htaccess剥离www并强制SSL [英] htaccess to strip www and force SSL

问题描述

我拥有一个精心设计的.htaccess文件:

I have what I believe to be a rather well crafted .htaccess file:

RewriteEngine On

RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L,NE]

RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

这对我说将www.剥离到URL并强制使用https".除了碰巧输入 https://www.somedomain.com/的人之外，它都可以正常工作.向这些人显示警告，表明站点证书有问题.在这种情况下，似乎www不会被剥夺.

This says to me "strip the www. off the url and force https." And it works fine except for those people who happen to type in https://www.somedomain.com/. Those people are presented with a warning that there is a problem with the site certificate. It seems that the www is not getting stripped in this particular case.

推荐答案

您实际上可以将两个规则组合为一个:

You can actually combine both rules into one:

RewriteCond %{HTTP_HOST} ^www\. [NC,OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=302,L,NE]

然后确保清除浏览器缓存以进行测试.

Then make sure to clear your browser cache to test this.

不过，请记住，在调用mod_rewrite之前，Web服务器和浏览器之间的证书协商已经发生.

However just remember that certificate negotiation between web server and browser happens before mod_rewrite is invoked.

这篇关于htaccess剥离www并强制SSL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！