如何强制网站SSL下要浏览的某些部分? [英] How to force certain sections of the website to be browsed under SSL?
问题描述
在我们网站的某些部分或页面处理敏感的用户或帐户信息。我想强制用户浏览HTTPS下这些页面。而其他网页公开内容应根据HTTP使用。我正打算在安装IIS URL重写模块和编写规则以实现这一目标。我不知道如何写在web.config中的规则重定向。
On our website certain sections or pages deal with sensitive user or account information. I want to force the users to browse those pages under HTTPS. Whereas other pages with public content should be available under HTTP. I was planning to install url Rewrite module on IIS and write rules to achieve this. I am not sure how to write the rules in web.config for redirection.
服务器:IIS 7.5
Server: IIS 7.5
根据SSL页面示例:
-
mywebsite.com.au/login
mywebsite.com.au/login
mywebsite.com.au/login /
mywebsite.com.au/login/
所有不上面指定的URL模式来下的页面应该只在HTTP浏览。
All the pages that do not come under the URL pattern specified above should be browsed under http only.
推荐答案
下面我去实现,实现了基于HTTP> HTTPS和https-> HTTP重定向服务器的重写规则。请注意,基于HTTP> HTTPS重定向,你也必须为从http CSS,JS和图像文件的请求重定向到HTTPS,否则浏览器可能会拒绝执行这些文件。
Here goes the rewrite rules I implemented to achieve the http->https and https->http redirection. Please note that on http->https redirection, you also have to redirect the request for css, js and images files from http to https otherwise the browser might decline to execute these files.
<一个href=\"http://forums.iis.net/p/1222318/2097272.aspx?Re%20How%20to%20force%20certain%20urls%20of%20an%20website%20to%20be%20browsed%20under%20SSL%20using%20urlRewrite%20\"相对=nofollow>您还可以检查IIS论坛的讨论。
<rewrite>
<rules>
<rule name="HTTPS to HTTP redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="ON" />
<add input="{URL}" pattern="^/login" negate="true" />
<add input="{URL}" pattern="^/member" negate="true" />
<add input="{URL}" pattern="^/(.*)(.js|.css|.png|.jpg|.woff)" negate="true" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="http://{HTTP_HOST}/{R:1}" />
</rule>
<rule name="HTTP to HTTPS redirect login" stopProcessing="true">
<match url="^login" />
<conditions>
<add input="{HTTPS}" pattern="OFF" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/login/" />
</rule>
<rule name="HTTP to HTTPS redirect member" stopProcessing="true">
<match url="^member/(.*)" />
<conditions>
<add input="{HTTPS}" pattern="OFF" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/member/{R:1}" />
</rule>
<rule name="HTTP to HTTPS redirect resources" stopProcessing="true">
<match url="http://(.*)(.css|.js|.png|.jpg|.woff)" />
<conditions>
<add input="{HTTPS}" pattern="ON" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/{R:1}{R:2}" />
</rule>
</rules>
</rewrite>
这篇关于如何强制网站SSL下要浏览的某些部分?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!