问题描述
我试图让一个登录页面重定向到https和所有其他网页恢复到标准的HTTP。当我有/登录的地址,它显示为/index.php?page=login,而不是一个安全的页面上显示。
.htaccess中code的问题如下:
的RewriteCond%{} SERVER_PORT 80
的RewriteCond%{REQUEST_URI} ^ /登录$
重写规则^ $ HTTPS(*)://%{HTTP_HOST}%{REQUEST_URI} [R = 301,QSA,L]
的RewriteCond%{REQUEST_URI}!^ /登录$
的RewriteCond%{} SERVER_PORT 443
(。*)重写规则^ $的http://%{HTTP_HOST}%{REQUEST_URI} [R = 301,QSA,L]
重写规则^([A-ZA-Z0-9 _ \ - \(\)] +)?[/] $ /index.php?page=$1
这也许是更好的在应用层面做到这一点,那就是,发送登录链接作为HTTPS直接链接。
通过重定向从HTTP到HTTPS的问题是,客户端首先使通过纯HTTP请求。在情况下它一定会到HTTPS初始页面,它不一定是一个问题,但如果您发送真实透明地重定向到HTTPS页面的HTTP请求的凭据,他们会一直反正泄露。
I'm trying to get a login page to redirect to https and all other pages revert to standard http. When I have /login as the address, it shows up as /index.php?page=login and isn't displayed on a secure page.
The htaccess code in question is below :
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} ^/login$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L]
RewriteCond %{REQUEST_URI} !^/login$
RewriteCond %{SERVER_PORT} 443
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L]
RewriteRule ^([a-zA-Z0-9_\-\(\)]+)[/]?$ /index.php?page=$1
It's probably better to do this at the application level, that is, send the "login" link as an HTTPS link directly.
The problem with redirects from HTTP to HTTPS is that the client first makes the request over plain HTTP. In the case where it's only going to the HTTPS initial page, it's not necessarily a problem, but if you send the credentials in an HTTP request that's transparently redirected to an HTTPS page, they'll have been leaked anyway.
这篇关于如何在htaccess的我可以将用户重定向到https从http,然后再返回的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!