Force SSL/https using .htaccess and mod_rewrite

后端 未结 9 1658
一向
一向 2020-11-22 05:24

How can I force to SSL/https using .htaccess and mod_rewrite page specific in PHP.

相关标签:
9条回答
  • 2020-11-22 05:44

    I found a mod_rewrite solution that works well for both proxied and unproxied servers.

    If you are using CloudFlare, AWS Elastic Load Balancing, Heroku, OpenShift or any other Cloud/PaaS solution and you are experiencing redirect loops with normal HTTPS redirects, try the following snippet instead.

    RewriteEngine On
    
    # If we receive a forwarded http request from a proxy...
    RewriteCond %{HTTP:X-Forwarded-Proto} =http [OR]
    
    # ...or just a plain old http request directly from the client
    RewriteCond %{HTTP:X-Forwarded-Proto} =""
    RewriteCond %{HTTPS} !=on
    
    # Redirect to https version
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    
    0 讨论(0)
  • 2020-11-22 05:46

    Mod-rewrite based solution :

    Using the following code in htaccess automatically forwards all http requests to https.

    RewriteEngine on
    
    RewriteCond %{HTTPS}::%{HTTP_HOST} ^off::(?:www\.)?(.+)$
    RewriteRule ^ https://www.%1%{REQUEST_URI} [NE,L,R]
    

    This will redirect your non-www and www http requests to www version of https.

    Another solution (Apache 2.4*)

    RewriteEngine on
    
    RewriteCond %{REQUEST_SCHEME}::%{HTTP_HOST} ^http::(?:www\.)?(.+)$
    RewriteRule ^ https://www.%1%{REQUEST_URI} [NE,L,R]
    

    This doesn't work on lower versions of apache as %{REQUEST_SCHEME} variable was added to mod-rewrite since 2.4.

    0 讨论(0)
  • 2020-11-22 05:47

    PHP Solution

    Borrowing directly from Gordon's very comprehensive answer, I note that your question mentions being page-specific in forcing HTTPS/SSL connections.

    function forceHTTPS(){
      $httpsURL = 'https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
      if( count( $_POST )>0 )
        die( 'Page should be accessed with HTTPS, but a POST Submission has been sent here. Adjust the form to point to '.$httpsURL );
      if( !isset( $_SERVER['HTTPS'] ) || $_SERVER['HTTPS']!=='on' ){
        if( !headers_sent() ){
          header( "Status: 301 Moved Permanently" );
          header( "Location: $httpsURL" );
          exit();
        }else{
          die( '<script type="javascript">document.location.href="'.$httpsURL.'";</script>' );
        }
      }
    }
    

    Then, as close to the top of these pages which you want to force to connect via PHP, you can require() a centralised file containing this (and any other) custom functions, and then simply run the forceHTTPS() function.

    HTACCESS / mod_rewrite Solution

    I have not implemented this kind of solution personally (I have tended to use the PHP solution, like the one above, for it's simplicity), but the following may be, at least, a good start.

    RewriteEngine on
    
    # Check for POST Submission
    RewriteCond %{REQUEST_METHOD} !^POST$
    
    # Forcing HTTPS
    RewriteCond %{HTTPS} !=on [OR]
    RewriteCond %{SERVER_PORT} 80
    # Pages to Apply
    RewriteCond %{REQUEST_URI} ^something_secure [OR]
    RewriteCond %{REQUEST_URI} ^something_else_secure
    RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
    
    # Forcing HTTP
    RewriteCond %{HTTPS} =on [OR]
    RewriteCond %{SERVER_PORT} 443
    # Pages to Apply
    RewriteCond %{REQUEST_URI} ^something_public [OR]
    RewriteCond %{REQUEST_URI} ^something_else_public
    RewriteRule .* http://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
    
    0 讨论(0)
  • 2020-11-22 05:51

    Simple and Easy , just add following

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    
    0 讨论(0)
  • 2020-11-22 05:52

    try this code, it will work for all version of URLs like

    • website.com
    • www.website.com
    • http://website.com
    • http://www.website.com

      RewriteCond %{HTTPS} off
      RewriteCond %{HTTPS_HOST} !^www.website.com$ [NC]
      RewriteRule ^(.*)$ https://www.website.com/$1 [L,R=301]
      
    0 讨论(0)
  • 2020-11-22 05:53

    Simple one :

    RewriteEngine on
    RewriteCond %{HTTP_HOST} ^(www\.example\.com)(:80)? [NC]
    RewriteRule ^(.*) https://example.com/$1 [R=301,L]
    order deny,allow
    

    replace your url with example.com

    0 讨论(0)
提交回复
热议问题