如何将 https://www.example.com 重定向到 https://example.com
我环顾四周,似乎找不到明确的解决方案。我们遇到了一些小问题,一些访问者在我们的域中输入如下内容:
https://www.example.com - 这会发出安全警告“存在问题”本网站的安全证书。”
我们为 example.com 设置了 SSL,
因此如果有人输入 http://www.example.com 或 www.example.com > 这会被重定向到 https://example.com ,效果很好。
这是我的 .htaccess 文件中当前的内容:
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{SERVER_PORT} 80
RewriteCond %{SERVER_PORT} !^443$ [OR]
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www\.(.*) [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,NC,L]
I have looked around and I can't seem to find a definitive solution for this. We are having a small problem with a few or our visitors that are typing in our domain as such:
https://www.example.com - This is giving a security warning "There is a problem with this website's security certificate."
We have an SSL set up for example.com
So if someone types in http://www.example.com or www.example.com this gets redirected to https://example.com which works fine.
This is what I have currently have in my .htaccess file:
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{SERVER_PORT} 80
RewriteCond %{SERVER_PORT} !^443$ [OR]
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www\.(.*) [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,NC,L]
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
编辑:
大多数 SSL 证书都是针对特定主机名颁发的,例如
www.example.com或只是example.com(并且可以有通配符)*.example.com的证书也是如此),因此可能是这种情况。也许将 www. 子域设置为最后一个RewriteCond中的可选匹配可能有助于让用户访问证书中指定的域:<罢工>
edit:
Most SSL certificates are issued for a specific hostname, e.g.
www.example.comor justexample.com(and there can be wildcard certificates for*.example.comtoo) so this might be the case.Maybe making the www. subdomain an optional match in the lastRewriteCondmight help to get the user to the domain stated in the certificate:我认为问题不在于重写/重定向规则,而在于 http 服务器处理 ssl 连接的方式。在服务器有机会查看重写/重定向规则之前,SSL 握手就会发生,如果我们有 example.com 的证书,并且我们输入 URL www.example.com 连接将由于证书无效而中止。请自行检查,设置重定向条件以将 URL www.example.com 指向 SSL 安全域上的 example.com。起初,您会收到无效的证书错误,但是当您向浏览器添加例外时,您会发现它有效。
I think the problem is not with the rewrite/redirect rules but simply with the way http servers handle ssl connection. Before even server has a chance to look into rewrite/redirect rules the SSL handshake take place and if we have a cert for example.com and we enter URL www.example.com connection will abort due to invalid certificate. Check for yourself, set up redirect condition to point URL www.example.com to example.com on SSL secured domain. At first you'll get invalid cert error, but when you add an exception to your browser you'll notice that it works.
尝试这个
而不是
Try this
instead of
你想做的事是不可能的。如果用户通过 SSL 访问 www.domain.cc,那么如果您没有有效的 SSL 证书,您将收到证书错误 - 即使您只想将他们重定向到正确的站点。
您需要 www.domain.cc 的新证书,或者说服您的注册商为您提供 *.domain.cc 的通配符证书,或者具有多个 subjectAltName 属性的证书。请参阅 http://www.crsr.net/Notes/Apache-HTTPS- virtual-host.html
或询问 SNA http://en.wikipedia.org/wiki/服务器名称指示
What you are trying to do is impossible. If a user accesses www.domain.cc over SSL, then you will get a certificate error if you do not have a valid SSL certificate - even if all you want to do is redirect them to the correct site.
You will either need a new certificate for www.domain.cc, or convince your registrar to give you a wildcard certificate for *.domain.cc, or one with multiple subjectAltName properties. See http://www.crsr.net/Notes/Apache-HTTPS-virtual-host.html
Or ask for SNA http://en.wikipedia.org/wiki/Server_Name_Indication
首先,您需要一个涵盖
www.xxxx.yyy和xxxx.yyy的 SSL 证书。如果您获得了
www.xxxx.yyy的证书,您的提供商可能会涵盖两者,但如果您获得的是xxxx.yyy的证书,则仅涵盖该证书。仔细阅读他们的条件。我读过很多关于如何重定向的建议,其中有各种各样的临时意见,结果各不相同,而且大多没有任何正式的解释。
当然,这意味着要访问 Apache
.htaccess参考并按照第一原则进行工作。重申一下,主要要求是将所有 http(s) 请求重定向到
https://xxxx.yyy。与往常一样,打开重写引擎:
对于 http,即:
但是,对 https(端口 = 443)执行相同操作将强制出现循环,该循环会因错误而崩溃。我们必须限制该过程仅适用于
https和www。我们通过在一行中提供两个RewriteCond语句来实现此目的,这两个语句被视为隐式 AND:在
RewriteRule的末尾,[L,R]告诉重写引擎:L= 在该规则处停止。也就是说,如果规则因其条件 (RewriteCond) 得到满足而被执行,则在完成后停止,否则转到下一个条件/规则集。R= 向浏览器发出 HTTP 重定向(默认代码 = 302),因此可以采取用户或自动操作来更新书签,因此它们始终使用https://xxxx.yyy将来。Firstly, you will need an SSL certificate that covers both
www.xxxx.yyyandxxxx.yyy.Your provider may cover both if you get the cert for
www.xxxx.yyy, but only thexxxx.yyyif you get it for that. Read their conditions carefully.I had read so many suggestions as to how to redirect, with all manner of ad-hoc opinions, with varying results, and mostly without any formal explanation.
Of course, that means going to the Apache
.htaccessreference and working from first principles was in order.Just to reiterate, the main requirement is to redirect all http(s) requests to
https://xxxx.yyy.As always, turn the rewrite engine on:
For http, that is:
However, doing the same for https (port = 443), will force a loop, which bombs out with an error. We have to restrict the process to only working for the
httpsandwww. We do this by providing twoRewriteCondstatements in a row, which are treated as an implicit AND:At the end of the
RewriteRule, the[L,R]tells the rewrite engine to:L= stop at that rule. That is, if a rule is executed because its conditions (RewriteCond) were satisfied, stop when done, else go to the next conditions/rule set.R= issue a HTTP redirect (default code = 302) to the browser, so user or automatic action can be taken to update bookmarks, so they always use thehttps://xxxx.yyyin future.