我想通过HSTS Preload的所有测试。
我目前有2个错误,我需要解决:
首先
`http://example.com` (HTTP) should immediately redirect to
`https://example.com` (HTTPS) before adding the www subdomain.
Right now, the first redirect is to `https://www.example.com/`.
我的htaccess看起来像这样:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example.com$ [NC]
RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/ [R=302,L]
第二
Response error: No HSTS header is present on the response.
我的htaccess看起来像这样:
<ifModule mod_headers.c>
Header add Strict-Transport-Security "max-age=84600; includeSubDomains"
</IfModule>
我缺少什么,如何通过测试?
我使用这个测试网站; https://hstspreload.appspot.com/
答案 0 :(得分:2)
这是正确的:
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
<ifModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
</ifModule>
答案 1 :(得分:0)
您可以尝试通过测试。
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L,E=HTTPS:1]
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS