使用 mod_rewrite 在某些页面上从强制 SSL 切换回来时出现问题
客户希望通过 https 加载登录页面。这很容易完成,但由于该网站使用漂亮的 url,因此在登录完成后单击时,我们现在保持在 https 模式。如果用户具有适当的权限,这会破坏在 CMS 中上传、存储在 webroot 上以及通过 php 脚本流式传输下载的安全文件。因此,当我们不再处于登录页面时,我们需要切换回常规 http。这是我的 .htaccess 文件中的内容:
RewriteEngine On
Options +FollowSymLinks
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^www\.domain\.com [NC]
RewriteRule ^(login\.php|members\.php)$ https://%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{HTTP_HOST} ^domain\.com$ [NC]
RewriteRule ^(login\.php|members\.php)$ https://www.%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{HTTPS} on
RewriteCond %{IS_SUBREQ} false
RewriteRule !^(login\.php|members\.php)$ http://%{HTTP_HOST}%{REQUEST_URI}
除了最后一行之外,一切都工作正常,它被漂亮的 url 和重定向到 view.php 所混淆(它处理将漂亮的 url 查找代码转换为查询字符串中使用的数据库 ID) )如果我使用 {REQUEST_URI},则主页如果我使用 $1 或路径。
我需要找到一种方法来使此重写切换回 http 模式,绕过漂亮的 url 重写,但我不知道如何获取输入的实际地址,而不是 Apache 重写的地址。
请帮忙并提前致谢!
Client wants login pages to load via https. This is easily accomplished, but since the site uses pretty url's, we now stay in https mode when clicking around after login is finished. This breaks secure files which are uploaded in the CMS, stored above webroot, and downloaded by streaming through a php script if user has the appropriate permissions. So, we need to switch back to regular http when we're no longer on a login page. Here's what I have in my .htaccess file:
RewriteEngine On
Options +FollowSymLinks
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^www\.domain\.com [NC]
RewriteRule ^(login\.php|members\.php)$ https://%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{HTTP_HOST} ^domain\.com$ [NC]
RewriteRule ^(login\.php|members\.php)$ https://www.%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{HTTPS} on
RewriteCond %{IS_SUBREQ} false
RewriteRule !^(login\.php|members\.php)$ http://%{HTTP_HOST}%{REQUEST_URI}
Everything is working fine except the last line, which is getting confused by the pretty url's and redirecting to view.php (which handles translating pretty url lookup codes to database id's that are used in the querystring) if I use {REQUEST_URI}, and the homepage if I use $1 or the path.
I need to figure out a way to make this rewrite to switch back to http mode bypass the pretty url rewrite, but I don't know how to get the actual address that was typed in rather than what it was rewritten to by Apache.
Please help and thanks in advance!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您可以从 请求行THE_REQUEST 中的 a>:
You could grab the original requested URI path from the request line in THE_REQUEST: