当前位置: 文江博客 话题详情

使用 .htaccess 在 HTTP 和 HTTPS 之间正确切换

发布于 2024-07-26 04:04:16 字数 225 浏览 4 评论 0 原文

我们有一个购物网站,托管在共享主机(Mediatemple Gridserver)上。 网站的某些部分需要使用 HTTPS(结帐等),但其余部分应使用 HTTP。

有谁知道我们如何始终强制对特定 URL 正确使用 HTTP/HTTPS? 我们已经让它在各种状态下工作,但我们无法收到对应该在 HTTP 上但通过 HTTPS 请求正确切换回来的页面的请求。

我环顾四周,但找不到合适的答案。

原文

We've got a shopping site which we're hosting on a shared host (Mediatemple Gridserver). Some parts of the site need to use HTTPS (checkout etc) but the rest should be using HTTP.

Does anyone know how we can always force the correct use of HTTP/HTTPS for particular URLs? We've had it working in various states but we can't get a request for a page that should be on HTTP but is requested with HTTPS to switch back correctly.

I've had a look around SO but couldn't find a suitable answer to this.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(6

嘿哥们儿 2024-08-02 04:04:16

我在 WordPress 中的管理文件夹中使用了与此类似的内容:

#redirect all https traffic to http, unless it is pointed at /checkout
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/checkout/?.*$
RewriteRule ^(.*)$ http://mydomain.com/$1 [R=301,L]

RewriteCond %{HTTPS} on 部分可能不适用于所有 Web 服务器。 例如,我的网站主机需要 RewriteCond %{HTTP:X-Forwarded-SSL} on

如果您想强制执行相反的操作,请尝试:

#redirect all http traffic to https, if it is pointed at /checkout
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/checkout/?.*$
RewriteRule ^(.*)$ https://mydomain.com/$1 [R=301,L]

如果您想要一些替代方法来执行此操作,请查看 询问apache

I use something similar to this for my admin folder in wordpress:

#redirect all https traffic to http, unless it is pointed at /checkout
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/checkout/?.*$
RewriteRule ^(.*)$ http://mydomain.com/$1 [R=301,L]

The RewriteCond %{HTTPS} on portion may not work for all web servers. My webhost requires RewriteCond %{HTTP:X-Forwarded-SSL} on, for instance.

If you want to force the reverse, try:

#redirect all http traffic to https, if it is pointed at /checkout
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/checkout/?.*$
RewriteRule ^(.*)$ https://mydomain.com/$1 [R=301,L]

If you want some alternate ways to do it, check out askapache.

回复 原文
不顾 2024-08-02 04:04:16

这应该适用于几乎所有场景,并且应该适用于您的实际虚拟主机或 .htaccess:(

RewriteEngine on
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^(.*)$ https://%{SERVER_NAME}/%{REQUEST_URI} [R=301,L]

不要忘记 %{REQUEST_URI} 之前的斜杠,因为这可能允许传递端口号,这是危险的)

This should work in pretty much every scenario and should work in your actual vhost or .htaccess:

RewriteEngine on
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^(.*)$ https://%{SERVER_NAME}/%{REQUEST_URI} [R=301,L]

(do not forget the slash before %{REQUEST_URI} as this may allow passing a portnumber, which is dangerous)

回复 原文
随梦而飞# 2024-08-02 04:04:16 
RewriteEngine on
RewriteCond %{HTTPS} off [OR] 
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{SERVER_NAME}/%{REQUEST_URI} [R=301,L]

我在负载均衡器后面遇到了一些问题。 这就是我修复它的方法。

RewriteEngine on
RewriteCond %{HTTPS} off [OR] 
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{SERVER_NAME}/%{REQUEST_URI} [R=301,L]

I had some problem being behind a loadballancer. This how i fixed it.

回复 原文
原谅过去的我 2024-08-02 04:04:16

对我来说这个工作(我将它用于 WordPress 网站并重定向到 HTTPS)。 您必须在 RewriteEngine 和 RewriteBase 行后面添加条件和规则行:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

# I added these two lines for redirect to HTTPS
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R=301,L]
# (end of custom modifications)

RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress`

查看条件 RewriteCond %{HTTP:X-Forwarded-Proto} !https - 只有这适用于我的服务器托管。
(我也尝试了 RewriteCond %{SERVER_PORT} !^443$RewriteCond %{HTTPS} off,但没有成功。

For me worked this (I used it for wordpress site and redirecting to HTTPS). You have to add the condition and rule lines just behind RewriteEngine and RewriteBase lines:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

# I added these two lines for redirect to HTTPS
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R=301,L]
# (end of custom modifications)

RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress`

Have a look to condition RewriteCond %{HTTP:X-Forwarded-Proto} !https - only this worked for my server hosting.
(I tried RewriteCond %{SERVER_PORT} !^443$ or RewriteCond %{HTTPS} off as well, but without success.

回复 原文
墨小沫ゞ 2024-08-02 04:04:16

此答案中详细介绍的,修复您的应用程序以在需要时使用 https:// 链接。 不要依赖自动重定向,如果您没有通过 https:// 访问 https:// 提供链接/表单,这可能会导致您产生错误的安全感 URL 也是如此。 自动使用 mod_rewrite 会使检测此类错误(也可能是漏洞)变得更加困难。

As detailed in this answer, fix your application to use https:// links when needed. Don't rely on automatic redirections, this could lead you to a false sense of security if you haven't made your links/forms served over https:// go to https:// URLs too. Using mod_rewrite automatically makes it harder to detect such mistakes (which can also be vulnerabilities).

回复 原文
沉鱼一梦 2024-08-02 04:04:16

我认为应该是:

RewriteCond %{HTTPS}  =on
^/checkout(.*) http://shoppingsite.com/checkout$1 [R]

请参阅 mod_rewrite 文档。

I think it should be:

RewriteCond %{HTTPS}  =on
^/checkout(.*) http://shoppingsite.com/checkout$1 [R]

See the mod_rewrite documentation.

回复 原文
~没有更多了~

关于作者

请远离我

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

内心激荡

文章 0 评论 0

JSmiles

文章 0 评论 0

赏烟花じ飞满天

文章 0 评论 0

左秋

文章 0 评论 0

迪街小绵羊

文章 0 评论 0

瞳孔里扚悲伤

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文