如何强制用户通过 HTTPS 而不是 HTTP 访问我的页面? [英] How can I force users to access my page over HTTPS instead of HTTP?

问题描述

我只有一个页面要强制作为 HTTPS 页面(Apache 上的 PHP)访问.如何在不使整个目录需要 HTTPS 的情况下执行此操作?或者，如果您从 HTTP 页面向 HTTPS 页面提交表单，它是否通过 HTTPS 而不是 HTTP 发送?

I've got just one page that I want to force to be accessed as an HTTPS page (PHP on Apache). How do I do this without making the whole directory require HTTPS? Or, if you submit a form to an HTTPS page from an HTTP page, does it send it by HTTPS instead of HTTP?

这是我的例子:

http://www.example.com/some-page.php

我希望它只能通过以下方式访问:

I want it to only be accessed through:

https://www.example.com/some-page.php

当然，我可以把指向这个页面的所有链接都指向 HTTPS 版本，但这并不能阻止一些傻瓜故意通过 HTTP 访问它......

Sure, I can put all of the links to this page pointed at the HTTPS version, but that doesn't stop some fool from accessing it through HTTP on purpose...

我想到的一件事是在 PHP 文件的标题中放置一个重定向来检查以确保它们正在访问 HTTPS 版本:

One thing I thought was putting a redirect in the header of the PHP file to check to be sure that they are accessing the HTTPS version:

if($_SERVER["SCRIPT_URI"] == "http://www.example.com/some-page.php"){
  header('Location: https://www.example.com/some-page.php');
}

但这不可能是正确的方式，对吗?

But that can't be the right way, can it?

推荐答案

我之前的做法和你写的基本一样，只是没有任何硬编码值:

The way I've done it before is basically like what you wrote, but doesn't have any hardcoded values:

if($_SERVER["HTTPS"] != "on")
{
    header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
    exit();
}

这篇关于如何强制用户通过 HTTPS 而不是 HTTP 访问我的页面?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！