Version 0.04


    use CGI::Application::Plugin::RequireSSL;

    sub login_form :RequireSSL {
        my $self = shift;
        # etc


CGI::Application::Plugin::RequireSSL allows individual run modes or whole modules to be protected by \s-1SSL\s0. If a standard \s-1HTTP\s0 request is received, you can specify whether an error is raised or if the request should be redirected to the \s-1HTTPS\s0 equivalent \s-1URL\s0.


Exported methods:

    config_requiressl, mode_redirect


run mode-level protection

run mode protection is specified by the RequireSSL attribute after the method name:

sub process_login :RequireSSL { my $self = shift; }

Module-level protection

You can protect a complete module by setting the 'require_ssl' parameter in your instance script:

use MyApp; my $webapp = MyApp->new( PARAMS => {require_ssl => 1} ); $webapp->run();

Redirecting to a protected \s-1URL\s0.

By default, an error is raised if a request is made to a protected run mode or module using \s-1HTTP\s0. However, you can specify that the request is redirected to the \s-1HTTPS\s0 url by setting the rewrite_to_ssl parameter as long as the requested method is not \s-1POST:\s0

my $webapp = MyApp->new( PARAMS => {rewrite_to_ssl => 1} );

Turning off checks.

If you need to turn off checks, simply set the ignore_check parameter when configuring the plugin (see \*(L"config_requiressl\*(R" below).

Reverting to \s-1HTTP\s0

Once a successful request is made to a protected run mode or module, subsequent requests to a non-protected run mode or module will revert to using \s-1HTTP\s0. To prevent this from happening, set the parameter keep_in_ssl in the configuration (see \*(L"config_requiressl\*(R" below)



Optionally configure the plugin in your cgiapp_init method

$self->config_requiressl( keep_in_ssl => 0, ignore_check => 0, )

Valid parameters are:

  • keep_in_ssl - if set, all subsequent requests following one to a protected run mode or module will be via \s-1HTTPS\s0.

  • ignore_check - ignore \s-1SSL\s0 schecking. This is useful if your application is deployed in an environment that doesn't support \s-1SSL\s0.


This is a run mode that will be automatically called if the request should be redirected to the equivalent \s-1HTTP\s0 or \s-1HTTPS\s0 \s-1URL\s0. You should not call it directly.


Dan Horne, \*(C`<dhorne at>\*(C'


Please report any bugs or feature requests to \*(C`bug-cgi-application-plugin-requiressl at\*(C', or through the web interface at <>. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.


This module been tested under the FastCGI persistent environment, but not under mod_perl. The author would apprecaute feedback from anyone who is able to test with that environment.


You can find documentation for this module with the perldoc command.

perldoc CGI::Application::Plugin::RequireSSL

You can also look for information at:

  • AnnoCPAN: Annotated \s-1CPAN\s0 documentation <>

  • \s-1CPAN\s0 Ratings <>

  • \s-1RT:\s0 \s-1CPAN\s0's request tracker <>

  • Search \s-1CPAN\s0 <>


  • Users of the CGI::Application wiki ( who requested this module.

  • Andy Grundman - I stole the idea of the keep_in_ssl parameter from his Catalyst::Plugin::RequireSSL module


Copyright 2007 Dan Horne, all rights reserved.

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.