apache 使用“mod_rewrite”如何强制某些路径使用 HTTPS,而所有其他路径使用 HTTP?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1816119/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Using 'mod_rewrite' how do I force HTTPS for certain paths and HTTP for all others?
提问by Ryall
I have a PHP-Apache application using mod_rewritefor clean URLs. I am having a lot of touble getting certain pages and paths forced to HTTPS while also ensuring all others will remain as HTTP.
我有一个mod_rewrite用于干净 URL的 PHP-Apache 应用程序。我在将某些页面和路径强制为 HTTPS 的同时也确保所有其他页面和路径保持为 HTTP 时遇到了很多麻烦。
Here is an example of what I mean:
这是我的意思的一个例子:
// http://www.example.com/panel/ -> Should always redirect to HTTPS
// http://www.example.com/store/ -> Should always redirect to HTTPS
// Anything not in the above should always be HTTP
// so...
// https://www.example.com/not-in-above-rules -> Should always redirect to HTTP
Any ideas?
有任何想法吗?
回答by tersmitten
You can put something like this in your :80 vhost:
你可以在你的 :80 vhost 中放置这样的东西:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(panel/|store/payment) https://%{HTTP_HOST}%{REQUEST_URI}
And this in your :443 vhost:
这在您的 :443 vhost 中:
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule !^(panel/|store/payment) http://%{HTTP_HOST}%{REQUEST_URI}
回答by yfeldblum
The general rule of good security is: if someof your site requires HTTPS, then allof your site requires HTTPS. If you will be using HTTPS in the payment section, then your landing page should be HTTPS as well.
良好安全的一般规则是:如果您的某些站点需要 HTTPS,那么您的所有站点都需要 HTTPS。如果您将在付款部分使用 HTTPS,那么您的登录页面也应该是 HTTPS。
回答by Ass3mbler
to do it:
去做吧:
RewriteCond %{HTTP_HOST} ^www.example.com(:80)?$
RewriteRule ^/panel/(.*) https://www.example.com/panel/$1 [R=301,L]
RewriteRule ^/panel/(.*) https://www.example.com/panel/$1 [R=301,L]
the same for the other path
另一条路径相同
Hope it helps
希望能帮助到你
回答by toastyghost
None of these solutions works with pretty url's. One suggestion: we were getting browser security warnings just using the http_host in the rewrite. Evidently, Thawte is retarded and therefore prefixing with 'www' or not makes a difference as to the perceived validity of the certificate. Here are a few lines to ensure that redirects to the secure site are always prefixed with 'www':
这些解决方案都不适用于漂亮的网址。一个建议:我们只是在重写中使用 http_host 就收到了浏览器安全警告。显然,Thawte 是智障,因此前缀“www”与否对证书的感知有效性产生影响。这里有几行确保重定向到安全站点的前缀总是带有“www”:
RewriteCond %{HTTP_HOST} ^www\.mysite\.com [NC]
RewriteRule ^(login\.php|members\.php)$ https://%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{HTTP_HOST} ^mysite\.com [NC]
RewriteRule ^(login\.php|members\.php)$ https://www.${HTTP_HOST}%{REQUEST_URI}
Or to do it in a little less space, you could drop the 2nd line and hard-code the domain in the 4th. I'm sure there's a more elegant way of doing it, but htaccess is frustrating, and this works.
或者要在更少的空间内完成,您可以删除第 2 行并在第 4 行硬编码域。我确信有一种更优雅的方式来做到这一点,但 htaccess 令人沮丧,而这行得通。
