache. seems obvious when you put it that way Commented Jun 13, 2014 at 23:09
  • 1
    @CrayonViolent htaccess is not necessarily redirecting internally. That's the case if you do a rewrite, but you can do something similar in PHP as well, by just executing the code you would execute for the new url. But in this case, the redirecting to https has a particular use and a rewrite won't cover that. Commented Jun 13, 2014 at 23:09

1 Answer 1

Reset to default
6

htaccess is probably more efficient, especially in the area of memory usage. The server doesn't need to load PHP, and PHP doesn't need to parse and execute a script. Apache needs to read and apply the configuration in htaccess as well, though, but that won't consume as much memory as PHP.

As for PHP, the speed of execution is also determined by the way PHP is loaded, and if, for instance, APC cache is used or not.

So, while in general I think htaccess should be more efficient, I would do a benchmark if you really want to be sure for your configuration.

But in general: don't worry too much about it. Choose what seems best. This shouldn't be a bottle neck compared to actual script execution with real functionality.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.