如何仅在指定的 XAMPP 目录上启用 SSL [英] How to enable SSL only on specified XAMPP directories

问题描述

我已经能够使用 makecert 制作一个自签名证书，该证书目前在 C://XAMPP/htdocs 中的所有目录上启用 HTTPS

I've been able to use makecert to make a self signed cert which currently enables HTTPS on all directories in C://XAMPP/htdocs

我有两个想要不同的目录，

I have two directories which I want to be different,

c:/XAMPP/htdocs/PLACEHOLDER1 
c:/XAMPP/htdocs/PLACEHOLDER2

我想知道是否可以将 SSL 范围限制在一个目录中，例如在本例中为placeholder1".

I was wondering if it'd be possible have the SSL scope limited to one directory, say in this case 'placeholder1'.

这是我第一次使用 SSL，如有任何混淆，请见谅.

It's my first time using SSL so sorry for any confusions.

推荐答案

http://robsnotebook.com/xampp-ssl-encrypt-passwords 有一些关于如何使文件夹只能通过 SSL 加密访问的好信息.它具体涵盖了这两个项目，这不是直接引用，而是要回答您的问题的本质摘录:

http://robsnotebook.com/xampp-ssl-encrypt-passwords has some good information on how to make folders accessible by SSL encryption only. It specifically covers these two items, this is not a direct quote, but is an excerpt of the essence to answer your question:

使文件夹只能通过 SSL 加密访问
首先，我们需要通知 Apache 您要加密的文件夹应该始终使用加密(并且永远不要明文加密).这是通过在配置文件中每个所需的 <Directory> 列表中放置一个 SSLRequireSSL 指令来完成的(可以将它放在最后，就在 </Directory> 之前.).

Make folders accessible with SSL encryption only
First, we need to inform Apache that the folders you want to encrypt should use always use encryption (and never go in the clear). This is accomplished by putting an SSLRequireSSL directive inside of each desired <Directory> listing in the config files (it is ok to put it at the end, just before the </Directory>).

Alias /web_folder_name "C:/xampp/foldername"
<Directory "C:/xampp/foldername">
    ...
    ...
    SSLRequireSSL
</Directory>

将某些文件夹的http"重定向到https"

下一个可选步骤是将http"请求重定向到我们想要保护的页面的https"请求.这对用户更加友好，并允许您在输入地址时仍然使用 http(并自动切换到 https://和加密).如果您不这样做，并且使用了 SSLRequireSSL，您将只能通过键入 https://来访问这些页面.这很好，可能更安全一点，但不是那么用户友好.为了完成重定向，我们将使用 mod_rewrite 以便我们不必在配置文件的这一部分中使用服务器名称.这有助于减少配置文件中写入服务器名称的位置(使您的配置文件更易于维护).

This next optional step is to redirect "http" requests to "https" requests for the pages we want to secure. This is more user friendly and allows you to still use http when you type in the address (and automatically switch to https:// and encryption). If you don’t do this, and you used SSLRequireSSL, you will only be able to access these pages by typing https://. This is fine and probably a little bit more secure, but is not so user friendly. To accomplish the redirection, we will use mod_rewrite so that we don’t have to use the server name in this part of the config file. This helps keep small the number of places in the config files where the server name is written (making your config files more maintainable).

首先，我们需要确保启用了 mod_rewrite.为此，请编辑 c:xamppapacheconfhttpd.conf 并删除此行中的注释(# 字符):

First, we need to make sure that mod_rewrite is enabled. To do this, edit c:xamppapacheconfhttpd.conf and get rid of the comment (# character) in this line:

#LoadModule rewrite_module modules/mod_rewrite.so

让它看起来像这样:

LoadModule rewrite_module modules/mod_rewrite.so

现在，将以下文本粘贴到 c:xamppapacheconfextrahttpd-xampp.conf 的顶部:

Now, paste the following text into the top of c:xamppapacheconfextrahttpd-xampp.conf:

<IfModule mod_rewrite.c>
    RewriteEngine On

    # Redirect /xampp folder to https
    RewriteCond %{HTTPS} !=on
    RewriteCond %{REQUEST_URI} xampp
    RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]

    # Redirect /phpMyAdmin folder to https
    RewriteCond %{HTTPS} !=on
    RewriteCond %{REQUEST_URI} phpmyadmin
    RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]

    # Redirect /security folder to https
    RewriteCond %{HTTPS} !=on
    RewriteCond %{REQUEST_URI} security
    RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]

    # Redirect /webalizer folder to https
    RewriteCond %{HTTPS} !=on
    RewriteCond %{REQUEST_URI} webalizer
    RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]
</IfModule>

如果您想要重定向到 https://的其他文件夹，请在下面添加通用文本(但替换您的文件夹名称):

If you have other folders you want to redirect to https://, add the generic text below (but substitute your folder name):

# Redirect /folder_name folder to https
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} folder_name
RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]

这篇关于如何仅在指定的 XAMPP 目录上启用 SSL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！