Correctly switching between HTTP and HTTPS using .

2020-01-25 06:41发布

站内问答 / 前沿技术
988 6 6

We've got a shopping site which we're hosting on a shared host (Mediatemple Gridserver). Some parts of the site need to use HTTPS (checkout etc) but the rest should be using HTTP.

Does anyone know how we can always force the correct use of HTTP/HTTPS for particular URLs? We've had it working in various states but we can't get a request for a page that should be on HTTP but is requested with HTTPS to switch back correctly.

I've had a look around SO but couldn't find a suitable answer to this.

6条回答
萌系小妹纸
2楼-- · 2020-01-25 06:56

This should work in pretty much every scenario and should work in your actual vhost or .htaccess:

RewriteEngine on
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^(.*)$ https://%{SERVER_NAME}/%{REQUEST_URI} [R=301,L]

(do not forget the slash before %{REQUEST_URI} as this may allow passing a portnumber, which is dangerous)

查看更多
0人赞 添加讨论(0) 举报
戒情不戒烟
3楼-- · 2020-01-25 06:58

As detailed in this answer, fix your application to use https:// links when needed. Don't rely on automatic redirections, this could lead you to a false sense of security if you haven't made your links/forms served over https:// go to https:// URLs too. Using mod_rewrite automatically makes it harder to detect such mistakes (which can also be vulnerabilities).

查看更多
0人赞 添加讨论(0) 举报
The star\"
4楼-- · 2020-01-25 07:05 
RewriteEngine on
RewriteCond %{HTTPS} off [OR] 
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{SERVER_NAME}/%{REQUEST_URI} [R=301,L]

I had some problem being behind a loadballancer. This how i fixed it.

查看更多
0人赞 添加讨论(0) 举报
Animai°情兽
5楼-- · 2020-01-25 07:15

For me worked this (I used it for wordpress site and redirecting to HTTPS). You have to add the condition and rule lines just behind RewriteEngine and RewriteBase lines:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

# I added these two lines for redirect to HTTPS
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R=301,L]
# (end of custom modifications)

RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress`

Have a look to condition RewriteCond %{HTTP:X-Forwarded-Proto} !https - only this worked for my server hosting. (I tried RewriteCond %{SERVER_PORT} !^443$ or RewriteCond %{HTTPS} off as well, but without success.

查看更多
0人赞 添加讨论(0) 举报
对你真心纯属浪费
6楼-- · 2020-01-25 07:17

I use something similar to this for my admin folder in wordpress:

#redirect all https traffic to http, unless it is pointed at /checkout
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/checkout/?.*$
RewriteRule ^(.*)$ http://mydomain.com/$1 [R=301,L]

The RewriteCond %{HTTPS} on portion may not work for all web servers. My webhost requires RewriteCond %{HTTP:X-Forwarded-SSL} on, for instance.

If you want to force the reverse, try:

#redirect all http traffic to https, if it is pointed at /checkout
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/checkout/?.*$
RewriteRule ^(.*)$ https://mydomain.com/$1 [R=301,L]

If you want some alternate ways to do it, check out askapache.

查看更多
0人赞 添加讨论(0) 举报
我命由我不由天
7楼-- · 2020-01-25 07:18

I think it should be:

RewriteCond %{HTTPS}  =on
^/checkout(.*) http://shoppingsite.com/checkout$1 [R]

See the mod_rewrite documentation.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)