使用.htaccess和mod_rewrite强制SSL / https [英] Force SSL/https using .htaccess and mod_rewrite
问题描述
如何使用PHP中特定的.htaccess和mod_rewrite页面强制使用SSL / https。
How can I force to SSL/https using .htaccess and mod_rewrite page specific in PHP.
推荐答案
对于Apache,你可以使用 mod_ssl 使用 SSLRequireSSL指令 :
For Apache, you can use mod_ssl to force SSL with the SSLRequireSSL Directive:
除非为当前连接启用HTTP over SSL(即HTTPS),否则此指令禁止访问。这在启用SSL的虚拟主机或目录中非常方便,可以防止暴露应该受保护的内容的配置错误。如果存在此指令,则拒绝所有未使用SSL的请求。
This directive forbids access unless HTTP over SSL (i.e. HTTPS) is enabled for the current connection. This is very handy inside the SSL-enabled virtual host or directories for defending against configuration errors that expose stuff that should be protected. When this directive is present all requests are denied which are not using SSL.
但这不会重定向到https。要重定向,请使用 mod_rewrite
This will not do a redirect to https though. To redirect, try the following with mod_rewrite in your .htaccess file
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
或
- http://www.askapache.com/htaccess/http-https-rewriterule-redirect.html
如果您的提供商已禁用.htaccess,您也可以在PHP内部解决此问题(由于您提出要求,这是不可能的,但无论如何)
You can also solve this from within PHP in case your provider has disabled .htaccess (which is unlikely since you asked for it, but anyway)
if (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] !== 'on') {
if(!headers_sent()) {
header("Status: 301 Moved Permanently");
header(sprintf(
'Location: https://%s%s',
$_SERVER['HTTP_HOST'],
$_SERVER['REQUEST_URI']
));
exit();
}
}
这篇关于使用.htaccess和mod_rewrite强制SSL / https的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
