将一页的 HTTP 重定向到 HTTPS

发布于 2024-11-30 08:39:43 字数 765 浏览 0 评论 0原文

我知道这个问题已经被问死了，但出于某种原因，在我读过的 20 篇文章中，没有一篇对我来说是正常的，希望有人能提供一些见解。

基本上，我有一个简单的购物车，我想将 2 个 uri 重定向到 HTTPS、我的结帐页面和我的管理文件夹：

/checkout
/admin

我可以使用以下代码成功重定向到 HTTPS 版本进行结帐：

RewriteEngine On
#https
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^checkout https://palatinehillsestatewinery.com/checkout [R=301,L]

# remove index.php, this is just included to show everything in my .htaccess
RewriteCond $1 !\.(gif|jpe?g|png)$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteRule ^(.*)$ /index.php/$1 [L]

我发现的问题这个和所有其他解决方案的一个问题是，一旦我决定返回一个不应该是 HTTPS 的页面，URL 就会保持 HTTPS。

我一直在摸索循环等。

如果有人可以帮助在这两个页面上重定向到 HTTPS，然后在所有其他页面上重定向到 http，那将是一个很大的帮助，非常感谢。

原文

I know this issue has been asked to death, but for some reason, out of the 20 posts that I've read, nothing is working properly for me and hopefully someone could shed some insight.

Basically, I have a simple shopping cart, where I want to redirect 2 uri's to HTTPS, my checkout page, and my admin folder:

/checkout
/admin

I can successfully redirect to the HTTPS version for checkout with the following code:

RewriteEngine On
#https
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^checkout https://palatinehillsestatewinery.com/checkout [R=301,L]

# remove index.php, this is just included to show everything in my .htaccess
RewriteCond $1 !\.(gif|jpe?g|png)$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteRule ^(.*)$ /index.php/$1 [L]

The problem I've found with this and all other solutions, is that once I decide to go back to a page that shouldn't be HTTPS, the url stays HTTPS.

I've been fumbling with loops etc.

If anyone could help with redirecting to HTTPS on just these 2 pages, and then http on all other pages, that would be a great help and much appreciated.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

贪了杯 2024-12-07 08:39:43

这不是直接回答你的问题，但我觉得我把它作为答案（而且它太大了，无法作为评论发布）。

我的建议：请停止使用 htaccess 来完成此类任务（强制少数 URL 使用 HTTPS，强制其余 URL 使用 HTTP）。

最好的方法是为所有链接（页面，而不是资源）生成完整 URL，其中 URL 包含域名和协议。在这种情况下，所有 URL 将立即具有正确的协议 (HTTP/HTTPS)。当然：如果（出于某种奇怪的原因）通过 HTTP 请求，您仍然可以修复（301 或 302 重定向）到假定为 https 的请求。这就是 .htaccess 可以安全、轻松地使用的地方。

如果用户将通过 HTTPS 请求普通页面（应通过 HTTP 提供服务）——然后让他这样做——这没有任何问题。是的——HTTPS 在服务器端需要更多的资源，但是如果您以这种方式生成所有链接，则几乎不会出现这种情况，除非用户专门更改协议。即使这样一个页面将通过 HTTPS 提供，他单击的下一个“正常”链接也将是 HTTP——1 个额外的基于 HTTPS 的页面视图不会杀死您的服务器。

当网站有安全区域时，我一直使用这种方法..并且根据日志，我们只有不到 0.01% 的所有页面视图是通过“错误”协议查看/尝试查看的——绝大多数其中包括机器人或尝试黑客/漏洞搜索。

基于这样的统计数据，我想说 - 它工作得很好。是的 - 你需要稍微改变你的代码/模板来实现这个..但这比搞乱 .htaccess 和mod_rewrite。

无论如何，以下是适合您的规则：

# force https for all URLs in /checkout
RewriteCond %{HTTPS} =off
RewriteRule ^checkout https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# don't do anything for images/css/js
RewriteRule \.(gif|jpe?g|png|css|js)$ - [NC,L]

# force http for all other URLs that are not in /checkout
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !^/(checkout|index.php/checkout)
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# your other rules here, e.g.:
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteRule ^(.*)$ /index.php/$1 [L]

或者

# force https for all URLs in /checkout
RewriteCond %{HTTPS} =off
RewriteRule ^checkout https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# do not do anything for already existing files
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule .+ - [L]

# force http for all other URLs that are not in /checkout
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !^/checkout
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# your other rules here, e.g.:
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteRule ^(.*)$ /index.php/$1 [L]

This is not answering your question directly, but I feel I put it as an answer (plus it is too big to post as a comment).

My advice: please stop playing with htaccess for this kind of task (force few URLs to use HTTPS and force the rest to use HTTP).

The best way is to generate FULL URLs for all links (pages, not resources), where URL includes domain name and protocol. In this case all URLs will have proper protocol (HTTP/HTTPS) straight away. Of course: you can still fix (301 or 302 redirect) requests to supposed-to-be-https if they (for some strange reason) are requested via HTTP. That's where .htaccess can be safely and easily used.

If user will request normal page (should be served over HTTP) via HTTPS -- then let him do it -- there is nothing wrong with that. Yes -- HTTPS requires a bit more resources on server side, but if you generate all links in such way, there will be virtually no such situations, unless user specifically changes protocol. Even if such one page will be served over HTTPS, the next "normal" link he click will be HTTP -- 1 extra HTTPS-based page view will not kill your server.

I'm using this approach all the time when site is having secure area .. and based on the logs, we have less than 0.01% of ALL page views that were viewed/attempted to be viewed via "wrong" protocol -- vast majority of them were bots or attempts to hack/vulnerability search.

Based on such stats I would say -- it is working perfectly. yes -- you need to alter you code/templates a bit to implement this .. but it is much better than messing with .htaccess and mod_rewrite.

In any case, here are the rules that would do the job for you:

# force https for all URLs in /checkout
RewriteCond %{HTTPS} =off
RewriteRule ^checkout https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# don't do anything for images/css/js
RewriteRule \.(gif|jpe?g|png|css|js)$ - [NC,L]

# force http for all other URLs that are not in /checkout
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !^/(checkout|index.php/checkout)
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# your other rules here, e.g.:
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteRule ^(.*)$ /index.php/$1 [L]

# force https for all URLs in /checkout
RewriteCond %{HTTPS} =off
RewriteRule ^checkout https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# do not do anything for already existing files
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule .+ - [L]

# force http for all other URLs that are not in /checkout
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !^/checkout
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# your other rules here, e.g.:
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteRule ^(.*)$ /index.php/$1 [L]

回复收藏 0 原文

~没有更多了~