ASP.NET - 将所有https请求重写为http [英] ASP.NET - rewriting all https requests to http
问题描述
我的问题恰恰是提出的问题这里,我决定尝试将所有https请求重写为http。我搜索的时间很长很难但似乎没有明确的方法来实现这一点 - 请参阅这些问题(无解决方案):使用webconfig文件中的重写规则将https重定向到http ; https://stackoverflow.com/questions/15214717/ iis-rewrite-https-to-http-while-keeping-existing-https-rules
My issue is precisely the one presented here, and I've decided to try rewrite all https requests to http. I've searched long and hard but there doesn't seem to be a definitive way to achieve this - see these questions (no solutions): Redirect https to http using rewrite rule in webconfig file ; https://stackoverflow.com/questions/15214717/iis-rewrite-https-to-http-whilst-keeping-existing-https-rules
我已将重写模块添加到IIS,并尝试过web.config中的以下内容:
I've added the rewrite module to IIS, and tried the following in web.config:
<rewrite>
<rules>
<clear />
<rule name="force http" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="http://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
但它仍允许用户使用https访问非https网站(实际上访问不同的网站) )。
But it still allows the user to access a non-https site with https (essentially accessing a different site).
如何强制所有https请求成为http请求?
How do I force all https requests to be http requests?
编辑:我也尝试了所有建议的解决方案此处没有运气。 url重写模块肯定已成功安装在IIS上!
edit: I've also tried every suggested solution here with no luck. The url rewrite module is definitely successfully installed on IIS!
edit2:尝试以下操作但未成功:
edit2: Tried the following without success:
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="force http" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTPS}" pattern="on" ignoreCase="true" />
<add input="{HTTP_HOST}" pattern="^(?:www)?\.test.site\.com$"
negate="true" ignoreCase="true" />
</conditions>
<action type="Redirect" url="http://{HTTP_HOST}{REQUEST_URI}"
redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
我重新启动了IIS,重写规则反映在inetmgr中。正在加载 https://test.site.com/ 仍然使用https加载。
I restarted IIS and the rewrite rules reflect in inetmgr. Loading https://test.site.com/ still loads with https.
推荐答案
有几件事。首先,当HTTPS打开而不是关闭时,重写需要处理。其次,对于需要在HTTPS上运行的应用程序,您需要将其从重写中排除。修订后的重写规则应如下所示:
A couple of things. First the rewrite needs to process when HTTPS is on and not off. Second, for the application that needs to run over HTTPS you will need to exclude it from the rewrite. The revised rewrite rule should look something like this:
<rewrite>
<rules>
<clear />
<rule name="force http" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTPS}" pattern="on" ignoreCase="true" />
<add input="{HTTP_HOST}" pattern="^site\.com$"
negate="true" ignoreCase="true" />
</conditions>
<action type="Redirect" url="http://{HTTP_HOST}{REQUEST_URI}"
redirectType="Permanent" />
</rule>
</rules>
</rewrite>
这应该保持 https://site.com/login 在https上,所有其他URL将被重定向到http。例如, https://test.site.com/login 将重定向到 http://test.site.com/login 。这个重写规则需要放在具有HTTPS绑定的站点上才能使重写正常工作。
This should keep https://site.com/login on https and all other URL's will get redirected to http. For example, https://test.site.com/login will be redirected to http://test.site.com/login. This rewrite rule needs to be placed on the site with the HTTPS binding for the rewrite to work properly.
使用301永久重定向时请注意某些浏览器不会在后续命中时将请求发送到服务器,因此在更改规则后,需要清除浏览器缓存。网络选项卡甚至可以说谎并说出请求,但是像Fiddler或Wireshark这样的外部工具会让你知道。
Please be aware when using a 301 permanent redirect some browsers won't make the request out to the server on subsequent hits so after changing the rule a browser cache clear is required. The network tab may even lie and say the request is made but an external tool like Fiddler or Wireshark will let you know for sure.
这篇关于ASP.NET - 将所有https请求重写为http的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
