How to implement SSL in Zend MVC

The cleanest way is to have an .ini file for SSL configuration, where you can enable SSL support for model / controller / action levels, for example:

Let's say you have a module / controller / action like this:
SSLModule-> IndexController-> testAction

## ini file (can be config.ini also) ssl.modules.SSLModule.require_ssl = true //-> entire module requires SSL ssl.modules.SSLModule.Index.require_ssl = true //-> entire controller requires SSL ssl.modules.SSLModule.Index.test.require_ssl = true //-> single action requires SSL 

You analyze this either through configuration or individually, and in your Bootstrap file you can enable the controller, as here.

There are many other ways to do this, but I think you get the idea!

 class Application_Controllerplugins_Ssl extends Zend_Controller_Plugin_Abstract { public function preDispatch ( Zend_Controller_Request_Abstract $request ) { $shouldSecureUrl = false; //get the config settings for SSL $options = Application_ServiceManager::getConfig()->ssl; //if config is empty, exit if (!is_object($options)) return; //simpler to use $options = $options->toArray(); //only use it production environment if ( APPLICATION_ENV == 'production' ) { if ( ( isset($options['modules'][$request->module]['require_ssl']) && $options['modules'][$request->module]['require_ssl'] ) || ( isset($options['modules'][$request->module][$request->controller]['require_ssl']) && $options['modules'][$request->module][$request->controller]['require_ssl'] ) || ( isset($options['modules'][$request->module][$request->controller][$request->action]['require_ssl']) && $options['modules'][$request->module][$request->controller][$request->action]['require_ssl'] ) ) { $shouldSecureUrl = true; } if ( $shouldSecureUrl ) { $this->_secureUrl($request); } } } protected function _secureUrl ( Zend_Controller_Request_Abstract $request ) { $server = $request->getServer(); $hostname = $server['HTTP_HOST']; if ( ! $request->isSecure() ) { $url = Zend_Controller_Request_Http::SCHEME_HTTPS . "://" . $hostname . $request->getPathInfo(); $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector'); $redirector->setGoToUrl($url); $redirector->redirectAndExit(); } } }
class Application_Controllerplugins_Ssl extends Zend_Controller_Plugin_Abstract { public function preDispatch ( Zend_Controller_Request_Abstract $request ) { $shouldSecureUrl = false; //get the config settings for SSL $options = Application_ServiceManager::getConfig()->ssl; //if config is empty, exit if (!is_object($options)) return; //simpler to use $options = $options->toArray(); //only use it production environment if ( APPLICATION_ENV == 'production' ) { if ( ( isset($options['modules'][$request->module]['require_ssl']) && $options['modules'][$request->module]['require_ssl'] ) || ( isset($options['modules'][$request->module][$request->controller]['require_ssl']) && $options['modules'][$request->module][$request->controller]['require_ssl'] ) || ( isset($options['modules'][$request->module][$request->controller][$request->action]['require_ssl']) && $options['modules'][$request->module][$request->controller][$request->action]['require_ssl'] ) ) { $shouldSecureUrl = true; } if ( $shouldSecureUrl ) { $this->_secureUrl($request); } } } protected function _secureUrl ( Zend_Controller_Request_Abstract $request ) { $server = $request->getServer(); $hostname = $server['HTTP_HOST']; if ( ! $request->isSecure() ) { $url = Zend_Controller_Request_Http::SCHEME_HTTPS . "://" . $hostname . $request->getPathInfo(); $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector'); $redirector->setGoToUrl($url); $redirector->redirectAndExit(); } } } 

I forgot to mention: add it to my bootstrap:

 $Zend_Controller_Front->registerPlugin( new Application_Controllerplugins_Ssl() );
$Zend_Controller_Front->registerPlugin( new Application_Controllerplugins_Ssl() );