On PHPBuilder.com today there's a new tutorial showing how to use libcurl to communicate with multiple protocols like FTP, HTTP, HTTPS, SMTP and STMPS. The libcurl library that can be compiled in or installed as a shared module in your PHP install to provide enhanced networking abilities.

As I wrote in my PHP multithreading with cURL article, the libcurl is a free and easy-to-use client-side URL transfer library, supporting DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, TELNET and TFTP. PHP supports the libcurl library which allows you to connect and communicate to many different types of servers with many different types of protocols.

The tutorial focuses on two different types of connections (well, four really) - FTP/FTPS and HTTP/HTTPS - and how to transfer data across each. Some code is included to create a (procedural) tool to send an uploaded file to a remote site.

Matthew Weier O'Phinney has a new post to his blog today about making your Zend Server instance a bit more secure by taking the admin GUI and forcing it to be HTTPS-only (instead of the default HTTP & HTTPS).

In light of the recent remote PHP exploit, I decided to update a couple servers I manage to ensure they weren't vulnerable. In each case, I had been using hand-compiled PHP builds, but decided that I'm simply too busy lately to be trying to maintain updates -- so I decided to install Zend Server. [...] One thing I've never been happy about, however, is that by default Zend Server exposes its administration GUI via both HTTP and HTTPS. Considering that the password gives you access to a lot of sensitive configuration, I want it to be encrypted.

He points out that, since the Zend Server interface runs on a lighttpd instance, it's easy to modify a few config files to change the setting. Adding a few lines to limit the socket it can connect on, the IP address to filter to and a URL filter on anything starting with "/ZendServer/" takes away the HTTP access.

New from the PHP Web Services blog today there's a post showing you how to set up Apache 2.2 for HTTPS connections to consume other web services.

The tutorial gives you a step-by-step process to follow with commands and configuration changes every step of the way:

• Create a certificate
• Generate a key
• Sign the key with the certificate
• Copy the keys to the right directory
• Make configuration changes for the SSL connections
• Connect to the remote HTTPS web service

If you're using PHP, you can also use the OpenSSL and SOAP clients with the SSL libraries to make requests to secure remote resources.

On the DotVoid.com blog Danne shares a quick tip on forcing downloads over HTTPS to Internet Explorer (which, of course, has to be difficult about it).

The problem is that Internet Explorer does not handle file dowloads without caching over https very well. Or at all. According to knowledge articles on Microsofts website the problem occurs when having one or two of the http headers. [...] Previously I have have just omitted the http header "Pragma: nocache" for IE but it seems it does not always help.

So the fix is relatively simple - rely on the $_SERVER['HTTP_USER_AGENT'] value to tell if it's an IR browser or not. If it is, "Pragma: cache" works. If not, stick with "Pragma: no-cache".

On DevShed today there's a new tutorial that walks you through tips on two things that can help you keep your https site running smoothly and keep in favor with the major search engines - duplicate content and correct 301 redirects.

When trying to maintain a secure protocol on an Apache-based website, you can expect to deal with certain issues, especially if you're also trying to rank well in the search engines. [...] This article provides tips and solutions to help any web developer effectively manage the two most difficult problems in maintaining the secure protocol side of any website. These are the: Duplicate content and 301 redirection from the non-https to http version.

They recommend two things to handle the duplicate content issues: placing a meta tag on the https pages to keep them from being indexed (keeping the search engines from seeing the http and htttps as two different resources, thus two different sites to index) and using a canonical value in a link tag.

As far as the 301 redirects go, they include some PHP code that, if placed at the top of your pages, can detect if the protocol is https or not. If its not, it uses header to perform the 301 redirect.