我已将以下内容插入到我网站的.htaccess中,以便加入HSTS preload list:
<ifModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
</ifModule>
问题在于,当我提交我的网站时,我获得了:
警告:HTTP上不必要的HSTS标头。 HTTP页面在 http://fabriziorocca.it发送HSTS标头。这没有效果 HTTP,应该删除。
目前我在.htaccess中使用以下内容以便从http切换到https:
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
我该如何解决这个问题?
提前谢谢。
答案 0 :(得分:1)
尝试:
<ifModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" "expr=%{HTTPS} == on"
</ifModule>
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
答案 1 :(得分:1)
在重定向规则下方添加代码:
public function index(){
$this->layout = "default_layout";
}
答案 2 :(得分:0)
没有...
错误:HTTP首先重定向到www
在添加www子域之前,http://domain.fr(HTTP)应立即重定向到https://domain.fr(HTTPS)。现在,第一次重定向是https://www.domain.fr/。需要额外的重定向以确保任何支持HSTS的浏览器都会记录顶级域的HSTS条目,而不仅仅是子域。
答案 3 :(得分:0)
我在htaccess中添加的内容非常适合我。
RewriteEngine On
RewriteCond %{HTTPS} off
# First rewrite to HTTPS:
# Don't put www. here. If it is already there it will be included, if not
# the subsequent rule will catch it.
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Now, rewrite any request to the wrong domain to use www.
# [NC] is a case-insensitive match
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Use HTTP Strict Transport Security to force client to use secure connections only
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" "expr=%{HTTPS} == 'on'"
env = HTTPS现在不起作用。