除了使用Zend Framework的特定文件夹/控制器之外,我想将所有URL重写为SSL。例如,我想从SSL中排除auth控制器,然后如果我访问https://blabla.com/auth,我想重写为http://blabla.com/auth。
我在htaccess https redirect only on specific Zend Frameworks controller/actions和Rewrite all URL to SSL except specific folders with Zend Framework尝试了一些代码,但没有任何对我有用。
现在这是我在.htaccess文件中的代码。有什么建议吗?
RewriteEngine On
RewriteCond %{HTTPS} on [NC]
RewriteCond %{REQUEST_URI} !^/(auth|client)/ [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [L,R=301]
RewriteCond %{HTTPS} off [NC]
RewriteCond %{REQUEST_URI} ^/(auth|client)/ [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [L,R=301]
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ index.php [L]
更新
它不会抛出任何错误,但是当我使用http访问该页面时,它会将我重定向到使用https的索引页面:
RewriteEngine On
#If HTTPS is off and this is not /auth or /client - redirect to https
RewriteCond %{HTTPS} off
RewriteCond $1 !^(en/x/auth/index) [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R,L]
#If HTTPS is off and this is /auth or /client - redirect to http
RewriteCond %{HTTPS} on
RewriteCond $1 ^(en/x/auth/index) [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R,L]
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ index.php [NC,L]
答案 0 :(得分:1)
不需要在.htacess中更改内容只需创建一个插件控制器
控制器插件
namespace Custom\Controller\Plugin;
class Ssl extends \Zend_Controller_Plugin_Abstract
{
/**
* Check the application.ini file for security settings.
* If the url requires being secured, r ebuild a secure url
* and redirect.
*
* @param Zend_Controller_Request_Abstract $request
* @return void
* @author Travis Boudreaux
*/
public function preDispatch(\Zend_Controller_Request_Abstract $request)
{
$shouldSecureUrl = false;
$options = new \Zend_Config_Ini(APPLICATION_PATH . '/configs/ssl.ini');
$options = $options->ssl;
//if config is empty, exit
if (!is_object($options))
return;
//simpler to use
$options = $options->toArray();
if (APPLICATION_ENV == 'production') {
if ($request->controller == 'ajax')
return;
//check configuration file for one of three require_ssl directives
//secure an entire module with modules.module_name.require_ssl = true
//secure an entire controller with modules.module_name.controller_name.require_ssl = true
//secure an action with modules.module_name.controller_name.action_name.require_ssl = true
if (isset($options['modules'][$request->module][$request->controller]['require_ssl'])
&& ($options['modules'][$request->module][$request->controller]['require_ssl'])
) {
$shouldSecureUrl = true;
} elseif (isset($options['modules'][$request->module][$request->controller][$request->action]['require_ssl'])
&& ($options['modules'][$request->module][$request->controller][$request->action]['require_ssl'])
) {
$shouldSecureUrl = true;
} elseif (isset($options['modules'][$request->module][$request->controller][$request->action]['require_ssl'])
&& !($options['modules'][$request->module][$request->controller][$request->action]['require_ssl'])
) {
$shouldSecureUrl = false;
}
if (empty($shouldSecureUrl))
$shouldSecureUrl = false;
$this->_setupUrls($request, $shouldSecureUrl);
}
}
/**
* Check the request to see if it is secure. If it isn't
* rebuild a secure url, redirect and exit.
*
* @param Zend_Controller_Request_Abstract $request
* @param boolean $secure_url
* @return void
* @author Travis Boudreaux
*/
protected function _setupUrls(\Zend_Controller_Request_Abstract $request, $secure_url)
{
$server = $request->getServer();
$hostname = $server['HTTP_HOST'];
if ($request->isSecure()) {
if (!$secure_url) {
$url = \Zend_Controller_Request_Http::SCHEME_HTTP;
$url .= '://' . $hostname . $request->getRequestUri();
$redirector = \Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');
$redirector->setGoToUrl($url);
$redirector->redirectAndExit();
}
} else {
if ($secure_url) {
$url = \Zend_Controller_Request_Http::SCHEME_HTTPS;
$url .= '://' . $hostname . $request->getRequestUri();
$redirector = \Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');
$redirector->setGoToUrl($url);
$redirector->redirectAndExit();
}
}
}
}
ssl.ini可以保存在APPLICATION_PATH中。 '/ configs'目录
ssl.modules.default.register.require_ssl = true
ssl.modules.default.login.require_ssl = true
ssl.modules.default.dashboard.require_ssl = true
ssl.modules.default.payment.require_ssl = true
ssl.modules.default.password.require_ssl = true
ssl.modules.default.profile.require_ssl = true
ssl.modules.admin.login.login.require_ssl = true
ssl.modules.admin.dashboard.require_ssl = true
ssl.modules.admin.payment.require_ssl = true
ssl.modules.admin.password.password.require_ssl = true
ssl.modules.admin.password.forgot.require_ssl = true
ssl.modules.admin.publicateur.require_ssl = true
ssl.modules.admin.profile.require_ssl = true
最后在你的bootstrap中注册插件
/* other bootstrap config above */
protected function _initPlugin()
{
$front = Zend_Controller_Front::getInstance();
$front->registerPlugin(new Ssl());
}
答案 1 :(得分:0)
我认为,你犯了错误的条件。我试着改写:
#If HTTPS is off and this is not /auth or /client - redirect to https
RewriteCond %{HTTPS} off
RewriteCond $1 !^(auth|client) [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [L,R=301]
#If HTTPS is off and this is /auth or /client - redirect to http
RewriteCond %{HTTPS} on
RewriteCond $1 ^(auth|client) [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [L,R=301]