如何强制用户通过HTTPS而不是HTTP访问我的页面? [英] How can I force users to access my page over HTTPS instead of HTTP?
问题描述
我只有一个页面要强制作为HTTPS页面访问(Apache上的PHP)。如何在不使整个目录需要HTTPS的情况下执行此操作?或者,如果您从HTTP页面向HTTPS页面提交表单,它是通过HTTPS而不是HTTP发送的吗?
I've got just one page that I want to force to be accessed as an HTTPS page (PHP on Apache). How do I do this without making the whole directory require HTTPS? Or, if you submit a form to an HTTPS page from an HTTP page, does it send it by HTTPS instead of HTTP?
以下是我的示例:
http://www.example.com/some-page.php
我希望它只能通过以下方式访问:
I want it to only be accessed through:
https://www.example.com/some-page.php
当然,我可以把所有的链接到这个页面指向HTTPS版本,但这并不能阻止一些傻瓜故意通过HTTP访问它...
Sure, I can put all of the links to this page pointed at the HTTPS version, but that doesn't stop some fool from accessing it through HTTP on purpose...
我认为有一件事是重定向在PHP文件的标题中检查以确保它们正在访问HTTPS版本:
One thing I thought was putting a redirect in the header of the PHP file to check to be sure that they are accessing the HTTPS version:
if($_SERVER["SCRIPT_URI"] == "http://www.example.com/some-page.php"){
header('Location: https://www.example.com/some-page.php');
}
但这不是正确的方法,可以吗?
But that can't be the right way, can it?
BTW,请不要注意URL。我知道如果它实际上是一个有购物车等的页面,你会以不同的方式做到这一点。您可以将其视为一个网站,该网站以一个价格销售一件商品,您可以在其中输入您的信用卡信息,然后将其提交到外部网站上的支付网关,以便明确向您的卡收费一次。
BTW, please pay no attention to the URL. I know that if it were actually a page where there was a shopping cart, etc., you would do it a different way. Think of it as a page from a site that sells one item for one price where you type in your credit card info to be submitted to a payment gateway on an external site for the express purpose of charging your card one time.
推荐答案
我以前做过的方式基本上就像你写的那样,但没有任何硬编码值:
The way I've done it before is basically like what you wrote, but doesn't have any hardcoded values:
if($_SERVER["HTTPS"] != "on")
{
header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
exit();
}这篇关于如何强制用户通过HTTPS而不是HTTP访问我的页面?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
