强制HTTPS通过HTTP [英] Forcing HTTPS over HTTP

问题描述

所以，我想强制用户访问我页面的HTTPS版本，而不是HTTP。而根据这发布的所有我需要做的是这样的：

So I want to force the user to access the https version of my page rather than the http. And according to this post all I have to do is this:

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

不过的我的的网站所在的主目录中的文件夹中，因此它在 www.domain.com/Folder 。因此，应将此htaccess的code往里走主目录或子目录中。因为我不想改变的方式接入的主要场所，只有文件夹。

But MY site resides in a folder within the main directory, so it's in www.domain.com/Folder. So should this htaccess code go inside the main directory or in the subdirectory. Because I do not want to change the way the access the main site, only the folder.

推荐答案

您可以将它留在根目录，但将其更改为：

You can leave it in the root directory but change it to:

RewriteRule ^(your-directory/.*)$ https://www.yourdomain.com/$1 [R,L]

请记住，虽然，重定向发生之前，饼干和查询参数与可能的敏感数据已经明文形式发送的，所以记得要使用的安全cookie属性附加伤害如果你使用Cookie。

Keep in mind, though, that before the redirect happens, the cookies and query parameters with possibly sensitive data has already been sent in clear text, so remember to use the secure cookie atribute if you use cookies.

这篇关于强制HTTPS通过HTTP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！