我试图重定向所有不安全的HTTP请求在我的网站(例如http://www.example.com)到HTTPS (https://www.example.com)。我如何在.htaccess文件中做到这一点?
我用的是PHP。
当前回答
我发现最好的方式https和www域名是
RewriteCond %{HTTPS} off
RewriteCond %{HTTPS_HOST} !^www.example.com$ [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301]
其他回答
Not only can you do this in your .htaccess file, you should be doing this period. You will also want to follow the steps here to get your site listed on the HSTS preload list after you implement this redirect so that any requests to the insecure http version of your website never make it past the user agent. Instead, the user agent checks the requested URI against a baked in list of https only websites and, if the requested URI is on that list, changes the protocol from http to https before transmitting the request to the server. Therefore, the insecure request never makes it out into the wild and never hits the server. Eventually when the internet changes over to https only the HSTS preload list will not be needed. Until then, every site should be using it.
为了执行重定向,我们需要启用重写引擎,然后将所有流量从http端口80重定向到https。
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://yourwebsite.tld/$1 [L,R=301]
这将重定向所有的url到https和www
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTPS_HOST} !^www.example.com$ [NC,OR]
RewriteCond %{HTTP_HOST} !^www.example.com$ [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301]
把这段代码放到你的。htaccess文件中 自动将HTTP重定向到HTTPS
RewriteEngine上 重写%{HTTPS} off RewriteRule ^(. *)美元https://% {HTTP_HOST} % {REQUEST_URI} (L, R = 301)
如果希望从tomcat服务器执行以下步骤
在一个独立的Apache Tomcat (8.5.x) HTTP服务器中,如何配置它,以便如果用户输入www.domain.com,他们将被自动转发到https(www.domain.com)站点。
2步方法:在[Tomcat_base]/conf/web.xml的结束标记之前包含以下内容
step 1:
<security-constraint>
<web-resource-collection>
<web-resource-name>HTTPSOnly</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
设置[Tomcat_base]/conf/server.xml连接器设置:
step 2:
<Connector URIEncoding="utf-8" connectionTimeout="20000" port="80" protocol="HTTP/1.1" redirectPort="443"/>
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="[keystorelocation]" type="RSA" />
</SSLHostConfig>
</Connector>
注意:如果您已经进行了https配置并尝试重定向,则只执行第1步。
这将会有帮助。
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
此外,参考这更多的细节。如何重定向Http到Https?
推荐文章
- 最好的方法在asp.net强制https为整个网站?
- 如何阻止恶意代码欺骗“Origin”报头来利用CORS?
- 阻止人们入侵基于php的Flash游戏高分表的最佳方法是什么
- 为什么说“HTTP是无状态协议”?
- 我需要HTTP GET请求的内容类型报头吗?
- 如何允许本地主机上的Apache使用HTTPS ?
- 如何让Chrome允许混合内容?
- 无法识别的SSL消息,明文连接?异常
- 正确的方式删除cookies服务器端
- REST DELETE真的是幂等的吗?
- 了解Chrome网络日志“停滞”状态
- 在.htaccess中将非www重定向到www
- 用户代理字符串可以有多大?
- 什么是接受* HTTP报头q=0.5 ?
- HTTP状态码200(缓存)和状态码304之间有什么区别?
