我有以下htaccess代码:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond !{HTTPS} off
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
我希望我的网站被重定向到https://www。使用HTTPS,并强制执行www。子域名, 但当我访问http://www时。(没有HTTPS),它不会重定向到https://www与HTTPS。
当前回答
有很多解决方案。这里有一个apache wiki的链接,它直接处理了这个问题。
http://wiki.apache.org/httpd/RewriteHTTPToHTTPS
RewriteEngine On
# This will enable the Rewrite capabilities
RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# This rule will redirect users from their original location, to the same location but using HTTPS.
# i.e. http://www.example.com/foo/ to https://www.example.com/foo/
# The leading slash is made optional so that this will work either in httpd.conf
# or .htaccess context
其他回答
要首先强制使用HTTPS,您必须检查正确的环境变量%{HTTPS} off,但是上面的规则将www。因为你有第二条规则来执行www.,所以不要在第一条规则中使用它。
RewriteEngine On
RewriteCond %{HTTPS} off
# First rewrite to HTTPS:
# Don't put www. here. If it is already there it will be included, if not
# the subsequent rule will catch it.
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Now, rewrite any request to the wrong domain to use www.
# [NC] is a case-insensitive match
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
关于代理
在某些形式的代理背后,客户端通过HTTPS连接到代理、负载均衡器、Passenger应用程序等,%{HTTPS}变量可能永远不会打开,并导致重写循环。这是因为即使客户端和代理/负载均衡器使用的是HTTPS,应用程序实际上接收的是纯HTTP流量。在这些情况下,检查X-Forwarded-Proto报头,而不是%{HTTPS}变量。这个答案显示了适当的过程
糟糕的解决方案,为什么!
永远不要使用下面的解决方案,因为当你使用他们的代码时,它是这样的:
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.example.com%{REQUEST_URI} [L,R=301]
浏览器进入:
http://example.com
然后重定向到:
https://example.com
然后重定向到:
https://www.example.com
这对服务器来说请求太多了。
大多数答案甚至是公认的都有这个问题。
最好的解决方案和答案
这段代码有一个[OR]条件,以防止url的双重更改!
RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule (.*) https://www.example.com%{REQUEST_URI} [R=301,L]
类似于Amir Forsati的解决方案htaccess重定向到https://www,但对于变量域名,我建议:
RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} ^(www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%2%{REQUEST_URI} [R=301,L]
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R]
这是我为代理用户和非代理用户找到的最好的方法
RewriteEngine On
### START WWW & HTTPS
# ensure www.
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# ensure https
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
### END WWW & HTTPS
