使用 .htaccess 和 mod_rewrite 强制使用 SSL/https
如何使用 PHP 中特定的 .htaccess 和 mod_rewrite 页面强制使用 SSL/https。
How can I force to SSL/https using .htaccess and mod_rewrite page specific in PHP.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(9)
对于 Apache,您可以使用
mod_ssl
来使用SSLRequireSSL 指令
强制使用 SSL :但这不会重定向到 https。要重定向,请使用
mod_rewrite
尝试以下操作在您的 .htaccess 文件中中给出的任何各种方法
如果您的提供商禁用了 .htaccess(这不太可能,因为您要求这样做,但无论如何),您也可以在 PHP 中解决此问题
For Apache, you can use
mod_ssl
to force SSL with theSSLRequireSSL Directive
:This will not do a redirect to https though. To redirect, try the following with
mod_rewrite
in your .htaccess fileor any of the various approaches given at
You can also solve this from within PHP in case your provider has disabled .htaccess (which is unlikely since you asked for it, but anyway)
PHP 解决方案
直接借用 Gordon 非常全面的答案,我注意到您的问题提到了强制 HTTPS/SSL 连接时特定于页面的问题。
然后,在靠近您想要强制通过 PHP 连接的这些页面的顶部,您可以
require()
一个包含此(以及任何其他)自定义函数的集中文件,然后只需运行forceHTTPS()
函数。HTACCESS / mod_rewrite 解决方案
我个人还没有实现过这种解决方案(我倾向于使用 PHP 解决方案,如上面的解决方案,因为它很简单),但以下至少可能是一个好的开始。
PHP Solution
Borrowing directly from Gordon's very comprehensive answer, I note that your question mentions being page-specific in forcing HTTPS/SSL connections.
Then, as close to the top of these pages which you want to force to connect via PHP, you can
require()
a centralised file containing this (and any other) custom functions, and then simply run theforceHTTPS()
function.HTACCESS / mod_rewrite Solution
I have not implemented this kind of solution personally (I have tended to use the PHP solution, like the one above, for it's simplicity), but the following may be, at least, a good start.
基于 Mod-rewrite 的解决方案:
在 htaccess 中使用以下代码自动将所有 http 请求转发到 https。
这会将您的非 www 和 www http 请求重定向到 www 版本的 https。
另一个解决方案(Apache 2.4*)
这不适用于较低版本的 apache,因为自 2.4 以来,%{REQUEST_SCHEME} 变量被添加到 mod-rewrite 中。
Mod-rewrite based solution :
Using the following code in htaccess automatically forwards all http requests to https.
This will redirect your non-www and www http requests to www version of https.
Another solution (Apache 2.4*)
This doesn't work on lower versions of apache as %{REQUEST_SCHEME} variable was added to mod-rewrite since 2.4.
我只想指出,在跨目录深度使用多个 .htaccess 文件时,Apache 有最糟糕的继承规则。两个关键陷阱:
RewriteOptions InheritDownBefore
指令(或类似指令)来更改此设置。 (参见问题)这意味着 Apache Wiki 如果您在子目录中使用任何其他 .htaccess 文件,则无法工作。我写了一个修改版本,它的作用是:
I'd just like to point out that Apache has the worst inheritance rules when using multiple .htaccess files across directory depths. Two key pitfalls:
RewriteOptions InheritDownBefore
directive (or similar) to change this. (see question)This means the suggested global solution on the Apache Wiki does not work if you use any other .htaccess files in subdirectories. I wrote a modified version that does:
简单又容易,只需添加以下内容
Simple and Easy , just add following
这段代码对我有用
This code works for me
我将其写入 .htaccess 文件中,它有效
I wrote this into .htaccess file, it works
简单一:
将您的网址替换为 example.com
Simple one :
replace your url with example.com
试试这个代码,它适用于所有版本的网址,例如
http://www.website.com
try this code, it will work for all version of URLs like
http://www.website.com