我正在使用以下内容在我的主网站上强制使用HTTPS。
### Force SSL RewriteCond %{HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] 如果你想查看完整的htaccess文件,我已经把它放在下面:
<IfModule mod_rewrite.c> RewriteEngine On RewriteBase / ### Blacklist via Referrers RewriteCond %{HTTP_REFERER} removed\.net [NC,OR] RewriteCond %{HTTP_REFERER} removed\.com [NC,OR] RewriteCond %{HTTP_REFERER} removed\.removed\.com [NC,OR] RewriteCond %{HTTP_REFERER} removed\.com [NC,OR] RewriteCond %{HTTP_REFERER} removed\.net [NC,OR] RewriteCond %{HTTP_REFERER} removed\.sx [NC,OR] RewriteCond %{HTTP_REFERER} removed\.com [NC,OR] RewriteCond %{HTTP_REFERER} removed\.com [NC,OR] RewriteCond %{HTTP_REFERER} removed\.com [NC,OR] RewriteCond %{HTTP_REFERER} removed\.com [NC,OR] RewriteCond %{HTTP_REFERER} removed\.org [NC] RewriteRule ^(.*)$ - [F,L] ### Force SSL #RewriteCond %{HTTPS} !=on #RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] ### Canonicalize codeigniter URLs # If your default controller is something other than # "welcome" you should probably change this RewriteRule ^(welcome(/index)?|index(\.php)?)/?$ / [L,R=301] RewriteRule ^(.*)/index/?$ $1 [L,R=301] # Removes trailing slashes (prevents SEO duplicate content issues) RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.+)/$ $1 [L,R=301] # Enforce NO www RewriteCond %{HTTP_HOST} ^www [NC] RewriteRule ^(.*)$ https://removed.com/$1 [L,R=301] # Removes access to the system folder by users. # Additionally this will allow you to create a System.php controller, # previously this would not have been possible. # 'system' can be replaced if you have renamed your system folder. RewriteCond %{REQUEST_URI} ^system.* RewriteRule ^(.*)$ /index.php/$1 [L] # Checks to see if the user is attempting to access a valid file, # such as an image or css document, if this isn't true it sends the # request to index.php RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php/$1 [L] </IfModule> <IfModule !mod_rewrite.c> # Without mod_rewrite, route 404's to the front controller ErrorDocument 404 /index.php </IfModule>
我正在努力确定redirect循环是如何发生的。
我没有说清楚,我的Web服务器(Apache)仅在端口80上configuration了一个虚拟主机,负载均衡器获取HTTP和HTTPSstream量。 负载平衡器处理SSL连接。
感谢HBruijn的评论,我明白了为什么我得到了redirect循环。
来自ELB的stream量将始终是HTTP,因为它处理到用户的HTTPSstream量,而到达HTTP服务器,所以我以前的规则将导致循环。
经过一番研究,我发现负载均衡器转发了一些像X-Forwarded-Proto这样的用户头文件。 这可以用来确定客户端是否使用HTTP或HTTPS,如下所示:
### Force HTTPS RewriteCond %{HTTP:X-Forwarded-Proto} !https RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
希望以上内容能帮助别人试图在Amazon Web Services负载平衡器后强制使用HTTPS。
而不是在.htaccess文件中这样做,只需在Apacheconfiguration的非SSL VirtualHost条目中设置SSL redirect :
NameVirtualHost *:80 <VirtualHost *:80> ServerName www.example.com Redirect permanent / https://www.example.com/ </VirtualHost> <VirtualHost _default_:443> ServerName www.example.com DocumentRoot /usr/local/apache2/htdocs SSLEngine On # etc... </VirtualHost>
这是更有效率。
另外:我的宠物peeve,从手册引用.htaccess文件:
如果您有权访问httpd主服务器configuration文件, 则应该完全避免使用.htaccess文件。 使用.htaccess文件会降低您的Apache HTTP服务器速度。 您可以包含在.htaccess文件中的任何指令都可以在主Apacheconfiguration文件的
Directory块中更好地设置,因为它具有相同的效果,性能更好。