强制HTTPS为整个服务器/域 [英] Force https for entire server/domain
问题描述
我开发了一些只应通过HTTPS访问形式。我有一个专门的服务器拥有自己的证书和所有的好东西。
I am developing a number of forms which should only be accessed via https. I have a dedicated server with its own cert and all the good stuff.
所以我的问题是双重的真正:
So my question is two-fold really:
1)。什么是强迫每一个请求是HTTPS的最佳方式?难道还有比这.htacess / mod_rewrite的规则更好的方式:
1). What's the best way to force every request to be https? Is there a better way than this .htacess/mod_rewrite rule:
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
2)。是否有任何潜在的缺陷或缺点迫使一切是HTTPS,我应该考虑的问题(除开销,这似乎不是一个问题呢)?
2). Are there any potential pitfalls or downside to forcing everything to be https that I should be thinking about (other than overhead, which wouldn't seem to be an issue anyway)?
推荐答案
你有什么要细,这是我使用的:
What you have should be fine, this is what I use:
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
在研究
表示这是一个重定向,而不是重写,而→
表示重写引擎不应该执行任何更多的重写。
The R
signifies it's a redirect instead of a rewrite, and the L
indicates that the rewrite engine should not perform any more rewrites.
我最初发现这个在这里:的httpd维基
I originally found this here: Httpd Wiki
编辑:
我忘了提 SSLRequireSSL
指令,迫使所有的请求是通过HTTPS。详细信息可以在 Apache文档被发现。
I forgot to mention the SSLRequireSSL
directive that forces all requests to be over HTTPS. Details can be found in the Apache Documentation.
这篇关于强制HTTPS为整个服务器/域的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!