有些东西会将我在所有网页上的https流量重定向到http。我在.conf文件或.htaccess中找不到错误。我试图强制https的所有内容都失败了。有些东西压倒了我的努力,并把所有东西都送回了http。 示例:https://www.tjoselfstorage.com/admin
这是.conf文件
<VirtualHost *:80>
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
# staging htpasswd protection
<Directory /var/www/>
SetEnvIfNoCase always_match ^ CARET_ENV=live
Options -Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
# staging htpasswd protection
<Directory /var/www/>
SetEnvIfNoCase always_match ^ CARET_ENV=live
Options -Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/20f8a253809bd7bd.crt
SSLCertificateKeyFile /etc/apache2/ssl/www.tjoselfstorage.com.key
SSLCertificateChainFile /etc/apache2/ssl/gd_bundle-g2-g1.crt
</VirtualHost>
这是我的.htaccess
RewriteEngine on
RewriteCond %{ENV:CARET_ENV} live [NC]
RewriteCond %{HTTP_HOST} !^www.tjoselfstorage.com$ [NC]
RewriteCond %{HTTP_HOST} ((.*).(org|net|com)|(.*).(.*).(org|net|com)|[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}) [NC]
# Remove trailing slashes
RewriteCond %{REQUEST_URI} !^/$
RewriteCond %{REQUEST_FILENAME} !__\^.php
RewriteRule ^(.*)/$ /$1 [R=301,L]
# serve thru caret if the file doesn't exist
RewriteCond %{REQUEST_FILENAME} !-f [OR]
# or if the file does exist but isn't a static resource (CSS, images, JS, etc)
RewriteCond %{REQUEST_FILENAME} !resources
# and make sure we're not already directing to caret (handles additional loops through this htaccess file)
RewriteCond %{REQUEST_FILENAME} !__\^.php
RewriteRule (.*) \__\^.php/$0 [L]
答案 0 :(得分:0)
您的PHP应用程序是:
curl -Ik https://www.tjoselfstorage.com/admin
HTTP/1.1 302 Found
Date: Sun, 14 Jan 2018 04:32:08 GMT
Server: Apache/2.2.20 (Ubuntu)
X-Powered-By: PHP/5.3.6-13ubuntu3.6 <---------------!!! here!!!!
Set-Cookie: PHPSESSID=dsaapjf4cml9fdcblbjf9p9550; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Status-Code: 301
Location: http://www.tjoselfstorage.com/account/login?redirect=%2Fadmin
Vary: Accept-Encoding
Content-Type: text/html
图片的标题说明:
<Directory />指向您的文件系统中的ROOT /。您不应该在虚拟主机中使用它,而是在服务器配置中使用它并拒绝所有。
你当然想要的是:
<Directory /path/to/documentroot>
如果您是网站的管理员,则不应该使用.htaccess。 .htaccess不是重写库,它是非管理员用户配置特定目录的一种方法,现在你允许整个文件系统中的任何.htaccess被httpd 读取和解释。相当不安全和缓慢。