IP地址不支持HTTP严格传输安全性 [英] HTTP Strict Transport Security not respected for IP addresses
本文介绍了IP地址不支持HTTP严格传输安全性的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我使用nginx为IP地址设置了一个证书,并启用了http严格传输安全性:
I set up a cert for an IP address with nginx, and enabled http strict transport security:
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
指令位于标题中
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 17 Sep 2014 22:46:54 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-UA-Compatible: IE=Edge,chrome=1
...但是浏览器并不尊重它(相反,它们对于FQDN如此).
... but it's not respected by the browsers (instead they do for FQDN).
推荐答案
如果我对您的理解正确,那么您将浏览器定向到IP地址(https://xx.xx.xx.xx/)而不是域名,并希望它遵循HSTS规则?
If I understand you correctly, you direct you browser to IP address (https://xx.xx.xx.xx/) instead of domain name and expect it to obey HSTS rule?
但是 RFC 6797附录A 明确排除IP地址:
But RFC 6797 Appendix A explicitly exclude IP addresses:
HSTS主机仅通过域名标识-排除所有形式的显式IP地址标识.
HSTS Hosts are identified only via domain names -- explicit IP address identification of all forms is excluded.
这篇关于IP地址不支持HTTP严格传输安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
