堆栈内存溢出
  简体   繁体   English

从HTTP重定向到Apache中的HTTP

[英]Redirect from HTTPs to HTTP in Apache

 原文  2015-09-13 22:41:08       apache/ redirect/ ssl

问题描述

I got several sites running under the same IP with name-based virtual host support activated: 我启用了基于名称的虚拟主机支持,并在同一IP下运行了多个站点:

  • myexamplesite0.com <-- HTTP myexamplesite0.com <-HTTP
  • myexamplesite1.com <-- HTTPs myexamplesite1.com <-HTTP
  • myexamplesite2.com <-- HTTP myexamplesite2.com <-HTTP

In my apache config ( /etc/apache2/sites-available/default-ssl ) I have a rewrite rule to redirect requests from HTTPs to HTTP. 在我的apache配置( / etc / apache2 / sites-available / default-ssl )中,我有一个重写规则,可以将请求从HTTP重定向到HTTP。 

<VirtualHost *:443>
    <IfModule mod_rewrite.c>
        RewriteEngine On

        # Redirect to HTTP
        RewriteCond %{HTTPS} on
        RewriteCond %{HTTP_HOST} !^(www\.)?myexamplesite1\.com [NC]
        RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R,L]
    </IfModule>
    [...]

As you see, everything exept for myexamplesite1.com gets redirected to a HTTP-version. 如您所见,myexamplesite1.com以外的所有内容都重定向到HTTP版本。

Now, the problem is, that if I type https://myexamplesite2.com , the browser first asks for the confirmation of the snake-oil certificate (ie the requrest lands in default-ssl). 现在的问题是,如果我输入https://myexamplesite2.com ,浏览器将首先要求确认蛇油证书(即,requrest落在default-ssl中)。 Once the certificate is accepted, the redirection to the HTTP version takes place. 一旦证书被接受,就会重定向到HTTP版本。 I just don't get why. 我就是不明白为什么。

I want the redirection first resp. 我要先重定向。 without the certificate issue. 没有证书的问题。 Is that possible? 那可能吗? What am I missing? 我想念什么?

I would accept to show a non-existent HTTPs-site as well, if this is necessary. 如果需要的话,我也愿意显示一个不存在的HTTPs站点。

1 个解决方案

解决方案1
 1 已采纳  2015-09-13 22:53:06

If I understand you correctly you want to redirect the client to HTTP site before the browser shows the "Bad certificate/No CA" warning. 如果我理解正确,则您想在浏览器显示“错误证书/没有CA”警告之前将客户端重定向到HTTP站点。

But their is a problem... SSL/TLS is lower down in the network stack than HTTP. 但这是一个问题... SSL / TLS在网络堆栈中的位置比HTTP低。 After you have a secure socket only then the HTTP protocol is kicked in. 只有拥有安全套接字后,HTTP协议才会启动。

So no. 所以不行。 you cannot do that, otherwise HTTPS will be totally broken to MITM attacks... 您将无法做到这一点,否则HTTPS将完全遭到MITM攻击...

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Apache从http重定向到https - Apache redirect from http to https apache http:重定向到https: - apache http: redirect to https: 在Apache中将HTTPS重定向到HTTP - Redirect HTTPS to HTTP in Apache Apache Https到Http Redirect - Apache Https to Http Redirect 使用Apache将内部IP从HTTP重定向到HTTPS - redirect an internal IP from HTTP to HTTPS with Apache 从Apache VirtualHost永久地将HTTPS重定向到HTTP - Redirect HTTPS to HTTP permanently, from Apache VirtualHost apache 将重定向从 http 重定向到 https - apache redirecting a redirect from http to https 重定向不在Apache中工作,HTTP在HTTPS中工作 - Redirect not working in Apache, HTTP to HTTPS Apache for HTTP + https:不需要的重定向 - Apache for http + https: Unwanted redirect 如何在 Apache 上将 HTTP 重定向到 HTTPS? - How to Redirect HTTP to HTTPS on Apache?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM