Amazon AWS 307响应和永久重定向到HTTPS [英] Amazon AWS 307 response and permanent redirect to HTTPS

问题描述

我有一个来自GoDaddy的域，其中包含用于管理DNS记录的AWS Route53. Route53将请求发送到负载均衡器.

I have a domain from GoDaddy, with AWS Route53 for managing DNS records. Route53 sends request to a load-balancer.

对于Web服务器，我有一个负载平衡器，它将请求路由到单个(现在)EC2实例，而EC2实例中的Nginx获取请求并将响应发送给客户端.

For webserver I have a load-balancer that routes requests to a single (for now) EC2 instance and the nginx in EC2 instance get the request and sends a response to the client.

问题是，当我使用http://执行请求时，AWS使用307 Internal Redirect响应将请求重定向到域的https://版本.响应对象也具有Non-Authoritative-Reason: HSTS标头.

The problem is that when I use http:// to perform a request, AWS redirects requests to the https:// version of the domain with 307 Internal Redirect response. The response object has Non-Authoritative-Reason: HSTS header as well.

出了什么问题，重定向请求是哪个组件?

What's the problem and which component is redirect requests?

推荐答案

它们都不是组件.

这不是来自AWS的东西，而是浏览器.这是浏览器正在生成的内部重定向，与HSTS相关... HTTP严格传输安全性.

This isn't anything from AWS... it's the browser. It's an internal redirect the browser is generating, related to HSTS... HTTP Strict Transport Security.

如果您现在不这样做，那么大概是在过去，您已经在该域的响应中生成了Strict-Transport-Security:标头，并且浏览器已经记住了这一事实，从而可以防止您不安全地访问该网站，按计划进行.

If you aren't doing it now, then presumably, in the past, you've generated a Strict-Transport-Security: header in responses from this domain, and the browser has remembered this fact, preventing you from accessing the site insecurely, as it is intended to do.

这篇关于Amazon AWS 307响应和永久重定向到HTTPS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！