将一页的 HTTP 重定向到 HTTPS [英] Redirect HTTP to HTTPS for one page

问题描述

我知道这个问题已经死了，但出于某种原因，在我读过的 20 篇帖子中，没有什么适合我，希望有人能提供一些见解.

I know this issue has been asked to death, but for some reason, out of the 20 posts that I've read, nothing is working properly for me and hopefully someone could shed some insight.

基本上，我有一个简单的购物车，我想将 2 个 uri 重定向到 HTTPS、我的结帐页面和我的管理文件夹:

Basically, I have a simple shopping cart, where I want to redirect 2 uri's to HTTPS, my checkout page, and my admin folder:

/checkout
/admin

我可以使用以下代码成功重定向到 HTTPS 版本进行结帐:

I can successfully redirect to the HTTPS version for checkout with the following code:

RewriteEngine On
#https
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^checkout https://palatinehillsestatewinery.com/checkout [R=301,L]

# remove index.php, this is just included to show everything in my .htaccess
RewriteCond $1 !.(gif|jpe?g|png)$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteRule ^(.*)$ /index.php/$1 [L]

我在这个解决方案和所有其他解决方案中发现的问题是，一旦我决定返回一个不应该是 HTTPS 的页面，网址就会保持 HTTPS.

The problem I've found with this and all other solutions, is that once I decide to go back to a page that shouldn't be HTTPS, the url stays HTTPS.

我一直在摸索循环等.

如果有人可以帮助仅在这两个页面上重定向到 HTTPS，然后在所有其他页面上重定向到 http，那将是一个很大的帮助，非常感谢.

If anyone could help with redirecting to HTTPS on just these 2 pages, and then http on all other pages, that would be a great help and much appreciated.

推荐答案

这不是直接回答你的问题，但我觉得我把它作为一个答案(而且它太大了，不能作为评论发表).

This is not answering your question directly, but I feel I put it as an answer (plus it is too big to post as a comment).

我的建议:请停止使用 htaccess 执行此类任务(强制少数 URL 使用 HTTPS，强制 其余 URL 使用 HTTP).

My advice: please stop playing with htaccess for this kind of task (force few URLs to use HTTPS and force the rest to use HTTP).

最好的方法是为所有链接(页面，而不是资源)生成完整 URL，其中 URL 包括域名和协议.在这种情况下，所有 URL 都会立即具有正确的协议 (HTTP/HTTPS).当然:如果(出于某种奇怪的原因)是通过 HTTP 请求的，您仍然可以将(301 或 302 重定向)请求修复为所谓的 https.这就是可以安全轻松地使用 .htaccess 的地方.

The best way is to generate FULL URLs for all links (pages, not resources), where URL includes domain name and protocol. In this case all URLs will have proper protocol (HTTP/HTTPS) straight away. Of course: you can still fix (301 or 302 redirect) requests to supposed-to-be-https if they (for some strange reason) are requested via HTTP. That's where .htaccess can be safely and easily used.

如果用户将通过 HTTPS 请求普通页面(应该通过 HTTP 提供服务)——那么让他去做——这没有任何问题.是的 -- HTTPS 在服务器端需要更多资源，但如果您以这种方式生成所有链接，则几乎不会出现这种情况，除非用户特别更改协议.即使这样一个页面将通过 HTTPS 提供，他点击的下一个正常"链接也将是 HTTP——1 次额外的基于 HTTPS 的页面查看不会杀死您的服务器.

If user will request normal page (should be served over HTTP) via HTTPS -- then let him do it -- there is nothing wrong with that. Yes -- HTTPS requires a bit more resources on server side, but if you generate all links in such way, there will be virtually no such situations, unless user specifically changes protocol. Even if such one page will be served over HTTPS, the next "normal" link he click will be HTTP -- 1 extra HTTPS-based page view will not kill your server.

当站点具有安全区域时，我一直在使用这种方法..并且根据日志，我们通过错误"协议查看/尝试查看的所有页面视图中只有不到 0.01% -- 其中绝大多数是机器人或试图破解/漏洞搜索.

I'm using this approach all the time when site is having secure area .. and based on the logs, we have less than 0.01% of ALL page views that were viewed/attempted to be viewed via "wrong" protocol -- vast majority of them were bots or attempts to hack/vulnerability search.

基于这样的统计数据，我会说——它运行得很好.是的——你需要稍微改变你的代码/模板来实现这个......但这比搞乱要好得多.htaccess 和 mod_rewrite.

Based on such stats I would say -- it is working perfectly. yes -- you need to alter you code/templates a bit to implement this .. but it is much better than messing with .htaccess and mod_rewrite.

无论如何，以下是适合您的规则:

In any case, here are the rules that would do the job for you:

# force https for all URLs in /checkout
RewriteCond %{HTTPS} =off
RewriteRule ^checkout https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# don't do anything for images/css/js
RewriteRule .(gif|jpe?g|png|css|js)$ - [NC,L]

# force http for all other URLs that are not in /checkout
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !^/(checkout|index.php/checkout)
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# your other rules here, e.g.:
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteRule ^(.*)$ /index.php/$1 [L]

或

# force https for all URLs in /checkout
RewriteCond %{HTTPS} =off
RewriteRule ^checkout https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# do not do anything for already existing files
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule .+ - [L]

# force http for all other URLs that are not in /checkout
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !^/checkout
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# your other rules here, e.g.:
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteRule ^(.*)$ /index.php/$1 [L]

这篇关于将一页的 HTTP 重定向到 HTTPS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！