当前位置：文江博客话题详情

如何强制用户通过 HTTPS 而不是 HTTP 访问我的页面？

发布于 2024-07-04 09:17:17 字数 613 浏览 9 评论 0 原文

我只有一个页面，我想强制将其作为 HTTPS 页面（Apache 上的 PHP）进行访问。如何在不使整个目录都需要 HTTPS 的情况下执行此操作？或者，如果您从 HTTP 页面向 HTTPS 页面提交表单，它是否通过 HTTPS 而不是 HTTP 发送？

这是我的例子：

http://www.example.com/some-page.php

我希望它只能通过以下方式访问：

https://www.example.com/some-page.php

当然，我可以将所有指向此页面的链接指向 HTTPS 版本，但这并不能阻止某些傻瓜故意通过 HTTP 访问它......

我想到的一件事是在 PHP 文件的标头中放置一个重定向，以检查以确保它们正在访问 HTTPS 版本：

if($_SERVER["SCRIPT_URI"] == "http://www.example.com/some-page.php"){
  header('Location: https://www.example.com/some-page.php');
}

但这不可能是正确的方式，不是吗？

原文

I've got just one page that I want to force to be accessed as an HTTPS page (PHP on Apache). How do I do this without making the whole directory require HTTPS? Or, if you submit a form to an HTTPS page from an HTTP page, does it send it by HTTPS instead of HTTP?

Here is my example:

http://www.example.com/some-page.php

I want it to only be accessed through:

https://www.example.com/some-page.php

Sure, I can put all of the links to this page pointed at the HTTPS version, but that doesn't stop some fool from accessing it through HTTP on purpose...

One thing I thought was putting a redirect in the header of the PHP file to check to be sure that they are accessing the HTTPS version:

if($_SERVER["SCRIPT_URI"] == "http://www.example.com/some-page.php"){
  header('Location: https://www.example.com/some-page.php');
}

But that can't be the right way, can it?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

暮倦 2024-07-11 09:17:17

<?php 
// Require https
if ($_SERVER['HTTPS'] != "on") {
    $url = "https://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
    header("Location: $url");
    exit;
}
?>

就这么简单。

<?php 
// Require https
if ($_SERVER['HTTPS'] != "on") {
    $url = "https://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
    header("Location: $url");
    exit;
}
?>

That easy.

回复收藏 0 原文

送君千里 2024-07-11 09:17:17

我已经使用了这个脚本，并且它在该网站上运行良好。

if(empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "off"){
    $redirect = 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
    enter code hereheader('HTTP/1.1 301 Moved Permanently');
    header('Location: ' . $redirect);
    exit();
}

I have used this script and it works well through the site.

if(empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "off"){
    $redirect = 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
    enter code hereheader('HTTP/1.1 301 Moved Permanently');
    header('Location: ' . $redirect);
    exit();
}

回复收藏 0 原文

征棹 2024-07-11 09:17:17

也许这个可以帮助你，这就是我为我的网站所做的，它就像一个魅力：

$protocol = $_SERVER["HTTP_CF_VISITOR"];

if (!strstr($protocol, 'https')){
    header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
    exit();
}

maybe this one can help, you, that's how I did for my website, it works like a charm :

$protocol = $_SERVER["HTTP_CF_VISITOR"];

if (!strstr($protocol, 'https')){
    header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
    exit();
}

回复收藏 0 原文

各自安好 2024-07-11 09:17:17

如果您想使用 PHP 来执行此操作，那么这种方法对我来说非常有效：

<?php

if(!isset($_SERVER["HTTPS"]) || $_SERVER["HTTPS"] != "on") {
    header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"], true, 301);
    // Prevent the rest of the script from executing.
    exit;
}
?>

它检查 $_SERVER 超全局数组中的 HTTPS 变量，看看它是否等于“on”。如果变量不等于on。

If you want to use PHP to do this then this way worked really well for me:

<?php

if(!isset($_SERVER["HTTPS"]) || $_SERVER["HTTPS"] != "on") {
    header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"], true, 301);
    // Prevent the rest of the script from executing.
    exit;
}
?>

It checks the HTTPS variable in the $_SERVER superglobal array to see if it equal to “on”. If the variable is not equal to on.

回复收藏 0 原文

烂人 2024-07-11 09:17:17

不要在同一页面上混合使用 HTTP 和 HTTPS。如果您有一个通过 HTTP 提供的表单页面，我会对提交数据感到紧张——如果不执行“查看源代码”并查找它，我就无法查看提交是通过 HTTPS 还是 HTTP。

通过 HTTPS 提供表单以及提交链接并不是什么重大的改变。

回复收藏 0 原文

披肩女神 2024-07-11 09:17:17

如果您使用 Apache 或 LiteSpeed 等支持 .htaccess 文件的工具，则可以执行以下操作。
如果您还没有 .htaccess 文件，则应在根目录（通常是 index.php 所在的位置）中创建一个新的 .htaccess 文件。现在将这些行添加为 .htaccess 中的第一个重写规则：

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

对于所有重写规则，您只需要在 .htaccess 中添加一次“RewriteEngine On”指令，因此如果您已经有了它，只需复制第二行和第三行即可。

我希望这有帮助。

If you use Apache or something like LiteSpeed, which supports .htaccess files, you can do the following.
If you don't already have a .htaccess file, you should create a new .htaccess file in your root directory (usually where your index.php is located). Now add these lines as the first rewrite rules in your .htaccess:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

You only need the instruction "RewriteEngine On" once in your .htaccess for all rewrite rules, so if you already have it, just copy the second and third line.

I hope this helps.

回复收藏 0 原文

喜爱纠缠 2024-07-11 09:17:17

仅使用此功能还不够：

if($_SERVER["HTTPS"] != "on")
{
    header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
    exit();
}

如果您有任何 http 内容（例如外部 http 图像源），浏览器将检测到可能的威胁。所以请确保代码中的所有 ref 和 src 都是 https

Using this is NOT enough:

if($_SERVER["HTTPS"] != "on")
{
    header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
    exit();
}

If you have any http content (like an external http image source), the browser will detect a possible threat. So be sure all your ref and src inside your code are https

回复收藏 0 原文

入画浅相思 2024-07-11 09:17:17

使用 $_SERVER['HTTPS'] 判断是否是 SSL，如果没有则重定向到正确的位置。

请记住，显示表单的页面不需要通过 HTTPS 提供，最需要的是回发 URL。

编辑：是的，正如下面指出的，最好在 HTTPS 中完成整个过程。这更让人放心——我指出这篇文章是最关键的部分。另外，您需要注意所有 cookie 都设置为安全的，因此它们只会通过 SSL 发送。 mod_rewrite 解决方案也非常漂亮，我用它来保护我自己网站上的许多应用程序。

回复收藏 0 原文

安静 2024-07-11 09:17:17

我已经通过许多解决方案检查 $_SERVER[HTTPS] 的状态，但似乎它不可靠，因为有时它没有设置或设置为打开、关闭等，导致脚本内部循环重定向。

如果您的服务器支持 $_SERVER[SCRIPT_URI]，这是最可靠的解决方案

if (stripos(substr($_SERVER[SCRIPT_URI], 0, 5), "https") === false) {
    header("location:https://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]");
    echo "<meta http-equiv='refresh' content='0; url=https://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]'>";
    exit;
}

请注意，根据您的安装，您的服务器可能不支持 $_SERVER[SCRIPT_URI]，但如果支持，这是更好的脚本使用。

您可以在此处查看：为什么某些 PHP 安装有 $_SERVER['SCRIPT_URI'] 而其他没有

I have been through many solutions with checking the status of $_SERVER[HTTPS] but seems like it is not reliable because sometimes it does not set or set to on, off, etc. causing the script to internal loop redirect.

Here is the most reliable solution if your server supports $_SERVER[SCRIPT_URI]

if (stripos(substr($_SERVER[SCRIPT_URI], 0, 5), "https") === false) {
    header("location:https://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]");
    echo "<meta http-equiv='refresh' content='0; url=https://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]'>";
    exit;
}

Please note that depending on your installation, your server might not support $_SERVER[SCRIPT_URI] but if it does, this is the better script to use.

You can check here: Why do some PHP installations have $_SERVER['SCRIPT_URI'] and others not

回复收藏 0 原文

寄风 2024-07-11 09:17:17

if(location.protocol!=='https:'){location.replace(`https:${location.href.substring(location.protocol.length)}`);}

if(location.protocol!=='https:'){location.replace(`https:${location.href.substring(location.protocol.length)}`);}

回复收藏 0 原文

老子叫无熙 2024-07-11 09:17:17

出于安全原因，您不应该这样做。尤其是当cookies在这里发挥作用时。它让您很容易受到基于 cookie 的重放攻击。

无论哪种方式，您都应该使用 Apache 控制规则来调整它。

然后，您可以测试是否启用了 HTTPS，并根据需要进行重定向。

您应该仅使用 FORM POST（无获取）重定向到付款页面，
对没有 POST 的页面的访问应该被引导回其他页面。
（这会吸引那些刚刚热跳的人。）

http://joseph.randomnetworks.com/archives/2004/07/22/redirect-to-ssl-using-apaches-htaccess/

是一个很好的起点，很抱歉没有提供更多的。但您确实应该通过 SSL 推动一切。

虽然保护过度了，但至少少了一些后顾之忧。

回复收藏 0 原文

梦里南柯 2024-07-11 09:17:17

作为替代方案，您可以使用 X-Forwarded-Proto 标头强制重定向到 HTTPS。

在 .htaccess 文件中添加这些行

### Force HTTPS
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

As an alternative, you can make use of X-Forwarded-Proto header to force a redirect to HTTPS.

add these lines in the .htaccess file

### Force HTTPS
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

回复收藏 0 原文

白衬杉格子梦 2024-07-11 09:17:17

对于使用 IIS 的用户，在 web.config 中添加此行将有所帮助：

<httpProtocol>
    <customHeaders>
        <add name="Strict-Transport-Security" value="max-age=31536000"/>
    </customHeaders>
</httpProtocol>
<rewrite>
    <rules>
        <rule name="HTTP to HTTPS redirect" stopProcessing="true">
              <match url="(.*)" />
              <conditions>
                 <add input="{HTTPS}" pattern="off" ignoreCase="true" />
              </conditions>
              <action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
         </rule>
    </rules>
</rewrite>

完整的示例文件

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <httpProtocol>
            <customHeaders>
                <add name="Strict-Transport-Security" value="max-age=31536000"/>
             </customHeaders>
        </httpProtocol>
        <rewrite>
            <rules>
                <rule name="HTTP to HTTPS redirect" stopProcessing="true">
                      <match url="(.*)" />
                      <conditions>
                         <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                      </conditions>
                      <action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
                 </rule>
            </rules>
       </rewrite>
   </system.webServer>
</configuration>

For those using IIS adding this line in the web.config will help:

<httpProtocol>
    <customHeaders>
        <add name="Strict-Transport-Security" value="max-age=31536000"/>
    </customHeaders>
</httpProtocol>
<rewrite>
    <rules>
        <rule name="HTTP to HTTPS redirect" stopProcessing="true">
              <match url="(.*)" />
              <conditions>
                 <add input="{HTTPS}" pattern="off" ignoreCase="true" />
              </conditions>
              <action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
         </rule>
    </rules>
</rewrite>

A full example file

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <httpProtocol>
            <customHeaders>
                <add name="Strict-Transport-Security" value="max-age=31536000"/>
             </customHeaders>
        </httpProtocol>
        <rewrite>
            <rules>
                <rule name="HTTP to HTTPS redirect" stopProcessing="true">
                      <match url="(.*)" />
                      <conditions>
                         <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                      </conditions>
                      <action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
                 </rule>
            </rules>
       </rewrite>
   </system.webServer>
</configuration>

回复收藏 0 原文

七婞 2024-07-11 09:17:17

好吧..现在有很多东西，但没有人真正完成
“安全”问题。对我来说，使用不安全的东西是荒谬的。

除非你用它作为诱饵。

$_SERVER 传播可以根据知道如何操作的人的意愿进行更改。

另外，正如 Sazzad Tushar Khan 和 thebigjc 所说，您也可以使用 httaccess 来执行此操作，这里有很多包含它的答案。

只需添加：

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.com/$1 [R,L]

到您的 .httaccess 内容的末尾

即可。
我们仍然没有使用这两个工具那样安全。

剩下的很简单。如果缺少属性，即...

if(empty($_SERVER["HTTPS"])){ // SOMETHING IS FISHY
}

if(strstr($_SERVER['HTTP_HOST'],"mywebsite.com") === FALSE){// Something is FISHY
}

另外，假设您已更新 httaccess 文件并检查：

if($_SERVER["HTTPS"] !== "on"){// Something is fishy
}

您可以检查更多变量，即...

HOST_URI （如果有静态属性需要检查）

HTTP_USER_AGENT （同一会话不同的值）

所以我想说的是，当答案在于组合。

有关更多 httaccess 重写信息，请参阅文档-> http://httpd.apache.org/docs/2.0/misc/rewriteguide。 html

这里有一些堆栈 -> 使用 .htaccess 和 mod_rewrite 强制使用 SSL/https
和
获取当前页面的完整 URL (PHP)
举几个例子。

Ok.. Now there is tons of stuff on this now but no one really completes the
"Secure" question. For me it is rediculous to use something that is insecure.

Unless you use it as bait.

$_SERVER propagation can be changed at the will of someone who knows how.

Also as Sazzad Tushar Khan and the thebigjc stated you can also use httaccess to do this and there are a lot of answers here containing it.

Just add:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.com/$1 [R,L]

to the end of what you have in your .httaccess and thats that.

Still we are not as secure as we possibly can be with these 2 tools.

The rest is simple. If there are missing attributes ie...

if(empty($_SERVER["HTTPS"])){ // SOMETHING IS FISHY
}

if(strstr($_SERVER['HTTP_HOST'],"mywebsite.com") === FALSE){// Something is FISHY
}

Also say you have updated your httaccess file and you check:

if($_SERVER["HTTPS"] !== "on"){// Something is fishy
}

There are a lot more variables you can check ie..

HOST_URI (If there are static atributes about it to check)

HTTP_USER_AGENT (Same session different values)

So all Im saying is dont just settle for one or the other when the answer lies in a combination.

For more httaccess rewriting info see the docs-> http://httpd.apache.org/docs/2.0/misc/rewriteguide.html

Some Stacks here -> Force SSL/https using .htaccess and mod_rewrite
and
Getting the full URL of the current page (PHP)
to name a couple.

回复收藏 0 原文

扎心 2024-07-11 09:17:17

http://www.besthost ratings.com/articles/force-ssl-htaccess.html

有时您可能需要确保用户通过安全连接浏览您的网站。始终将用户重定向到安全连接 (https://) 的简单方法可以通过包含以下行的 .htaccess 文件来完成：

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

请注意，.htaccess 应位于网站主文件夹中。

如果您希望对特定文件夹强制使用 HTTPS，可以使用：

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} somefolder 
RewriteRule ^(.*)$ https://www.domain.com/somefolder/$1 [R,L]

.htaccess 文件应放置在需要强制使用 HTTPS 的文件夹中。

http://www.besthostratings.com/articles/force-ssl-htaccess.html

Sometimes you may need to make sure that the user is browsing your site over securte connection. An easy to way to always redirect the user to secure connection (https://) can be accomplished with a .htaccess file containing the following lines:

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

Please, note that the .htaccess should be located in the web site main folder.

In case you wish to force HTTPS for a particular folder you can use:

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} somefolder 
RewriteRule ^(.*)$ https://www.domain.com/somefolder/$1 [R,L]

The .htaccess file should be placed in the folder where you need to force HTTPS.

回复收藏 0 原文

树深时见影 2024-07-11 09:17:17

我之前的做法基本上和你写的一样，但没有任何硬编码值：

if($_SERVER["HTTPS"] != "on")
{
    header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
    exit();
}

The way I've done it before is basically like what you wrote, but doesn't have any hardcoded values:

if($_SERVER["HTTPS"] != "on")
{
    header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
    exit();
}

回复收藏 0 原文

甜妞爱困 2024-07-11 09:17:17

您可以在 Apache 上使用指令和 mod_rewrite 来实现：

<Location /buyCrap.php>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</Location>

随着时间的推移，您可以使用正则表达式

You could do it with a directive and mod_rewrite on Apache:

<Location /buyCrap.php>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</Location>

You could make the Location smarter over time using regular expressions if you want.

回复收藏 0 原文

我乃一代侩神 2024-07-11 09:17:17

您应该强制客户端始终使用 HTTP 严格传输安全 (HSTS) 标头来请求 HTTPS：

// Use HTTP Strict Transport Security to force client to use secure connections only
$use_sts = true;

// iis sets HTTPS to 'off' for non-SSL requests
if ($use_sts && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
    header('Strict-Transport-Security: max-age=31536000');
} elseif ($use_sts) {
    header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'], true, 301);
    // we are in cleartext at the moment, prevent further execution and output
    die();
}

请注意，大多数现代浏览器都支持 HSTS，但并不通用。因此，如果用户最终使用 HTTP，则无论支持与否，上述逻辑都会手动重定向用户，然后设置 HSTS 标头，以便在可能的情况下，浏览器应重定向进一步的客户端请求。

You should force the client to request HTTPS always with HTTP Strict Transport Security (HSTS) headers:

// Use HTTP Strict Transport Security to force client to use secure connections only
$use_sts = true;

// iis sets HTTPS to 'off' for non-SSL requests
if ($use_sts && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
    header('Strict-Transport-Security: max-age=31536000');
} elseif ($use_sts) {
    header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'], true, 301);
    // we are in cleartext at the moment, prevent further execution and output
    die();
}

Please note that HSTS is supported in most modern browsers, but not universal. Thus the logic above manually redirects the user regardless of support if they end up on HTTP, and then sets the HSTS header so that further client requests should be redirected by the browser if possible.

回复收藏 0 原文

天赋异禀 2024-07-11 09:17:17

我刚刚创建了一个 .htaccess 文件并添加了：

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

简单！

I just created a .htaccess file and added :

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Simple !

回复收藏 0 原文

懒的傷心 2024-07-11 09:17:17

PHP 方式：

$is_https=false;
if (isset($_SERVER['HTTPS'])) $is_https=$_SERVER['HTTPS'];
if ($is_https !== "on")
{
    header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
    exit(1);
}

Apache mod_rewrite 方式：

RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

The PHP way:

$is_https=false;
if (isset($_SERVER['HTTPS'])) $is_https=$_SERVER['HTTPS'];
if ($is_https !== "on")
{
    header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
    exit(1);
}

The Apache mod_rewrite way:

RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

回复收藏 0 原文

佞臣 2024-07-11 09:17:17

// Force HTTPS for security
if($_SERVER["HTTPS"] != "on") {
    $pageURL = "Location: https://";
    if ($_SERVER["SERVER_PORT"] != "80") {
        $pageURL .= $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] . $_SERVER["REQUEST_URI"];
    } else {
        $pageURL .= $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
    }
    header($pageURL);
}

// Force HTTPS for security
if($_SERVER["HTTPS"] != "on") {
    $pageURL = "Location: https://";
    if ($_SERVER["SERVER_PORT"] != "80") {
        $pageURL .= $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] . $_SERVER["REQUEST_URI"];
    } else {
        $pageURL .= $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
    }
    header($pageURL);
}

回复收藏 0 原文

Oo萌小芽oO 2024-07-11 09:17:17

在负载均衡器后面运行时必须执行类似的操作。帽子提示https://stackoverflow.com/a/16076965/766172

function isSecure() {
    return (
        (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
     || $_SERVER['SERVER_PORT'] == 443
     || (
            (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
         || (!empty($_SERVER['HTTP_X_FORWARDED_SSL'])   && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on')
        )
    );
}

function requireHTTPS() {
    if (!isSecure()) {
        header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], TRUE, 301);
        exit;
    }
}

Had to do something like this when running behind a load balancer. Hat tip https://stackoverflow.com/a/16076965/766172

function isSecure() {
    return (
        (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
     || $_SERVER['SERVER_PORT'] == 443
     || (
            (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
         || (!empty($_SERVER['HTTP_X_FORWARDED_SSL'])   && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on')
        )
    );
}

function requireHTTPS() {
    if (!isSecure()) {
        header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], TRUE, 301);
        exit;
    }
}

回复收藏 0 原文

~没有更多了~