强制http为子域而不使用SSL [英] Force http for subdomain without SSL
问题描述
我最近移动了服务器并同时重新开发了网站。以前所有页面都是通过https提供的,我想改变这一点,所以只有购物车页面是通过https。我也想清理一下这个网址。旧网址是:
I recently moved servers and redeveloped the website at the same time. Previously all pages were served via https and I wanted to change this so only cart pages were via https. Also I wanted to clean up the url a bit. Old urls were:
https://secure.mydomain.com/onlinestore/index.php
我删除了安全前缀和子文件夹,现在它是:
and I removed the secure prefix and the subfolder so it is now:
http://www.mydomain.com/index.php
<问题是我希望点击旧链接或书签的人被重定向到新页面。我用htaccess工作了。但是,新SSL仅涵盖根域而不是安全子域。因此,如果有人点击旧链接,则会在重定向之前显示此连接不受信任。如果我将https更改为http,则工作正常。
Problem is I wanted people who clicked on old links or bookmarks to be redirected to the new page. I got this working with htaccess. However the new SSL only covers the root domain and not the secure subdomain. So if someone clicks an old link it brings up "This Connection is Untrusted" before it can redirect. Works fine if i change https to http.
所以我想知道的是,无论如何我可以在检查SSL之前强制使用http而不是https证书
希望有意义!
推荐答案
简短的回答是否定的。使用传统SSL,您的Web服务器甚至无法在证书协商发生之前查看URL。它只看到端口443上的连接并开始进行SSL协商。然后,浏览器会看到不匹配的证书并抛出异常。
The short answer is no. With conventional SSL, your web server doesn't even get to see the URL before certificate negotiation happens. It just sees a connection on port 443 and starts doing SSL negotiation. The browser then sees the mismatched cert and throws an exception.
然而,更现代的浏览器和Web服务器(参见列表的维基百科)支持名为服务器名称标识(SNI),允许客户端在服务器必须响应之前发送它请求的主机名证书。此时,您需要在该服务器上拥有secure.mydomain.com和www.mydomain.com的证书,并且需要将其配置为使用正确的证书进行响应。
However, more modern browsers and web servers (see Wikipedia for the list) support a TLS extension called Server Name Identification (SNI), which allows the client to send the hostname it's requesting before the server has to respond with a certificate. At that point you'll need to have certificates for both secure.mydomain.com and www.mydomain.com on that server, and it'll need to be configured to respond with the proper certificate.
这篇关于强制http为子域而不使用SSL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
