htaccessredirect到https:// www
我有以下的htaccess代码:
<IfModule mod_rewrite.c> RewriteEngine On RewriteCond !{HTTPS} off RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301] RewriteCond %{HTTP_HOST} !^www\. RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301] </IfModule>
我希望我的网站被redirect到https://www.
与HTTPS,并执行www.
子域,但是当我访问http://www.
(没有HTTPS),它不会将我redirect到使用HTTPS的https://www
。
要首先强制执行HTTPS,您必须先检查正确的环境variables%{HTTPS} off
,但是您的规则会预先设置www.
由于您有第二个规则来执行www.
,不要在第一条规则中使用它。
RewriteCond %{HTTPS} off # First rewrite to HTTPS: # Don't put www. here. If it is already there it will be included, if not # the subsequent rule will catch it. RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # Now, rewrite any request to the wrong domain to use www. # [NC] is a case-insensitive match RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
关于代理
当客户端通过HTTPS连接到代理,负载均衡器,乘客应用程序等某些forms的代理时, %{HTTPS}
variables可能永远不会on
并导致重写循环。 这是因为即使客户端和代理/负载均衡器正在使用HTTPS,您的应用程序实际上仍在接收纯HTTPstream量。 在这些情况下,请检查X-Forwarded-Proto
标题而不是%{HTTPS}
variables。 这个答案显示了适当的过程
Michals答案为我工作,虽然有一个小的修改:
问题:
当您拥有单个网站安全证书时 ,将尝试访问您的网页而不使用https:// www。 (或者您的证书所涵盖的任何域名)将在其收到redirect到安全正确的https页面之前显示一个丑陋的红色警告屏幕。
解
首先使用redirect到www(或任何您的证书所涵盖的域),然后只做httpsredirect。 这将确保您的用户不会遇到任何错误,因为您的浏览器发现一个不包含当前url的证书。
#First rewrite any request to the wrong domain to use the correct one (here www.) RewriteCond %{HTTP_HOST} !^www\. RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301] #Now, rewrite to HTTPS: RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
如果您正在使用CloudFlare或类似的CDN,则会在此处提供的%{HTTPS}解决scheme中收到无限循环错误。 如果你是CloudFlare用户,你需要使用这个:
RewriteEngine On RewriteCond %{HTTP:X-Forwarded-Proto} =http RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
那里有很多解决scheme。 这里是一个链接到apache wiki,它直接处理这个问题。
http://wiki.apache.org/httpd/RewriteHTTPToHTTPS
RewriteEngine On # This will enable the Rewrite capabilities RewriteCond %{HTTPS} !=on # This checks to make sure the connection is not already HTTPS RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] # This rule will redirect users from their original location, to the same location but using HTTPS. # ie http://www.example.com/foo/ to https://www.example.com/foo/ # The leading slash is made optional so that this will work either in httpd.conf # or .htaccess context
这是我find的最好的方式,而不是代理用户
RewriteEngine On ### START WWW & HTTPS # ensure www. RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # ensure https RewriteCond %{HTTP:X-Forwarded-Proto} !https RewriteCond %{HTTPS} off RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] ### END WWW & HTTPS
糟糕的解决scheme和为什么!
当你使用这个代码时:
RewriteCond %{HTTPS} off RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteRule .* https://www.example.com%{REQUEST_URI} [L,R=301]
浏览器转到:
http://example.com
然后redirect到:
https://example.com
然后redirect到:
https://www.example.com
这对服务器来说太多了
最好的解决scheme和答案:
RewriteEngine on RewriteCond %{HTTPS} off [OR] RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteRule (.*) https://www.example.com%{REQUEST_URI} [R=301,L]
此代码有一个[OR]
条件,以防止在URL更改!
要将http://或https://redirect到https:// www,您可以在所有版本的Apache上使用以下规则:
RewriteEngine on RewriteCond %{HTTPS} off [OR] RewriteCond %{HTTP_HOST} !^www\. RewriteRule ^ https://www.example.com%{REQUEST_URI} [NE,L,R]
Apache 2.4
RewriteEngine on RewriteCond %{REQUEST_SCHEME} http [OR] RewriteCond %{HTTP_HOST} !^www\. RewriteRule ^ https://www.example.com%{REQUEST_URI} [NE,L,R]
请注意,自%apache 2.4以来,%{REQUEST_SCHEME}variables可用。
如果你在CloudFlare上,确保你使用这样的东西。
# BEGIN SSL Redirect <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTP:X-Forwarded-Proto} =http RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] </IfModule> # END SSL Redirect
这将使您免于redirect循环,并将您的网站安全地redirect到SSL。
PS这是一个好主意,如果检查mod_rewrite.c!
设置在你的.htaccess文件中
RewriteEngine On RewriteCond %{HTTP_HOST} !^www. RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L] RewriteCond %{HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
这将同时适用于https和www
RewriteCond %{HTTPS} !=on # This checks to make sure the connection is not already HTTPS RewriteRule ^/?(.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]