[英]Elastic Beanstalk - PHP / Force HTTPS
How do I redirect all traffic while using Amazon Elastic Beanstalk with PHP from http to https? 如何在使用Amazon Elastic Beanstalk和PHP从http到https时重定向所有流量? I have setup my Beanstalk to have a https port (all the certificate and stuff has been setup).
我已经设置了我的Beanstalk以获得https端口(所有证书和内容都已设置)。
Beanstalk sets up their load balancer to send X-Forwarded-Proto
headers to your instance(s). Beanstalk设置其负载均衡器,以将
X-Forwarded-Proto
标头发送到您的实例。
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] !== 'https') {
// redirect to secure site
header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
}
Though, some will swear by not enabling HTTP at all, due to SSL stripping techniques used in MiTM attacks. 但是,由于MiTM攻击中使用的SSL剥离技术,有些人会因为根本不启用HTTP而发誓。
Having said that, you can mitigate SSL stripping by using HSTS . 话虽如此,您可以通过使用HSTS来缓解SSL剥离。
如果您有单实例弹性beanstalk环境,请尝试以下解决方案: AWS Elasticbeanstalk单实例强制SSL重定向循环
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.