使用.htaccess和mod_rewrite将'www'前缀到HTTPS URL
[英]Prepend 'www' to an HTTPS url using .htaccess & mod_rewrite
问题描述
I have a dilemma with this one. 
我对此感到困惑。 With the following code I am able to force SSL on any non SSL url, however when the user (and results from Google) take the user to http://mysite.co.za then we hit an issue as the url is then rewritten to https://mysite.co.za 使用以下代码,我可以对任何非SSL URL强制使用SSL,但是当用户(以及Google的结果)将用户带到http://mysite.co.za时,我们遇到了问题,因为该URL随后被重写到https://mysite.co.za
Due to the fact that my certificate is bound to www.mysite.co.za it immediately throws a security error because of the missing 'www' in the url. 由于我的证书已绑定到www.mysite.co.za,因此由于URL中缺少“ www”,它立即引发了安全错误。
Can someone point out a way to add the www to the domain when the domain starts with HTTPS and not HTTP? 当域以HTTPS而不是HTTP开头时,有人可以指出一种将www添加到域的方法吗?
Much appreciated. 非常感激。
And the current code to add the https:// is as follows: 并且当前添加https://的代码如下:
RewriteCond %{HTTP_HOST} !^www\.
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
2 个解决方案
解决方案1
1 已采纳 2010-05-25 11:36:52
Can someone point out a way to add the www to the domain when the domain starts with HTTPS and not HTTP?
So you want this: 所以你想要这个:
- If the host does not start with www: 如果主机不以www开头:
- If the connection is secure, do nothing. 如果连接安全,则什么也不做。 In this case you're already screwed anyway, because the user has already seen the host mismatch warning. 在这种情况下,您无论如何都要搞砸了,因为用户已经看到主机不匹配警告。
- If the connect is not secure redirect to https://www.% {HTTP_HOST}%{REQUEST_URI} 如果连接不安全,请重定向到https://www.% {HTTP_HOST}%{REQUEST_URI}
- If the connection is secure, do nothing.
Your current rule: 您当前的规则:
RewriteCond %{HTTP_HOST} !^www\.
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
This rule fails on you because it adds www no matter whether the connection is secure or not. 此规则对您失败,因为无论连接是否安全,它都会添加www。 Additionally, it keeps plain http the way it is (no forward to https://). 此外,它按原样保留纯HTTP(不转发到https://)。
The rule that satisfy your requirements above is 满足您以上要求的规则是
#if the host does not start with www.
RewriteCond %{HTTP_HOST} !^www\.
#and the connection is not secure
RewriteCond %{HTTPS} =""
#forward
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301]
The L flag is unnecessary because a redirect ends the rewriting. L标志是不必要的,因为重定向会终止重写。
解决方案2
0 2010-05-26 07:17:26
This doesn't answer your question, but it's certainly a way around the problem: 这不能回答您的问题,但肯定是解决问题的一种方法:
SSL certificates from Digicert will by default protect both WWW and non-WWW variants of the same domain. 默认情况下,Digicert的SSL证书将保护同一域的WWW和非WWW变体。 I don't know of any other mainstream certificate authority which does this - Digicert SSL Plus 我不知道有其他主流证书颁发机构可以这样做-Digicert SSL Plus
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.