通用htaccess重写:始终使用https和www

时间:2013-04-02 21:18:21

标签: .htaccess

我正在搜索通用 htaccess重写,强制用户使用https www。因此,以下网址都应重写为https://www.domain.tld/some/path

它应该是通用解决方案,因此域名不包含在规则中。最有可能的是,该规则将包含%{HTTP_HOST}%{REQUEST_URI}%1/$1之类的内容。请说明您使用其中一个的原因。

虽然有很多问题与此类似,但我没有找到兼顾两者的解决方案 - https和www重定向。希望你能帮忙。

修改1:

我尝试了@anubhava的解决方案,但我收到了“太多重定向”错误。由于该网站是Magento网站,因此htaccess稍微困难一些。以下是我尝试过的两个mod_rewrite部分:

<IfModule mod_rewrite.c>

############################################
## enable rewrites

    Options +FollowSymLinks
    RewriteEngine on

    RewriteCond %{HTTP_HOST} !^www\. [NC]
    RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    RewriteCond %{HTTPS} off
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

############################################
## you can put here your magento root folder
## path relative to web root

    #RewriteBase /magento/

############################################
## uncomment next line to enable light API calls processing

#    RewriteRule ^api/([a-z][0-9a-z_]+)/?$ api.php?type=$1 [QSA,L]

############################################
## rewrite API2 calls to api.php (by now it is REST only)

    RewriteRule ^api/rest api.php?type=rest [QSA,L]

############################################
## workaround for HTTP authorization
## in CGI environment

    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

############################################
## TRACE and TRACK HTTP methods disabled to prevent XSS attacks

    RewriteCond %{REQUEST_METHOD} ^TRAC[EK]
    RewriteRule .* - [L,R=405]

############################################
## redirect for mobile user agents

    #RewriteCond %{REQUEST_URI} !^/mobiledirectoryhere/.*$
    #RewriteCond %{HTTP_USER_AGENT} "android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile" [NC]
    #RewriteRule ^(.*)$ /mobiledirectoryhere/ [L,R=302]

############################################
## always send 404 on missing files in these folders

    RewriteCond %{REQUEST_URI} !^/(media|skin|js)/

############################################
## never rewrite for existing files, directories and links

    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-l

############################################
## rewrite everything else to index.php

    RewriteRule .* index.php [L]

</IfModule>

第二个版本:

<IfModule mod_rewrite.c>

############################################
## enable rewrites

    Options +FollowSymLinks
    RewriteEngine on

    RewriteCond %{HTTPS} off [OR]
    RewriteCond %{HTTP_HOST} !^www\.
    RewriteRule ^ https://www.domain.tld%{REQUEST_URI} [R=301,L]

############################################
## you can put here your magento root folder
## path relative to web root

    #RewriteBase /magento/

############################################
## uncomment next line to enable light API calls processing

#    RewriteRule ^api/([a-z][0-9a-z_]+)/?$ api.php?type=$1 [QSA,L]

############################################
## rewrite API2 calls to api.php (by now it is REST only)

    RewriteRule ^api/rest api.php?type=rest [QSA,L]

############################################
## workaround for HTTP authorization
## in CGI environment

    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

############################################
## TRACE and TRACK HTTP methods disabled to prevent XSS attacks

    RewriteCond %{REQUEST_METHOD} ^TRAC[EK]
    RewriteRule .* - [L,R=405]

############################################
## redirect for mobile user agents

    #RewriteCond %{REQUEST_URI} !^/mobiledirectoryhere/.*$
    #RewriteCond %{HTTP_USER_AGENT} "android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile" [NC]
    #RewriteRule ^(.*)$ /mobiledirectoryhere/ [L,R=302]

############################################
## always send 404 on missing files in these folders

    RewriteCond %{REQUEST_URI} !^/(media|skin|js)/

############################################
## never rewrite for existing files, directories and links

    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-l

############################################
## rewrite everything else to index.php

    RewriteRule .* index.php [L]

</IfModule>

有什么想法吗?

编辑2:

根据@anubhava的建议,设置Magento使用https来获取安全和不安全的基本URL并不能解决问题。然后,网址http://www.domain.tld/some/path会重定向到https://www.domain.tld,而不是https://www.domain.tld/some/path

2 个答案:

答案 0 :(得分:1)

你可以试试这个:

<IfModule mod_rewrite.c>
    RewriteEngine On

    # non www to https://www...
    RewriteCond %{HTTP_HOST} !^www\.
    RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]

    # non https to http
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</IfModule>

第一个重写规则检查主机名是否以www开头,如果不是,则使用https重定向并将www添加到主机名。标志R = 301表示apache使用HTTP 301永久重定向,L使mod_rewrite停止处理规则集。有关详细信息,请查看文档:{​​{3}}

第二次重写规则使用www捕获请求但没有https://。主机名和路径保持不变。感谢NicolásEchániz和Joseph Scott关于http://httpd.apache.org/docs/current/rewrite/的博客指出了第二条规则。

答案 1 :(得分:1)

清除浏览器缓存并首先重新启动浏览器。

Magento设置更改

打开管理面板并访问 System -> Configration -> Web 面板,并将Base URL(对于安全和不安全)设置为https://www.domain.tld/

然后设置

Auto-redirect to Base URL =否

Use Secure URLs in Frontend =是

Use Secure URLs in Admin =是

保存设置,清除Magento缓存

Magento .htaccess改变

将此代码放在RewriteBase行下面的基本magento目录中的.htaccess中:

RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]