How to enable SSL only on specified XAMPP director

2020-08-01 04:32发布

站内文章 / 前端开发
88 0 0

问题:

I've been able to use makecert to make a self signed cert which currently enables HTTPS on all directories in C://XAMPP/htdocs

I have two directories which I want to be different,

c:/XAMPP/htdocs/PLACEHOLDER1 
c:/XAMPP/htdocs/PLACEHOLDER2

I was wondering if it'd be possible have the SSL scope limited to one directory, say in this case 'placeholder1'.

It's my first time using SSL so sorry for any confusions.

回答1:

http://robsnotebook.com/xampp-ssl-encrypt-passwords has some good information on how to make folders accessible by SSL encryption only. It specifically covers these two items, this is not a direct quote, but is an excerpt of the essence to answer your question:

Make folders accessible with SSL encryption only
First, we need to inform Apache that the folders you want to encrypt should use always use encryption (and never go in the clear). This is accomplished by putting an SSLRequireSSL directive inside of each desired <Directory> listing in the config files (it is ok to put it at the end, just before the </Directory>).

Alias /web_folder_name "C:/xampp/foldername"
<Directory "C:/xampp/foldername">
    ...
    ...
    SSLRequireSSL
</Directory>

Redirect “http” to “https” for certain folders

This next optional step is to redirect “http” requests to “https” requests for the pages we want to secure. This is more user friendly and allows you to still use http when you type in the address (and automatically switch to https:// and encryption). If you don’t do this, and you used SSLRequireSSL, you will only be able to access these pages by typing https://. This is fine and probably a little bit more secure, but is not so user friendly. To accomplish the redirection, we will use mod_rewrite so that we don’t have to use the server name in this part of the config file. This helps keep small the number of places in the config files where the server name is written (making your config files more maintainable).

First, we need to make sure that mod_rewrite is enabled. To do this, edit c:\xampp\apache\conf\httpd.conf and get rid of the comment (# character) in this line:

#LoadModule rewrite_module modules/mod_rewrite.so

to make it look like this:

LoadModule rewrite_module modules/mod_rewrite.so

Now, paste the following text into the top of c:\xampp\apache\conf\extra\httpd-xampp.conf:

<IfModule mod_rewrite.c>
    RewriteEngine On

    # Redirect /xampp folder to https
    RewriteCond %{HTTPS} !=on
    RewriteCond %{REQUEST_URI} xampp
    RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]

    # Redirect /phpMyAdmin folder to https
    RewriteCond %{HTTPS} !=on
    RewriteCond %{REQUEST_URI} phpmyadmin
    RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]

    # Redirect /security folder to https
    RewriteCond %{HTTPS} !=on
    RewriteCond %{REQUEST_URI} security
    RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]

    # Redirect /webalizer folder to https
    RewriteCond %{HTTPS} !=on
    RewriteCond %{REQUEST_URI} webalizer
    RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]
</IfModule>

If you have other folders you want to redirect to https://, add the generic text below (but substitute your folder name):

# Redirect /folder_name folder to https
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} folder_name
RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]


标签: apache ssl xampp
举报

收藏的人(0)

Ta的文章 更多文章
登录 后发表评论
0条评论
还没有人评论过~