0: I'm writing a PerlAccessHandler for Apache in mod_perl 
1: that need to verify if you are coming in on HTTPS or 
2: HTTP.  Because the PerlAccessHandler is declared in the 
3: main site configuration, it is inherited by the SSL 
4: virutal host running at the same FQDN.
5: 
6: I've found that the $ENV{HTTPS} mechanism is flaky.  Even 
7: $r->subprocess_env('HTTPS') is sorta flaky.  Sometimes 
8: $ENV{HTTPS} is showing up on requests from HTTP and 
9: sometimes from HTTPS.
10: 
11: My solution is in the VirtualHost config for the SSL server to add:
12: 
13: <code>
14: <Location />
15:         AuthName "Intranet"
16:         AuthType Basic
17:         require valid-user 
18:         PerlSetVar HTTPS "ON"
19:         SSLOptions +StdEnvVars
20: </Location>
21: </code>
22: 
23: In my PerlAccessHandler, I check:
24: 
25: <code>
26:         if ($r->dir_config('HTTPS') eq "ON") {
27:                 return DECLINED;
28:         } else {
29:                 return OK;
30:         }
31: </code>
32: 
33: Mechanism now works flawlessly.  If you're http at this 
34: point in the logic, we know you're ok and can bypass the 
35: PerlAuthenHandler and PerlAuthzHandler.
36: 
37: Of course before that I perform this check:
38: 
39: <code>
40:         if (($d->{nav_url_secure_flag} == 1) && ($r->dir_config('HTTPS') ne "ON")) {
41:                 $r->header_out( Location => "https://portal/$url" );
42:                 return REDIRECT;
43:         }
44: </code>
45: 
46: Just to make sure that the content needs to be secure and 
47: is coming over HTTPS, if not then redirect.