How do I force HTTPS (Cloudflare Flexible SSL)?

2019-03-04 14:30发布

站内问答 / PHP
1283 5 6

I am using Cloudflare Flexible SSL on a website I programmed myself (no framework or CMS). Everything is working and now I want to use HTTPS on the whole site. I use PHP on Apache web server.

I am wondering how I should approach this and redirect all users to HTTPS.

Currently my .htaccess is set up like this:

# Force www.
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]

I have seen this answer on stackoverflow, but it points to another answer which is not as simple and doesn't recommend rewrites.

This is the Apache recommendation:

<VirtualHost *:80>
    ServerName www.example.com
    Redirect "/" "https://www.example.com/"
</VirtualHost >

<VirtualHost *:443>
    ServerName www.example.com
    # ... SSL configuration goes here
</VirtualHost >

But frankly, I have no clue what this means.

How can I redirect users to HTTPS and www? Anything I should be aware of, when switching to HTTPS?

5条回答
我只想做你的唯一
2楼-- · 2019-03-04 14:53

The best way is to use Cloudflare.

On the Cloudflare website:

  1. Go to "Page Rules" top button
  2. Add new rule: Always use https [ON]

Or you can use in your .htaccess:

RewriteEngine On
# Redirect with www
RewriteCond %{HTTP_HOST} !^www\.example\.com [NC,OR]
# Redirect to https
#    With Cloudflare:
RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"'
#    Without Cloudflare:
# RewriteCond %{HTTPS} off 
RewriteRule ^ https://www.example.com%{REQUEST_URI} [NE,R=301,L]
查看更多
0人赞 添加讨论(0) 举报
我想做一个坏孩纸
3楼-- · 2019-03-04 14:56

You could try putting this in your .htaccess file.

RewriteEngine On
RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"'
RewriteRule ^(.*)$ https://www.example.com$1 [L]

This will check to see if the visitor is visiting over http. If so it will redirect to the https version of the same page.

查看更多
0人赞 添加讨论(0) 举报
三岁会撩人
4楼-- · 2019-03-04 14:58

Something like this might work:

   RewriteEngine On
   RewriteCond %{HTTPS} off
   RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
查看更多
0人赞 添加讨论(0) 举报
叛逆
5楼-- · 2019-03-04 14:59

Well I Think there is an easy way to do
just open cloud flare dashbaoard
go to crypto section
in SSL section select full scroll down and you will see this section

Always Use HTTPS Redirect all requests with scheme “HTTP” to “HTTPS”. This applies to all HTTP requests to the zone.
turn it to on
all done

Source

查看更多
0人赞 添加讨论(0) 举报
虎瘦雄心在
6楼-- · 2019-03-04 15:06

Looks like all of the previous answers are out-of-date.

Here's what worked for me:

RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTP:CF-Visitor} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

I came up with this by going to the support article How do I fix the infinite redirect loop error after enabling Flexible SSL with WordPress?. Then I went to the the linked CloudFlare Flexible SSL. I looked at the source code and I found this:

public function run() {

  $aIcwpHttpsServerOpts = array( 'HTTP_CF_VISITOR', 'HTTP_X_FORWARDED_PROTO' );
  foreach( $aIcwpHttpsServerOpts as $sOption ) {

    if ( isset( $_SERVER[ $sOption ] ) && ( strpos( $_SERVER[ $sOption ], 'https' ) !== false ) ) {
      $_SERVER[ 'HTTPS' ] = 'on';
      break;
    }
  }

  if ( is_admin() ) {
    add_action( 'admin_init', array( $this, 'maintainPluginLoadPosition') );
  }
}

Then I translated that into an .htaccess rule.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)