重定向的https:// WWW到https://非www - 没有看到证书错误,可能吗? [英] Redirecting https://www to https://non-www - without seeing certificate error, possible?
问题描述
所以,我的SSL证书只适用于的 https://example.com 的 - 不是的 https://www.example.com 的(不能抱怨,这是免费)。
冒险进入的mod_rewrite和大量阅读(主要来自计算器),我有一个做最什么,我需要一个.htaccess文件之后,这里要说的是文件(域节录当然)。
< IfModule mod_rewrite.c>
RewriteEngine叙述上
#First重写任何请求错误的域使用正确的
的RewriteCond%{HTTP_HOST}!^子域\。
的RewriteCond%{HTTP_HOST} ^(WWW | FTP |邮件)\例如\ .COM [NC]
重写规则^(。*)$ http://example.com/$1 [R = 301,L]
#REDIRECT这些子域名到子文件夹
的RewriteCond%{HTTP_HOST} ^([^ /] +)\。例如\ .COM $
的RewriteCond%1 ^!(WWW | FTP |邮件)$ [NC]
重写规则(+)$http://example.com/%1[L,P]
#Now,改写为HTTPS:
的RewriteCond%{} HTTPS关闭
的RewriteCond%{HTTP:X-转发,原}!HTTPS
重写规则^ $ HTTPS(*)://%{HTTP_HOST}%{REQUEST_URI} [L,R = 301]
< / IfModule>
该脚本包含注释为它做什么(我需要他们比你想象的多)。 还有对于那些被重定向(根Web文件夹的子文件夹,与之搭配的子域名)的子域和我的DNS服务器上附带的DNS条目在文件夹上一个额外的.htaccess文件。在该文件夹中的.htaccess简单的重定向HTTP(80端口)为https。
目前,它做什么,我需要,但我在寻找更简单的方式来写这个。并通过简单的,也可能意味着更全局的(如果它使得它比硬编码域更快),并且如果有任何的速度改进从所述重写来获得。
由于previously提到的,我的证书是唯一的非www example.com域所以这使我想到的第二个(但我的主)的问题。
流量路由像这样: https://www.example.com 的将会看到错误的任何路由之前,重写等也在不断进行。这是因为,到Web服务器的连接甚至还没有发生在这一点上,正确的吗?这实际上是服务器移交证书上,说的浏览器: 等一下!的
有没有一种方法,以prevent流量打你的服务器的方式不当(的https:// WWW 的)?前的浏览器提供了一个证书错误
此不必被限制为只是htaccess的方法
有没有办法做到这一点 - 所有?那是什么呀?
编辑:的
我有几个问题,我的条件和重写击球查询它不应该。我也有几个重定向回路使领导交给apache.org研究的;所以只是作为一种方法来跟踪在这里说,变化的是.htaccess文件现在:
< IfModule mod_rewrite.c>
RewriteEngine叙述上
#首先重写任何请求错误的域使用正确的
的RewriteCond%{HTTP_HOST} ^(WWW | FTP |邮件)\例如\ .COM $ [NC]
重写规则^(。*)$ http://example.com/$1
#重定向这些子域名到子文件夹
的RewriteCond%{HTTP_HOST} ^([^ /] +)\。例如\ .COM $
的RewriteCond%{REQUEST_URI}!^([^ /。] +)/([^ /。] +)
的RewriteCond%1 ^!(WWW | FTP |邮件)$ [NC]
重写规则^(。*)$ http://example.com/%1$1 [L,NC,QSA]
#Now,改写为HTTPS:
的RewriteCond%{} HTTPS关闭
的RewriteCond%{HTTP_HOST}!^ $
的RewriteCond%{HTTP_HOST} ^ HTTP://例如\ .COM / $ [NC]
重写规则^ / HTTPS?(*)://%{HTTP_HOST} / $ 1 [L,R,NE]
< / IfModule>
有没有一种方法,以prevent流量打你的服务器的方式不当(https://开头WWW)?前的浏览器提供了一个证书错误
没有,还有什么可以做,你的评价是正确的,因为浏览器的外观在服务器证书,并认为该主机不匹配,并显示错误。不是由服务器产生的错误,并且这发生之前的请求,即使发送到服务器。这发生在SSL握手期间。唯一的事情可以做,是prevent任何 HTTP:从现有// WWW 链接,或购买一个新的证书,包括WWW
至于你的规则,真的没有办法简化它,因为你必须为每个规则的多个条件。
So my SSL certificate only applies to https://example.com - not https://www.example.com (can't complain, it was free).
After venturing into mod_rewrite and a lot of reading (mostly from stackoverflow) I have an .htaccess file that does most of what I need, here is that file (with domain redacted of course).
<IfModule mod_rewrite.c>
RewriteEngine On
#First rewrite any request to the wrong domain to use the correct one
RewriteCond %{HTTP_HOST} !^subdomain\.
RewriteCond %{HTTP_HOST} ^(www|ftp|mail)\.example\.com [NC]
RewriteRule ^(.*)$ http://example.com/$1 [R=301,L]
#Redirect these subdomains to a subfolder
RewriteCond %{HTTP_HOST} ^([^/.]+)\.example\.com$
RewriteCond %1 !^(www|ftp|mail)$ [NC]
RewriteRule (.+)$ "http://example.com/%1" [L,P]
#Now, rewrite to HTTPS:
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
The script contains comments as to what it does (I need them more than you think). And there is an additional .htaccess file on the folder for the subdomain that is being redirected (a subfolder in the root web folder, with matching subdomain name) and the accompanying dns entry on my dns server. The .htaccess on that folder simply redirects http (port 80) to https.
At the moment, it does what I need but I'm looking for simpler ways to write this. And by simpler it could also mean more global (if it makes it faster than hardcoding domains) and if there are any speed improvements to gain from said rewrite.
As previously mentioned, my certificate is only for a non-www example.com domain so this brings me to the second (but my main) question.
Traffic that is routed like so: https://www.example.com will see the error before any routing, rewrite, etc is ever done. This is because a connection to the web server has not even happened at this point, correct? This is essentially your server handing your certificate over and the browser saying: wait a minute!
Is there a way to prevent traffic to hit your server the improper way (https://www) before the browser gives out a certificate error?
This does not have to be restricted to just the .htaccess method.
Is there a way to do this - at all? And what is that way?
Edit:
I was having a few issues with my conditions and rewrites hitting queries it should not. I was also having a few redirect loops so headed over to apache.org to research that; so just as a way to keep track of said changes here is the .htaccess file now:
<IfModule mod_rewrite.c>
RewriteEngine On
# First rewrite any request to the wrong domain to use the correct one
RewriteCond %{HTTP_HOST} ^(www|ftp|mail)\.example\.com$ [NC]
RewriteRule ^(.*)$ http://example.com/$1
# Redirect these subdomains to a subfolder
RewriteCond %{HTTP_HOST} ^([^/.]+)\.example\.com$
RewriteCond %{REQUEST_URI} !^([^/.]+)/([^/.]+)
RewriteCond %1 !^(www|ftp|mail)$ [NC]
RewriteRule ^(.*)$ http://example.com/%1$1 [L,NC,QSA]
#Now, rewrite to HTTPS:
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} ^http://example\.com/$ [NC]
RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [L,R,NE]
</IfModule>
Is there a way to prevent traffic to hit your server the improper way (https:// www) before the browser gives out a certificate error?
No, there's nothing you can do, your assessment is correct that the browser looks at the server certificate and sees that the host doesn't match and displays the error. The error isn't generated by the server, and this happens before a request is even sent to the server. This happens during the SSL handshake. The only things you can do are prevent any http://www links from existing, or buy a new certificate that includes "www".
As for your rules, there's really no way to simplify it since you have multiple conditions for each rule.
这篇关于重定向的https:// WWW到https://非www - 没有看到证书错误,可能吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
