通过HTTPS强制一些页面，而将其他页面强制为HTTP ...是否可能？ [英] Force some pages over HTTPS and others to HTTP... is it possible?

问题描述

我真的被困在这个......

I'm really stuck on this one...

基本上，我正在尝试使用IIS的URLRewrite插件在SSL上创建2个页面。但我还需要强制所有其他页面到HTTP（叹气 - 不要问）。

Basically, I'm trying to make 2 pages always over SSL using the URLRewrite add-on for IIS. But I also need to force all other pages to HTTP (sigh - don't ask).

但如果我通过HTTP强制其他页面，那么当你查看SSL时页面你会得到安全警告。我试图通过检查HTTP_REFERER是否是SSL页面来解决这个问题，然后让它通过SSL发送给该页面。这不起作用，因为如果有人点击SSL页面上的链接，那么它将保持SSL。

But if I force other pages over HTTP, then when you view the SSL page you'll get the security warning. I tried to solve this by checking if the HTTP_REFERER is the SSL page then let it be sent over SSL for that page only. This doesn't work because if someone clicks a link on the SSL page then it will stay over SSL.

这是否可能？...

到目前为止这是我所得到的：

This is as far as I got so far:

<rewrite>
    <rules>
        <rule name="Force HTTPS Login" stopProcessing="true">
            <match url="(.+)login.aspx" />
            <conditions>
                <add input="{HTTPS}" pattern="^OFF$" />
            </conditions>
            <action type="Redirect" url="https://{HTTP_HOST}/{R:0}" redirectType="Permanent" />
        </rule>
        <rule name="Force HTTPS Payments" stopProcessing="true">
            <match url="(.+)payments.aspx" />
            <conditions>
                <add input="{HTTPS}" pattern="^OFF$" />
            </conditions>
            <action type="Redirect" url="https://{HTTP_HOST}/{R:0}" redirectType="Permanent" />
        </rule>
        <rule name="Others Force HTTP" stopProcessing="true">
            <match negate="true" url="((.+)login.aspx|(.+)payments.aspx)" />
            <conditions>
                <add input="{HTTPS}" pattern="^ON$" />
                <add input="{HTTP_REFERER}" negate="true" pattern="(.+)login.aspx" />
                <add input="{HTTP_REFERER}" negate="true" pattern="(.+)payments.aspx" />
            </conditions>
            <action type="Redirect" url="http://{HTTP_HOST}/{R:0}" redirectType="Permanent" />
        </rule>
    </rules>
</rewrite>

更新：找到这篇文章：仅在某些页面上使用.htaccess 将http重写为https 。自2010年3月以来没有答案......！

UPDATE: Found this article: Rewrite http to https on some pages only using .htaccess. No answer since March 2010...!

推荐答案

所以我最终做的是：

1. 为需要它的页面强制使用HTTPS。


2. 强制所有其他页面为HTTP，但页面除外在＃1点和这些页面上引用的/ styles和/ images文件夹中。

由于页面使用相对路径，它们分别通过HTTP / HTTPS自动使用样式/图像。

Since the pages use relative paths, they automatically use the styles/images over HTTP/HTTPS respectively.

<rewrite>
    <rules>
        <rule name="Force HTTPS Login" stopProcessing="true">
            <match url="(.*)/login.aspx" />
            <conditions>
                <add input="{HTTPS}" pattern="^OFF$" />
            </conditions>
            <action type="Redirect" url="https://{HTTP_HOST}/{R:0}" redirectType="Permanent" />
        </rule>
        <rule name="Others Force HTTP" stopProcessing="true">
            <match url="(((.*)/login.aspx)|((.*)/styles(.*))|((.*)/images(.*)))" negate="true" />
            <conditions>  
                <add input="{HTTPS}" pattern="^ON$" />
            </conditions>
            <action type="Redirect" url="http://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
        </rule>
    </rules>
</rewrite>

这篇关于通过HTTPS强制一些页面，而将其他页面强制为HTTP ...是否可能？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！