我在谷歌和StackOverflow周围搜索,试图找到一个解决方案,但他们似乎都与ASP有关。净等。
我通常在我的服务器上运行Linux,但对于这个客户端,我使用带有IIS 7.5(和Plesk 10)的Windows。这就是为什么我对IIS和web有点不熟悉的原因。配置文件。在.htaccess文件中,您可以使用重写条件来检测协议是否为HTTPS并相应地重定向。有没有一个简单的方法来实现这一点使用网络。配置文件,甚至使用'URL重写'模块,我已经安装?
我没有ASP的经验。NET因此,如果这涉及到解决方案,那么请包括如何实现的明确步骤。
我这样做的原因是。配置而不是PHP是我想强制HTTPS在网站内的所有资产。
在.Net Core中,请遵循https://learn.microsoft.com/en-us/aspnet/core/security/enforcing-ssl上的说明
在startup.cs中添加以下内容:
// Requires using Microsoft.AspNetCore.Mvc;
public void ConfigureServices(IServiceCollection services)
{
services.Configure<MvcOptions>(options =>
{
options.Filters.Add(new RequireHttpsAttribute());
});`enter code here`
要将Http重定向到Https,请在startup.cs . xml文件中添加以下内容
// Requires using Microsoft.AspNetCore.Rewrite;
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
var options = new RewriteOptions()
.AddRedirectToHttps();
app.UseRewriter(options);
当您在AWS上使用带有应用程序负载均衡器的IIS 10时,必须按以下方式配置重定向。
<rule name="Force HTTPS" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTP_X_Forwarded_Proto}" pattern="^https$" negate="true" />
<add input="{HTTP_HOST}" pattern="^(www\.)?dname\.com$" />
</conditions>
<action type="Redirect" url="https://www.dname.com{REQUEST_URI}" />
</rule>
如果你有子域重定向使用如下:
<!--START REDIRECT TO HTTPS-->
<rule name="Force HTTPS" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTP_X_Forwarded_Proto}" pattern="^https$" negate="true" />
<add input="{HTTP_HOST}" pattern="subdomain\.domain\.com$" />
</conditions>
<action type="Redirect" url="https://subdomain.domain.com{REQUEST_URI}" />
</rule>
<!--END REDIRECT TO HTTPS-->
我不允许在我的环境中安装URL重写,所以,我找到了另一个路径。
把这个加到我的网里。config添加了错误重写,并适用于iis7.5:
<system.webServer>
<httpErrors errorMode="Custom" defaultResponseMode="File" defaultPath="C:\WebSites\yoursite\" >
<remove statusCode="403" subStatusCode="4" />
<error statusCode="403" subStatusCode="4" responseMode="File" path="redirectToHttps.html" />
</httpErrors>
然后,按照这里的建议:https://www.sslshopper.com/iis7-redirect-http-to-https.html
我将IIS网站配置为需要SSL,并创建了html文件,在403(禁止)错误时执行重定向(redirectToHttps.html):
<html>
<head><title>Redirecting...</title></head>
<script language="JavaScript">
function redirectHttpToHttps()
{
var httpURL= window.location.hostname + window.location.pathname + window.location.search;
var httpsURL= "https://" + httpURL;
window.location = httpsURL;
}
redirectHttpToHttps();
</script>
<body>
</body>
</html>
我希望有人发现这是有用的,因为我无法找到所有的碎片在一个地方在其他地方。
为了补充LazyOne的答案,这里有一个注释版本的答案。
<rewrite>
<rules>
<clear />
<rule name="Redirect all requests to https" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action
type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}"
redirectType="Permanent" appendQueryString="false" />
</rule>
</rules>
</rewrite>
Clear all the other rules that might already been defined on this server. Create a new rule, that we will name "Redirect all requests to https". After processing this rule, do not process any more rules! Match all incoming URLs. Then check whether all of these other conditions are true: HTTPS is turned OFF. Well, that's only one condition (but make sure it's true). If it is, send a 301 Permanent redirect back to the client at http://www.foobar.com/whatever?else=the#url-contains. Don't add the query string at the end of that, because it would duplicate the query string!
这就是属性、属性和一些值的含义。
clear removes all server rules that we might otherwise inherit.
rule defines a rule.
name an arbitrary (though unique) name for the rule.
stopProcessing whether to forward the request immediately to the IIS request pipeline or first to process additional rules.
match when to run this rule.
url a pattern against which to evaluate the URL
conditions additional conditions about when to run this rule; conditions are processed only if there is first a match.
logicalGrouping whether all the conditions must be true (MatchAll) or any of the conditions must be true (MatchAny); similar to AND vs OR.
add adds a condition that must be met.
input the input that a condition is evaluating; input can be server variables.
pattern the standard against which to evaluate the input.
ignoreCase whether capitalization matters or not.
action what to do if the match and its conditions are all true.
type can generally be redirect (client-side) or rewrite (server-side).
url what to produce as a result of this rule; in this case, concatenate https:// with two server variables.
redirectType what HTTP redirect to use; this one is a 301 Permanent.
appendQueryString whether to add the query string at the end of the resultant url or not; in this case, we are setting it to false, because the {REQUEST_URI} already includes it.
服务器变量为
{HTTPS}是关闭或打开。
{HTTP_HOST}是www.mysite.com,和
{REQUEST_URI}包含URI的其余部分,例如/home?键=值
浏览器处理#片段(参见LazyOne的评论)。
参见:https://www.iis.net/learn/extensions/url-rewrite-module/url-rewrite-module-configuration-reference