将所有HTTP和HTTPS请求重定向到单个HTTPS URL

时间:2017-11-21 13:45:23

标签: mod-rewrite url-rewriting centos7 httpd.conf apache2.4

我想将所有HTTP和HTTPS请求重定向到单个HTTPS URL,因此用户只能通过此URL访问应用程序。 将HTTP请求重定向到HTTPS有效,但我正在努力解决第二部分问题。

到目前为止,我的虚拟主机看起来像这样:

<VirtualHost 10.201.100.81:80>
    ServerName sdvlirp
    ServerAlias sdvlirp.si.intra.net irp-dev
    <IfModule rewrite_module>
        RewriteEngine On
        RewriteRule ^(.*)$ https://irp-dev.intra.net%{REQUEST_URI} [R=301]
   </IfModule>
</VirtualHost>

<VirtualHost 10.201.100.81:443>
    ServerName irp-dev.intra.net
    ErrorLog "logs/https_irp-dev.intra.net-error_log"
    CustomLog "logs/https_irp-dev.intra.net-access_log" common

    SSLEngine On
    SSLProtocol -ALL +TLSv1.1 +TLSv1.2
    SSLHonorCipherOrder On
    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
    SSLSessionCacheTimeout 300
    SSLCompression Off
    SSLCertificateFile "/applis/irpdev/certs/irp-dev.intra.net.pem"
    SSLCertificateKeyFile "/applis/irpdev/certs/irp-dev.intra.net.key"
    SSLCACertificateFile "/applis/irpdev/certs/cacerts.pem"
    Header Set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;"

    <Files ~ "\.(cgi|shtml|phtml|php3?)$">
        SSLOptions +StdEnvVars
    </Files>

    # SSL Protocol Adjustments:
    # The safe and default but still SSL/TLS standard compliant shutdown
    # approach is that mod_ssl sends the close notify alert but doesn't wait for
    # the close notify alert from client. When you need a different shutdown
    # approach you can use one of the following variables:
    # o ssl-unclean-shutdown:
    #   This forces an unclean shutdown when the connection is closed, i.e. no
    #   SSL close notify alert is send or allowed to received. This violates
    #   the SSL/TLS standard but is needed for some brain-dead browsers. Use
    #   this when you receive I/O errors because of the standard approach where
    #   mod_ssl sends the close notify alert.
    # o ssl-accurate-shutdown:
    #   This forces an accurate shutdown when the connection is closed, i.e. a
    #   SSL close notify alert is send and mod_ssl waits for the close notify
    #   alert of the client. This is 100% SSL/TLS standard compliant, but in
    #   practice often causes hanging connections with brain-dead browsers. Use
    #   this only for browsers where you know that their SSL implementation
    #   works correctly.
    # Notice: Most problems of broken clients are also related to the HTTP
    # keep-alive facility, so you usually additionally want to disable
    # keep-alive for those clients, too. Use variable "nokeepalive" for this.
    # Similarly, one has to force some clients to use HTTP/1.0 to workaround
    # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
    # "force-response-1.0" for this.
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

    # Per-Server Logging:
    # The home of a custom SSL log file. Use this when you want a
    # compact non-error SSL logfile on a virtual host basis.
    CustomLog "logs/ssl_request_log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>


你会怎么做?

提前感谢您的帮助。

1 个答案:

答案 0 :(得分:0)

您的需求尚不清楚,因为如果您将所有流量重定向到一个网址,这意味着您无法浏览网站,只能浏览此网址。

您在端口80上的VirtualHost是可以的,但RewriteRule没有重定向到一个URL,但它分别将一个http URL重定向到其https等效URL。 端口443上的VirtualHost没有任何重写块。如果您还想要https到https重定向,那么您需要添加。

相关问题
最新问题