如何强制网站SSL下要浏览的某些部分？ [英] How to force certain sections of the website to be browsed under SSL?

问题描述

在我们网站的某些部分或页面处理敏感的用户或帐户信息。我想强制用户浏览HTTPS下这些页面。而其他网页公开内容应根据HTTP使用。我正打算在安装IIS URL重写模块和编写规则以实现这一目标。我不知道如何写在web.config中的规则重定向。

On our website certain sections or pages deal with sensitive user or account information. I want to force the users to browse those pages under HTTPS. Whereas other pages with public content should be available under HTTP. I was planning to install url Rewrite module on IIS and write rules to achieve this. I am not sure how to write the rules in web.config for redirection.

服务器：IIS 7.5

Server: IIS 7.5

根据SSL页面示例：

1. mywebsite.com.au/login

1. mywebsite.com.au/login

mywebsite.com.au/login /

mywebsite.com.au/login/

所有不上面指定的URL模式来下的页面应该只在HTTP浏览。

All the pages that do not come under the URL pattern specified above should be browsed under http only.

推荐答案

下面我去实现，实现了基于HTTP> HTTPS和https-> HTTP重定向服务器的重写规则。请注意，基于HTTP> HTTPS重定向，你也必须为从http CSS，JS和图像文件的请求重定向到HTTPS，否则浏览器可能会拒绝执行这些文件。

Here goes the rewrite rules I implemented to achieve the http->https and https->http redirection. Please note that on http->https redirection, you also have to redirect the request for css, js and images files from http to https otherwise the browser might decline to execute these files.

<一个href=\"http://forums.iis.net/p/1222318/2097272.aspx?Re%20How%20to%20force%20certain%20urls%20of%20an%20website%20to%20be%20browsed%20under%20SSL%20using%20urlRewrite%20\"相对=nofollow>您还可以检查IIS论坛的讨论。

<rewrite>
    <rules>
        <rule name="HTTPS to HTTP redirect" stopProcessing="true">
            <match url="(.*)" />
            <conditions>
                <add input="{HTTPS}" pattern="ON" />
                <add input="{URL}" pattern="^/login" negate="true" />
                <add input="{URL}" pattern="^/member" negate="true" />
                <add input="{URL}" pattern="^/(.*)(.js|.css|.png|.jpg|.woff)" negate="true" />
            </conditions>
            <action type="Redirect" redirectType="Permanent" url="http://{HTTP_HOST}/{R:1}" />
        </rule>
        <rule name="HTTP to HTTPS redirect login" stopProcessing="true">
            <match url="^login" />
            <conditions>
              <add input="{HTTPS}" pattern="OFF" />
            </conditions>
            <action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/login/" />
        </rule>
        <rule name="HTTP to HTTPS redirect member" stopProcessing="true">
            <match url="^member/(.*)" />
            <conditions>
              <add input="{HTTPS}" pattern="OFF" />
            </conditions>
            <action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/member/{R:1}" />
        </rule>
        <rule name="HTTP to HTTPS redirect resources" stopProcessing="true">
            <match url="http://(.*)(.css|.js|.png|.jpg|.woff)" />
            <conditions>
              <add input="{HTTPS}" pattern="ON" />
            </conditions>
            <action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/{R:1}{R:2}" />
        </rule>         
    </rules>
</rewrite>

这篇关于如何强制网站SSL下要浏览的某些部分？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！