apache 为整个服务器/域强制使用 https
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/567434/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Force https for entire server/domain
提问by da5id
I am developing a number of forms which should only be accessed via https. I have a dedicated server with its own cert and all the good stuff.
我正在开发一些只能通过 https 访问的表单。我有一个带有自己的证书和所有好东西的专用服务器。
So my question is two-fold really:
所以我的问题实际上有两个方面:
1). What's the best way to force every request to be https? Is there a better way than this .htacess/mod_rewrite rule:
1)。强制每个请求都为 https 的最佳方法是什么?有没有比这个 .htacess/mod_rewrite 规则更好的方法:
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
2). Are there any potential pitfalls or downside to forcing everything to be https that I should be thinking about (other than overhead, which wouldn't seem to be an issue anyway)?
2)。强制一切都为 https 是否有任何潜在的陷阱或缺点,我应该考虑(除了开销,这似乎不是问题)?
回答by John Rasch
What you have should be fine, this is what I use:
你所拥有的应该没问题,这是我使用的:
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{SERVER_NAME}/ [R,L]
The Rsignifies it's a redirect instead of a rewrite, and the Lindicates that the rewrite engine should not perform any more rewrites.
在R表示这是一个重定向,而不是重写,并L表示该重写引擎不应该执行任何更多的重写。
I originally found this here: Httpd Wiki
我最初在这里找到了这个:Httpd Wiki
Edit:
编辑:
I forgot to mention the SSLRequireSSLdirective that forces all requests to be over HTTPS. Details can be found in the Apache Documentation.
我忘了提及SSLRequireSSL强制所有请求都通过 HTTPS的指令。详细信息可以在Apache 文档中找到。
