为整个服务器/域强制使用 https
我正在开发一些只能通过 https 访问的表单。 我有一个专用服务器,有自己的证书和所有好东西。
所以我的问题实际上有两个:
1)。 强制每个请求都为 https 的最佳方法是什么? 有没有比这个 .htacess/mod_rewrite 规则更好的方法:
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
2)。 强制所有内容都为 https 是否有任何潜在的陷阱或缺点,我应该考虑(除了开销,这似乎不是问题)?
I am developing a number of forms which should only be accessed via https. I have a dedicated server with its own cert and all the good stuff.
So my question is two-fold really:
1). What's the best way to force every request to be https? Is there a better way than this .htacess/mod_rewrite rule:
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
2). Are there any potential pitfalls or downside to forcing everything to be https that I should be thinking about (other than overhead, which wouldn't seem to be an issue anyway)?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
你所拥有的应该没问题,这就是我使用的:
R表示它是重定向而不是重写,L表示重写引擎不应执行任何操作更多重写。我最初在这里找到了这个: Httpd Wiki
编辑:
我忘了提及
SSLRequireSSL指令强制所有请求都通过 HTTPS。 详细信息可以在 Apache 文档中找到。What you have should be fine, this is what I use:
The
Rsignifies it's a redirect instead of a rewrite, and theLindicates that the rewrite engine should not perform any more rewrites.I originally found this here: Httpd Wiki
Edit:
I forgot to mention the
SSLRequireSSLdirective that forces all requests to be over HTTPS. Details can be found in the Apache Documentation.