我正在使用以下内容在我的主网站上强制使用 HTTPS。
### Force SSL
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
如果您想查看完整的 htaccess 文件,我将其放在下面:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
### Blacklist via Referrers
RewriteCond %{HTTP_REFERER} removed\.net [NC,OR]
RewriteCond %{HTTP_REFERER} removed\.com [NC,OR]
RewriteCond %{HTTP_REFERER} removed\.removed\.com [NC,OR]
RewriteCond %{HTTP_REFERER} removed\.com [NC,OR]
RewriteCond %{HTTP_REFERER} removed\.net [NC,OR]
RewriteCond %{HTTP_REFERER} removed\.sx [NC,OR]
RewriteCond %{HTTP_REFERER} removed\.com [NC,OR]
RewriteCond %{HTTP_REFERER} removed\.com [NC,OR]
RewriteCond %{HTTP_REFERER} removed\.com [NC,OR]
RewriteCond %{HTTP_REFERER} removed\.com [NC,OR]
RewriteCond %{HTTP_REFERER} removed\.org [NC]
RewriteRule ^(.*)$ - [F,L]
### Force SSL
#RewriteCond %{HTTPS} !=on
#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
### Canonicalize codeigniter URLs
# If your default controller is something other than
# "welcome" you should probably change this
RewriteRule ^(welcome(/index)?|index(\.php)?)/?$ / [L,R=301]
RewriteRule ^(.*)/index/?$ $1 [L,R=301]
# Removes trailing slashes (prevents SEO duplicate content issues)
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)/$ $1 [L,R=301]
# Enforce NO www
RewriteCond %{HTTP_HOST} ^www [NC]
RewriteRule ^(.*)$ https://removed.com/$1 [L,R=301]
# Removes access to the system folder by users.
# Additionally this will allow you to create a System.php controller,
# previously this would not have been possible.
# 'system' can be replaced if you have renamed your system folder.
RewriteCond %{REQUEST_URI} ^system.*
RewriteRule ^(.*)$ /index.php/$1 [L]
# Checks to see if the user is attempting to access a valid file,
# such as an image or css document, if this isn't true it sends the
# request to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
</IfModule>
<IfModule !mod_rewrite.c>
# Without mod_rewrite, route 404's to the front controller
ErrorDocument 404 /index.php
</IfModule>
我正在努力弄清楚重定向循环是如何发生的。
更新
我没有说清楚我的 Web 服务器 (Apache) 只在端口 80 上配置了一个虚拟主机,该虚拟主机通过负载均衡器接收 HTTP 和 HTTPS 流量。负载均衡器负责处理 SSL 连接。
答案1
谢谢HBruijn 的评论,我明白了为什么我会得到重定向循环。
来自 ELB 的流量始终是 HTTP,因为它处理到用户的 HTTPS 流量,但到服务器的流量是 HTTP,所以我之前的规则将导致循环。
经过一番研究,我发现负载均衡器转发了一些有用的标头,例如X-Forwarded-Proto
。这可用于确定客户端使用的是 HTTP 还是 HTTPS,如下所示:
### Force HTTPS
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
我希望上述内容在其他人尝试强制使用 Amazon Web Services 负载均衡器后面的 HTTPS 时能够有所帮助。
答案2
无需在.htaccess
文件中执行此操作,只需设置 SSL重定向在 Apache 配置的非 SSL VirtualHost 条目中:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.example.com
Redirect permanent / https://www.example.com/
</VirtualHost>
<VirtualHost _default_:443>
ServerName www.example.com
DocumentRoot /usr/local/apache2/htdocs
SSLEngine On
# etc...
</VirtualHost>
效率更高。
此外:我最讨厌的事情,引自.htaccess 手册文件:
你应该完全避免使用 .htaccess 文件 如果你有权访问 httpd 主服务器配置文件中。使用 .htaccess 文件会降低 Apache http 服务器的速度。任何可以包含在 .htaccess 文件中的指令最好都设置在
Directory
在主 Apache 配置文件中阻止,因为它具有相同的效果,但性能更好。