重写规则违反而从HTTPS切换到HTTP [英] RewriteRule violates while switching from https to http
问题描述
我写了很多的重写规则我的.htaccess
文件,但是当我从切换出现问题的 HTTPS 为 HTTP 页;它不遵循这些规则
注意:一切工作正常localhost上,问题是在服务器16; ---- 更新
下面是我的网站,目前所有的链接显示为每个重写规则*
有关如关于我们页的链接显示为
http://www.mywebsite.com/about
但
如果我在 登录页
(这是对 HTTPS
),然后点击关于我们页,然后它变成如下。
http://www.mywebsite.com/about?slug=about_us
如果我点击左侧面板上的类别,然后将它作为
http://www.mywebsite.com/auction/category/1?cid=1
注意:即使鼠标悬停在页面上显示重写链路
下面是的.htaccess
文件与所需的信息。
IndexIgnore *
RewriteEngine叙述上
选项+的FollowSymLinks
的RewriteBase /
的RewriteCond%{} REQUEST_FILENAME!-f
的RewriteCond%{} REQUEST_FILENAME!-d
重写规则^拍卖/分类/([0-9] +)/ $ bids.php?CID = $ 1 [NC]
重写规则^登录/?$的login.php [NC]
重写规则^登记/?$ register.php [NC]
重写规则^注销/?$ logout.php [NC]
#静态页面
重写规则^约/?$ page.php?塞= about_us [NC]
#重写到HTTPS
的RewriteCond%{} SERVER_PORT!^ 443 $ [OR]
的RewriteCond%{} HTTPS关闭
的RewriteCond%{REQUEST_URI} /登录[OR]
的RewriteCond%{REQUEST_URI} /do_login.php
重写规则^ HTTPS(*)://%{HTTP_HOST}%{REQUEST_URI} [R = 301,NC,L,QSA]
(因为是休假协议)#不做任何事的图像/ CSS / JS
。重写规则\(?GIF | JPE G | PNG | ICO | CSS | JS)$ - [NC,L]
#交通到http://除了一些网页
的RewriteCond%{SERVER_PORT} ^ 443 $ [OR]
的RewriteCond%{} HTTPS上
的RewriteCond%{REQUEST_URI}!(/登录| /do_login.php)
(。*)^重写规则的http:// {%HTTP_HOST}%{REQUEST_URI} [R = 301,NC,L,QSA]
注意:的 这里
完成的.htaccess
文件
请告诉我,我错了/失踪?
我也有几个比较迷惑
- 如果我改变重写URL的情况下(登录或登录或登录),那么它给出错误?
- 这是很好的做法写 [NC,L] 所有
重写规则
? - 究竟何时我应该写的 [QSA] ?
更新
在所有的答案的建议,更改重写规则
几乎所有的固定问题但是现在还有最后一个问题。
-
/登录
URL总是改为/login.php
。
下面是我更新的的.htaccess
IndexIgnore *
选项-MultiViews
选项+的FollowSymLinks
#mod_rewrite
RewriteEngine叙述上
的RewriteBase /
#重写WWW非WWW
的RewriteCond%{HTTP_HOST} ^ WWW。%{HTTP_HOST} [NC]
(。*)重写规则^ $的http://%{HTTP_HOST} / $ 1 [R = 301,L]
#尽量减少对所有HTTP的CSS://页
< IfModule mod_rewrite.c>
的RewriteCond%{} HTTPS关闭
重写规则^(。*)。CSS $ /csszip.php?file=$1.css [L]
< / IfModule>
#switch通过http到https
#重写到HTTPS
的RewriteCond%{} SERVER_PORT!^ 443 $ [OR]
的RewriteCond%{} HTTPS关闭
的RewriteCond%{REQUEST_URI}(/login|/do_login)\.php [NC]
(。*)重写规则^ https://开头%{HTTP_HOST}%{REQUEST_URI} [R = 301,L]
(因为是休假协议)#不做任何事的图像/ CSS / JS
。重写规则\(?GIF | JPE G | PNG | ICO | CSS | JS)$ - [NC,L]
#交通到http://除了一些网页
的RewriteCond%{SERVER_PORT} ^ 443 $ [OR]
的RewriteCond%{} HTTPS上
的RewriteCond%{REQUEST_URI}(/登录| / do_login)!\ PHP [NC]。
(。*)重写规则^ HTTP://%{HTTP_HOST}%{REQUEST_URI} [R = 301,L]
的RewriteCond%{} REQUEST_FILENAME!-f
的RewriteCond%{} REQUEST_FILENAME!-d
重写规则^登录/?$的login.php [NC]
重写规则^登记/?$ register.php [NC]
#......许多其他的规则与...... [NC] falg
重写规则^拍卖/类/([^/.]+)/?$ bids.php?CID = $ 1 [NC]
重写规则^约/?$ page.php?塞= about_us [NC]
#...更多规则与.... [NC]标志
HTTPS建议
有关你的HTTPS的问题,我会匹配端口或HTTPS作为有已知的与该HTTPS标签apache的问题。
要覆盖本场比赛双方(如在编辑答案)
的RewriteCond%{} SERVER_PORT!^ 443 $ [OR]
的RewriteCond%{} HTTPS!=上
##重写规则
的RewriteCond%{SERVER_PORT} ^ 443 $ [OR]
的RewriteCond%{} HTTPS = ON
##重写规则
一个正确的观点也是%{REQUEST_URI}
不受任何替换。
这就是你正在使用它的那一刻,如果任何规则相匹配,您将它们发送到原来的网址(任何替代开始前)。
如果你想利用URL后的字符串替换和匹配使用 $ 1
解答您的进一步的问题
如果我改变重写URL的话,那么它给出错误?
这是因为你的 [NC]
是不是就重写COND为您的.htaccess的HTTPS部分
您匹配的RewriteCond%{REQUEST_URI} /登录[OR]
这是只想找一个较低的情况下登录,如果你想接受大写登录追加NC。
这是很好的做法写[NC,L]所有重写规则?
没有,这取决于你想做什么 [NC]
表示,不匹配的情况下这个规则,如果你不想匹配的情况下,在该< STRONG>规则(或状态),然后将其添加。
不匹配与的情况下,[NC]
表示site.com/login.php = sYte.cOm/LoGin.PHP
[L]
表示,如果这是真的,停止处理一切
究竟何时我应该写[QSA]
QSA适用于当你有一个?在替代和要追加脚趾老的字符串到新的URL
请考虑以下规则:
重写规则/pages/(.+)/page.php?page=$1 [QSA]
随着 [QSA]
标记,对于请求/网页/ 123呢?一个=两个
将被映射以 /page.php?page=123&one=two
。如果没有[QSA]标志,同样的请求将被映射到 /page.php?page=123
- 也就是说,现有的查询字符串将是放弃
不要使用QSA,如果你想为保存任何额外获得的参数。
另一个进一步的问题
/登录网址总是变成/login.php
要做到这一点的唯一方法是,如果你有一个重定向 [R = 301]
放在你的code,我可以看到的唯一地方是本部分内容:
#重写到https
的RewriteCond%{} SERVER_PORT!^ 443 $ [OR]
的RewriteCond%{} HTTPS!=上
的RewriteCond%{REQUEST_URI}(/login|/do_login)\.php [NC]
(。*)重写规则^ https://开头%{HTTP_HOST}%{REQUEST_URI} [R = 301,L]
如果本会的仅符合以下网址
.PHP,/login.php,/do_login.php
我认为罪魁祸首是我在与第一反应概述%{REQUEST_URI}
您code基本上是说,如果这些条件得到满足,将它们发送到 https://开头theurltheywentto ,这是不是你想要做什么,你想送他们到/登录
您是否尝试过使用(正如我在HTTPS部分)
重写规则^(*)的https://%{HTTP_HOST} /登录[R = 301,L]
也许(如果您有/ do_login)等选项
重写规则^ PHP HTTPS(*)://%{HTTP_HOST} / $ 1 [R = 301,L]
在哪里test.com/do_login.php将成为 https://test.com/do_login
怎么样,你试试:
#重写到https
的RewriteCond%{REQUEST_URI}(/login|/do_login)\.php [NC]
的RewriteCond%{} HTTPS!=上
(*)。重写规则^ \ PHP中的https://%{HTTP_HOST} / $ 1 [R = 301,L]
I write a lot of RewriteRule in my .htaccess
file , but problem occurs when I switch from https to http pages; it does not follow these rules
NOTE : everything working fine on localhost , issues are on server <---- UPDATE
Here is my website , currently all links display as per RewriteRule*
for e.g. about us page link display as
http://www.mywebsite.com/about
BUT
if I am at login page
( which is on https
) and click on about us page then it turns into below.
http://www.mywebsite.com/about?slug=about_us
or if I click on any category on left panel then it comes as
http://www.mywebsite.com/auction/category/1?cid=1
Note : even mouse hovering on pages display rewrite link
below is .htaccess
file with needed information.
IndexIgnore *
RewriteEngine on
Options +FollowSymLinks
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^auction/category/([0-9]+)/?$ bids.php?cid=$1 [NC]
RewriteRule ^login/?$ login.php [NC]
RewriteRule ^register/?$ register.php [NC]
RewriteRule ^logout/?$ logout.php [NC]
# static pages
RewriteRule ^about/?$ page.php?slug=about_us [NC]
# Rewrite to https
RewriteCond %{SERVER_PORT} !^443$ [OR]
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} /login [OR]
RewriteCond %{REQUEST_URI} /do_login.php
RewriteRule ^(.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,NC,L,QSA]
# don't do anything for images/css/js (leave protocol as is)
RewriteRule \.(gif|jpe?g|png|ico|css|js)$ - [NC,L]
# traffic to http:// except some pages
RewriteCond %{SERVER_PORT} ^443$ [OR]
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !(/login|/do_login.php)
RewriteRule ^(.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,NC,L,QSA]
Note : Here
is complete .htaccess
file
Please tell me where I am wrong/missing ?
I Also have few more confusion
- If i change the case of rewrite URL ( Login or lOgin or logiN ) then it gives error?
- Is it good practice to write [NC,L] with all
RewriteRule
? - Exactly when I should write [QSA] ?
UPDATE
After suggestions from all answers, changing in RewriteRule
almost fixed all issue but now there is one last issue.
/login
URL always changed into/login.php
.
below is my updated .htaccess
IndexIgnore *
Options -MultiViews
Options +FollowSymLinks
#mod_rewrite
RewriteEngine on
RewriteBase /
# Rewrite www to non www
RewriteCond %{HTTP_HOST} ^www.%{HTTP_HOST} [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]
# minimize the css on all http:// pages
<IfModule mod_rewrite.c>
RewriteCond %{HTTPS} off
RewriteRule ^(.*).css$ /csszip.php?file=$1.css [L]
</IfModule>
#switch over http to https
# Rewrite to https
RewriteCond %{SERVER_PORT} !^443$ [OR]
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} (/login|/do_login)\.php [NC]
RewriteRule ^(.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# don't do anything for images/css/js (leave protocol as is)
RewriteRule \.(gif|jpe?g|png|ico|css|js)$ - [NC,L]
# traffic to http:// except some pages
RewriteCond %{SERVER_PORT} ^443$ [OR]
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !(/login|/do_login)\.php [NC]
RewriteRule ^(.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^login/?$ login.php [NC]
RewriteRule ^register/?$ register.php [NC]
# ...many other rules...with [NC] falg
RewriteRule ^auction/category/([^/.]+)/?$ bids.php?cid=$1 [NC]
RewriteRule ^about/?$ page.php?slug=about_us [NC]
# ...many more rules.... with [NC] flag
HTTPS suggestion
For your HTTPS issue I would match on port or HTTPS as there are known apache problems relating to the HTTPS tag.
To cover this match on both (as shown in your edited answer)
RewriteCond %{SERVER_PORT} !^443$ [OR]
RewriteCond %{HTTPS} != on
##REWRITE RULE
RewriteCond %{SERVER_PORT} ^443$ [OR]
RewriteCond %{HTTPS} = on
##REWRITE RULE
A valid point is also that %{REQUEST_URI}
isn't affected by any substitutions.
The way you are using it at the moment, if any rule matches you will send them to the original url (before any substitution started).
If you want to take the url after and substition and matching use $1
Answers to your further questions:
If I change the case of rewrite URL then it gives error?
This is because your [NC]
isn't on the rewrite cond for the HTTPS section of your .htaccess
You match RewriteCond %{REQUEST_URI} /login [OR]
this is only looking for lower case login, if you want to accept uppercase login append NC.
Is it good practice to write [NC,L] with all RewriteRule?
No, it depends what you want to do [NC]
says don't match case on this rule, if you don't want to match case on that rule (or condition) then add it.
Not matching the case with [NC]
means site.com/login.php = sYte.cOm/LoGin.PHP
[L]
means if this is true, stop processing everything
Exactly when I should write [QSA] ?
QSA applies when you have a ? in your substitution and you want to append toe old string to the new URL
Consider the following rule:
RewriteRule /pages/(.+) /page.php?page=$1 [QSA]
With the [QSA]
flag, a request for /pages/123?one=two
will be mapped to /page.php?page=123&one=two
. Without the [QSA] flag, that same request will be mapped to /page.php?page=123
- that is, the existing query string will be discarded.
Do use QSA if you want to keep any additional get arguments.
Another further question
/login URL always changed into /login.php
The only way for this to happen is if you have a redirect [R=301]
somewhere in your code, the only place I can see that is this section:
# Rewrite to https
RewriteCond %{SERVER_PORT} !^443$ [OR]
RewriteCond %{HTTPS} != on
RewriteCond %{REQUEST_URI} (/login|/do_login)\.php [NC]
RewriteRule ^(.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Where this will only match the following URL's
.php, /login.php, /do_login.php
I believe the culprit is as I outlined in the first response with %{REQUEST_URI}
Your code essentially says, if these conditions are met, send them to https://theurltheywentto, which is not what you want to do, you want to send them to /login.
Have you tried using (as mentioned in my https section)
RewriteRule ^(.*) https://%{HTTP_HOST}/login [R=301,L]
Or perhaps (if you have /do_login) and other options
RewriteRule ^(.*).php https://%{HTTP_HOST}/$1 [R=301,L]
Where test.com/do_login.php will become https://test.com/do_login
How about you try:
# Rewrite to https
RewriteCond %{REQUEST_URI} (/login|/do_login)\.php [NC]
RewriteCond %{HTTPS} != on
RewriteRule ^(.*)\.php https://%{HTTP_HOST}/$1 [R=301,L]
这篇关于重写规则违反而从HTTPS切换到HTTP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!