尽管缺少重写规则,子域名仍重定向到 HTTPS

尽管缺少重写规则,子域名仍重定向到 HTTPS

我有一个域名为 staging.example.com,出于测试目的,我想在不使用 HTTPS 的情况下运行它。主域名 (example.com) 确实使用 SSL。

我正在尝试找到一个重写规则,它将转发到主域的 HTTPS,但不转发子域(www. 除外)。

目前,我已通过从虚拟主机文件中删除所有可以找到的重写规则并访问域和子域进行了测试。尽管再次对两个虚拟主机文件运行 a2ensite 并运行 sudo service apache2 reload 和 sudo service apache2 restart,但浏览器仍被重定向到子域和主域上的 HTTPS。

还有其他地方可能发生这种重定向吗?这是我的虚拟主机:

<VirtualHost *:80>
        ServerAdmin [email protected]
        ServerName example.com
        ServerAlias www.example.com
        DocumentRoot /srv/www/example.com/public_html/example/example-production/current/public

        Options Indexes FollowSymLinks Includes ExecCGI
        <Directory /srv/www/example.com/public_html/example/example-production/current/public>
                Allow from all
                Options -MultiViews -Indexes
        </Directory>

        ErrorLog /srv/www/example.com/public_html/example/example-production/current/log/error.log
        CustomLog /srv/www/example.com/public_html/example/example-production/current/log/access.log combined
        <Location />


    </Location>
</VirtualHost>

<VirtualHost *:443>
        ServerName example.com
        ServerAlias www.example.com
        DocumentRoot /srv/www/example.com/public_html/example/example-production/current/public
        ErrorLog /srv/www/example.com/public_html/example/example-production/current/log/error.log

        SSLEngine On
        SSLCertificateFile /etc/apache2/ssl/certs/example.com.crt
        SSLCertificateKeyFile /etc/apache2/ssl/certs/example.com.key
        SSLCACertificateFile /etc/apache2/ssl/certs/example.com.intermediate.crt
        SSLOptions +StrictRequire
Header set Strict-Transport-Security "max-age=16070400; includeSubDomains"
        CustomLog /var/log/apache2/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


</VirtualHost>

暂存子域名如下:

<VirtualHost *:80>

        ServerName staging.example.com
        DocumentRoot /srv/www/example.com/public_html/example/example-staging/current/public
        <Directory /srv/www/example.com/public_html/example/example-staging/current/public>
                Allow from all
                Options -Multiviews
        </Directory>

</VirtualHost>

答案1

Header set Strict-Transport-Security "max-age=16070400; includeSubDomains"

您的浏览器正在遵守它,包括includeSubDomains

相关内容