Since http and https are handled by different virtual-hosts on apache (due to the fact, that they listen to different ports (normaly 80 for http and 443 for https)), you have to issue a redirect to the client to accomplish this. Of course the client must be able to understand http/1.x 30x status responses and the Location header.

A common solution is to let apache do the redirecting via mod_rewrite for certain urls.

# the ssl host
<VirtualHost aaa.bbb.ccc.ddd:443>
    [...]# ServerName etc.

    RewriteEngine on
    RewriteRule ^/cgi-bin/prog.pl(\?.*)$ http://my.server/cgi-bin/prog
+.pl$1
</VirtualHost>
[download]

If you want to do the redirecting from the cgi and are using CGI.pm, read up on CGI::redirect()

Edit:fixed the redirect-target protocol.

regards,
tomte

Hlade's Law:

If you have a difficult task, give it to a lazy person --
they will find an easier way to do it.

THe question is, can I control the protocol from the CGI, for example if the explorer sends request in HTTPS, can I somehow return my answer in HTTP?

You can't. The "protocol" is an agreement between the client and the server about how they will communicate. If the browser makes an HTTPS request, you can bet it's expecting an HTTPS response. An HTTP response won't be a valid HTTPS response.

Tomte's suggestion to use a redirect might help you but it doesn't really answer the question. The redirect response will be HTTPS, not HTTP. The redirect itself is a suggestion to the browser to make another request to a non-secured server.

I don't think it would be advisable to downgrade a response to a secure request anyway. What are you really trying to solve?

-sauoq
"My two cents aren't worth a dime.";