我正在尝试确保如果在安全子域之外使用HTTPS,则会将其重定向到HTTP。
这是我在root .htaccess文件中的内容:
# Redirect HTTPS requests for non-SSL pages back to HTTP. (Note that shared objects
# such as images are excluded from this rule)
RewriteCond %{HTTPS} =on
# my.EXAMPLE.com is the secure subdirectory.
RewriteCond %{HTTP_HOST} !^my.EXAMPLE.com [NC]
RewriteCond $1 !\.(gif|jpe?g|png|ico|css|js)$
RewriteRule ^(.*)$ http://www.EXAMPLE.com/$1 [R=301]
简单地说:
if HTTPS
if not in my.example.com
if NOT an image/css/js file
redirect to HTTP
但是这没有按预期工作,相反,如果我尝试通过HTTPS访问my.example.com子目录之外的页面,我会收到404 Not Found错误。通过HTTP访问同一页面没有问题,它工作正常。
知道为什么这条规则可能不起作用?
这是整个.htaccess文件:
# Don't display .htacess files in directory listings.
IndexIgnore .htaccess
Options +FollowSymLinks
RewriteEngine on
# Password protected for now
AuthType Basic
AuthName "EXAMPLE"
AuthUserFile "/home/EXAMPLE/.htpasswds/public_html/passwd"
require valid-user
# Redirect HTTPS requests for non-SSL pages back to HTTP. (Note that shared objects
# such as images on both HTTP and HTTPS pages are excluded from this rule)
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^my\.EXAMPLE\.com$ [NC]
RewriteCond %{REQUEST_FILENAME} !\.(gif|jpe?g|png|ico|css|js)$
RewriteRule ^(.*)$ http://www.EXAMPLE.com/$1 [R=301]
# Redirect non-www requests to www
RewriteCond %{HTTP_HOST} ^EXAMPLE.com$
RewriteCond %{HTTP_HOST} !^my\.EXAMPLE\.com [NC]
RewriteRule ^(.*)$ "http\:\/\/www\.EXAMPLE\.com\/$1" [R=301]
# Prevent direct access to the WHMCS folder must be accessed through secure subdomain
RedirectMatch 301 ^/WHMCS/(.*)$ https://my.EXAMPLE.com/$1
ErrorDocument 404 /404.php
答案 0 :(得分:0)
试试这个:
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^my\.EXAMPLE\.com$ [NC]
RewriteCond %{REQUEST_FILENAME} !\.(gif|jpe?g|png|ico|css|js)$
RewriteRule ^(.*)$ http://www.EXAMPLE.com/$1 [R=301]
答案 1 :(得分:0)
问题在于,如果您没有为www.example.com设置SSL vhost,并将其文档根目录指向www.example.com的非SSL vhost所在的位置,那么当有人去到https://www.example.com/,你的htaccess文件永远不会被读取。我愿意打赌你需要将你的HTTPS-> HTTP规则放在SSL vhost的htaccess文件中(my.example.com的文档根目录在哪里)。
你的似乎是:
http://www.example.com/ -> /home/EXAMPLE/ (or whatever your document root is)
https://my.example.com/ -> /home/EXAMPLE/subfolder/
因此,如果没有https://www.example.com的vhost设置,当您转到SSL example.com时,永远不会访问/home/EXAMPLE/中的htaccess文件。