重定向到 http
我的 .htaccess 中有一些重写规则,如果它是安全区域,则将域切换到 https。 如果不是安全区域,我希望它切换回 http,这是我的规则:
RewriteCond %{SERVER_PORT} =443
RewriteCond %{REQUEST_URI} !^/account(.*)$
RewriteCond %{REQUEST_URI} !^/shop/checkout(.*)$
RewriteRule ^(.*)$ http://www.domain.com/$1 [R,L]
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^account(.*)$ https://www.domain.com/account$1 [R,L]
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^shop/checkout(.*)$ https://www.domain.com/shop/checkout$1 [R,L]
# Route all traffic to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php?_args=$1 [L,QSA]
前 3 行未注释,因为它会导致重定向循环。 任何帮助表示赞赏
I have some rewrite rules in my .htaccess that switches the domain to https if its a secure area.
I want it to switch back to http if its not a secure area, heres my rules:
RewriteCond %{SERVER_PORT} =443
RewriteCond %{REQUEST_URI} !^/account(.*)$
RewriteCond %{REQUEST_URI} !^/shop/checkout(.*)$
RewriteRule ^(.*)$ http://www.domain.com/$1 [R,L]
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^account(.*)$ https://www.domain.com/account$1 [R,L]
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^shop/checkout(.*)$ https://www.domain.com/shop/checkout$1 [R,L]
# Route all traffic to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php?_args=$1 [L,QSA]
the first 3 lines are uncommented as it resulting in a redirect loop.
any help appreciated
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
它会导致重定向循环,因为您的
RewriteCond
对的计算结果始终为true
。您首先要检查您是否确实位于 SSL 端口上,然后要确保请求与您的安全路径不匹配。因此,您的三行注释掉的行应更改为:
编辑: 显然,您确实需要在该重定向上显式
[R,L]
。此外,mod_rewrite
执行 URL/index.php
的内部重定向,该重定向与RewriteCond
检查的安全路径不匹配,因此重写的规则被重新重写回http域。以下内容应该可以解决这两个问题,尽管是以一种不太万无一失的方式:理论上人们仍然可以通过
http://www.domain.com/index.php?_args=account
不安全地进入这样,如果这让您感到困扰,可以编写一些更复杂的RewriteCond
指令来处理这种情况。如果你不担心的话,这有点矫枉过正了。不幸的是,我不知道有什么好方法可以知道是否执行了内部重写,否则这会更容易解释。It results in a redirect loop because your
RewriteCond
pair will always evaluate totrue
. You first want to check that you're actually on the SSL port, then you want to make sure that the request doesn't match your secure paths.Your three commented-out lines should therefore be changed to this:
Edit: Apparently you do actually need the explicit
[R,L]
on that redirect. Additionally,mod_rewrite
performs an internal redirection of the URL/index.php
, which doesn't match the secure paths checked for by theRewriteCond
s, so the rewritten rule gets re-rewritten back to the http domain. The following should resolve both of these issues, albeit in a somewhat non-foolproof way:People could still theoretically come in unsecured via
http://www.domain.com/index.php?_args=account
this way, so if that bothers you it's possible to write some more complexRewriteCond
directives to handle that situation. It's a bit overkill though if you aren't worried about that. Unfortunately there's no good way that I'm aware of to know that an internal rewrite was performed, otherwise this would be much easier to account for.