如何使用 web.config 文件强制使用 HTTPS [英] How to force HTTPS using a web.config file

问题描述

我在 Google 和 StackOverflow 上搜索，试图找到解决方案，但它们似乎都与 ASP.NET 等有关.

I have searched around Google and StackOverflow trying to find a solution to this, but they all seem to relate to ASP.NET etc.

我通常在我的服务器上运行 Linux，但对于这个客户端，我使用的是带有 IIS 7.5(和 Plesk 10)的 Windows.这就是我对 IIS 和 web.config 文件有点陌生的原因.在 .htaccess 文件中，您可以使用重写条件来检测协议是否为 HTTPS 并相应地重定向.是否有一种简单的方法可以使用 web.config 文件或什至使用我已安装的URL 重写"模块来实现此目的?

I usually run Linux on my servers but for this one client I am using Windows with IIS 7.5 (and Plesk 10). This being the reason why I am slightly unfamiliar with IIS and web.config files. In an .htaccess file you can use rewrite conditions to detect whether the protocol is HTTPS and redirect accordingly. Is there a simple way to achieve this using a web.config file, or even using the 'URL Rewrite' module that I have installed?

我没有使用 ASP.NET 的经验，所以如果这涉及到解决方案，那么请包括如何实施的明确步骤.

I have no experience with ASP.NET so if this is involved in the solution then please include clear steps of how to implement.

我使用 web.config 而不 PHP 这样做的原因是我想对站点内的所有资产强制使用 HTTPS.

The reason for me doing this with the web.config and not PHP is that I would like to force HTTPS on all assets within the site.

推荐答案

你需要 URL Rewrite 模块，最好是 v2(我没有安装 v1，所以不能保证它会在那里工作，但应该).

You need URL Rewrite module, preferably v2 (I have no v1 installed, so cannot guarantee that it will work there, but it should).

以下是此类 web.config 的示例——它将强制所有资源使用 HTTPS(使用 301 永久重定向):

Here is an example of such web.config -- it will force HTTPS for ALL resources (using 301 Permanent Redirect):

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <clear />
                <rule name="Redirect to https" stopProcessing="true">
                    <match url=".*" />
                    <conditions>
                        <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

附言这个特定的解决方案与 ASP.NET/PHP 或任何其他技术无关，因为它仅使用 URL 重写模块完成 - 它在初始/较低级别之一处理 - 在请求到达您的代码获取的点之前执行.

P.S. This particular solution has nothing to do with ASP.NET/PHP or any other technology as it's done using URL rewriting module only -- it is processed at one of the initial/lower levels -- before request gets to the point where your code gets executed.

这篇关于如何使用 web.config 文件强制使用 HTTPS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！