HTTP重定向到HTTPS的一页 [英] Redirect HTTP to HTTPS for one page

问题描述

我知道这个问题已经被问得要命，但由于某些原因，指出我读过的20个职位中，没有什么是正常工作对我来说，希望有人能摆脱一些见解。

I know this issue has been asked to death, but for some reason, out of the 20 posts that I've read, nothing is working properly for me and hopefully someone could shed some insight.

基本上，我有一个简单的购物车，在这里我想重定向2的URI到HTTPS，我的结帐页面，我的管理文件夹：

Basically, I have a simple shopping cart, where I want to redirect 2 uri's to HTTPS, my checkout page, and my admin folder:

/checkout
/admin

我可以成功地重定向到HTTPS版本结账以下code：

I can successfully redirect to the HTTPS version for checkout with the following code:

RewriteEngine On
#https
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^checkout https://palatinehillsestatewinery.com/checkout [R=301,L]

# remove index.php, this is just included to show everything in my .htaccess
RewriteCond $1 !\.(gif|jpe?g|png)$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteRule ^(.*)$ /index.php/$1 [L]

我发现这和所有其他解决方案的问题是，一旦我决定回去到一个网页，不应该是HTTPS，该网址保持HTTPS。

The problem I've found with this and all other solutions, is that once I decide to go back to a page that shouldn't be HTTPS, the url stays HTTPS.

我一直在摸索着循环等。

I've been fumbling with loops etc.

如果有人可以帮助重定向到HTTPS的只是这两个网页，然后HTTP上的所有其他网页，这将是一个很大的帮助，很多AP preciated。

If anyone could help with redirecting to HTTPS on just these 2 pages, and then http on all other pages, that would be a great help and much appreciated.

推荐答案

这是不是直接回答你的问题，但我觉得我把它作为一个答案（再加上它过大后的评论）。

This is not answering your question directly, but I feel I put it as an answer (plus it is too big to post as a comment).

我的建议是：请停止与htaccess的打了这样的任务（力几个URL使用HTTPS和力其余使用HTTP）

My advice: please stop playing with htaccess for this kind of task (force few URLs to use HTTPS and force the rest to use HTTP).

最好的办法是为生成完整的网址作为所有链接（网页，而不是资源），其中，URL包括域名和协议。在这种情况下，所有的URL都会有正确的协议（HTTP / HTTPS）直线距离。当然：你仍然可以修复（301或302重定向）请求以应该要被-HTTPS，如果他们（一些奇怪的原因）是通过HTTP请求。这就是htaccess的可以安全且容易地使用。

The best way is to generate FULL URLs for all links (pages, not resources), where URL includes domain name and protocol. In this case all URLs will have proper protocol (HTTP/HTTPS) straight away. Of course: you can still fix (301 or 302 redirect) requests to supposed-to-be-https if they (for some strange reason) are requested via HTTP. That's where .htaccess can be safely and easily used.

如果用户将请求正常的页面通过HTTPS（应该是通过HTTP） - 然后让他做到这一点 - 没有什么不妥。是的 - HTTPS需要在服务器端多一点资源，但是如果产生这种方式的各个环节，将有几乎没有这种情况下，除非用户的专门修改协议。即使这样的一个页面将通过HTTPS提供，下一个正常的链接，他点击将HTTP - 1额外的基于HTTPS的页面视图不会杀了你的服务器

If user will request normal page (should be served over HTTP) via HTTPS -- then let him do it -- there is nothing wrong with that. Yes -- HTTPS requires a bit more resources on server side, but if you generate all links in such way, there will be virtually no such situations, unless user specifically changes protocol. Even if such one page will be served over HTTPS, the next "normal" link he click will be HTTP -- 1 extra HTTPS-based page view will not kill your server.

我在使用这种方法时，所有站点有安全区域的时候......并根据日志，我们有这被视为所有的页面访问量小于0.01％/试图要通过错​​误的协议看 - - 他们中的绝大多数机器人或试图破解/漏洞搜索。

I'm using this approach all the time when site is having secure area .. and based on the logs, we have less than 0.01% of ALL page views that were viewed/attempted to be viewed via "wrong" protocol -- vast majority of them were bots or attempts to hack/vulnerability search.

基于这样的统计数据，我会说 - 这是工作完美的是 - 你需要改变你code /模板位来实现这一..但它是更好比的.htaccess和mod_rewrite的搞乱。

Based on such stats I would say -- it is working perfectly. yes -- you need to alter you code/templates a bit to implement this .. but it is much better than messing with .htaccess and mod_rewrite.

在任何情况下，这里有会做的工作给你的规则：

In any case, here are the rules that would do the job for you:

# force https for all URLs in /checkout
RewriteCond %{HTTPS} =off
RewriteRule ^checkout https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# don't do anything for images/css/js
RewriteRule \.(gif|jpe?g|png|css|js)$ - [NC,L]

# force http for all other URLs that are not in /checkout
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !^/(checkout|index.php/checkout)
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# your other rules here, e.g.:
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteRule ^(.*)$ /index.php/$1 [L]

或

# force https for all URLs in /checkout
RewriteCond %{HTTPS} =off
RewriteRule ^checkout https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# do not do anything for already existing files
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule .+ - [L]

# force http for all other URLs that are not in /checkout
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !^/checkout
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# your other rules here, e.g.:
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteRule ^(.*)$ /index.php/$1 [L]

这篇关于HTTP重定向到HTTPS的一页的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！