I need to force my web application to only work over HTTPS, now ordinarily I would check for the existence of the $_SERVER['HTTPS'] value however due to the fact that I use AWS Certificate Manager for issuing and managing my SSL certificate and the application is behind an AWS Load Balancer which terminates the SSL at the LB and sends it on internally using normal HTTP the server is not populating that value.
What I am looking for is a way to detect if the connection is being made over HTTP or HTTPS taking into account the fact that the SSL certificate is on the load balancer and terminates there.
You may check the X-Forwarded-Proto header.
https://en.wikipedia.org/wiki/List_of_HTTP_header_fields
a de facto standard for identifying the originating protocol of an HTTP request, since a reverse proxy (or a load balancer) may communicate with a web server using HTTP even if the request to the reverse proxy is HTTPS. An alternative form of the header (X-ProxyUser-Ip) is used by Google clients talking to Google servers.
X-Forwarded-Proto: https
With PHP you can check this with:
apache_response_headers();
http://php.net/manual/de/function.apache-response-headers.php