htaccessredirect到https:// www

我有以下的htaccess代码:

<IfModule mod_rewrite.c> RewriteEngine On RewriteCond !{HTTPS} off RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301] RewriteCond %{HTTP_HOST} !^www\. RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301] </IfModule> 

我希望我的网站被redirect到https://www. 与HTTPS,并执行www. 子域,但是当我访问http://www. (没有HTTPS),它不会将我redirect到使用HTTPS的https://www

要首先强制执行HTTPS,您必须先检查正确的环境variables%{HTTPS} off ,但是您的规则会预先设置www. 由于您有第二个规则来执行www. ,不要在第一条规则中使用它。

 RewriteCond %{HTTPS} off # First rewrite to HTTPS: # Don't put www. here. If it is already there it will be included, if not # the subsequent rule will catch it. RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # Now, rewrite any request to the wrong domain to use www. # [NC] is a case-insensitive match RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301] 

关于代理

当客户端通过HTTPS连接到代理,负载均衡器,乘客应用程序等某些forms的代理时, %{HTTPS}variables可能永远不会on并导致重写循环。 这是因为即使客户端和代理/负载均衡器正在使用HTTPS,您的应用程序实际上仍在接收纯HTTPstream量。 在这些情况下,请检查X-Forwarded-Proto标题而不是%{HTTPS}variables。 这个答案显示了适当的过程

Michals答案为我工作,虽然有一个小的修改:

问题:

当您拥有单个网站安全证书时 ,将尝试访问您的网页而不使用https:// www。 (或者您的证书所涵盖的任何域名)将其收到redirect到安全正确的https页面之前显示一个丑陋的红色警告屏幕。

首先使用redirect到www(或任何您的证书所涵盖的域),然后只做httpsredirect。 这将确保您的用户不会遇到任何错误,因为您的浏览器发现一个不包含当前url的证书。

 #First rewrite any request to the wrong domain to use the correct one (here www.) RewriteCond %{HTTP_HOST} !^www\. RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301] #Now, rewrite to HTTPS: RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] 

如果您正在使用CloudFlare或类似的CDN,则会在此处提供的%{HTTPS}解决scheme中收到无限循环错误。 如果你是CloudFlare用户,你需要使用这个:

 RewriteEngine On RewriteCond %{HTTP:X-Forwarded-Proto} =http RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] 

那里有很多解决scheme。 这里是一个链接到apache wiki,它直接处理这个问题。

http://wiki.apache.org/httpd/RewriteHTTPToHTTPS

 RewriteEngine On # This will enable the Rewrite capabilities RewriteCond %{HTTPS} !=on # This checks to make sure the connection is not already HTTPS RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] # This rule will redirect users from their original location, to the same location but using HTTPS. # ie http://www.example.com/foo/ to https://www.example.com/foo/ # The leading slash is made optional so that this will work either in httpd.conf # or .htaccess context 

这是我find的最好的方式,而不是代理用户

 RewriteEngine On ### START WWW & HTTPS # ensure www. RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # ensure https RewriteCond %{HTTP:X-Forwarded-Proto} !https RewriteCond %{HTTPS} off RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] ### END WWW & HTTPS 

糟糕的解决scheme和为什么!

当你使用这个代码时:

 RewriteCond %{HTTPS} off RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteRule .* https://www.example.com%{REQUEST_URI} [L,R=301] 

浏览器转到:

 http://example.com 

然后redirect到:

 https://example.com 

然后redirect到:

 https://www.example.com 

这对服务器来说太多了


最好的解决scheme和答案:

 RewriteEngine on RewriteCond %{HTTPS} off [OR] RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteRule (.*) https://www.example.com%{REQUEST_URI} [R=301,L] 

此代码有一个[OR]条件,以防止在URL更改!

要将http://https://redirect到https:// www,您可以在所有版本的Apache上使用以下规则:

 RewriteEngine on RewriteCond %{HTTPS} off [OR] RewriteCond %{HTTP_HOST} !^www\. RewriteRule ^ https://www.example.com%{REQUEST_URI} [NE,L,R] 

Apache 2.4

 RewriteEngine on RewriteCond %{REQUEST_SCHEME} http [OR] RewriteCond %{HTTP_HOST} !^www\. RewriteRule ^ https://www.example.com%{REQUEST_URI} [NE,L,R] 

请注意,自%apache 2.4以来,%{REQUEST_SCHEME}variables可用。

如果你在CloudFlare上,确保你使用这样的东西。

 # BEGIN SSL Redirect <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTP:X-Forwarded-Proto} =http RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] </IfModule> # END SSL Redirect 

这将使您免于redirect循环,并将您的网站安全地redirect到SSL。

PS这是一个好主意,如果检查mod_rewrite.c!

设置在你的.htaccess文件中

 RewriteEngine On RewriteCond %{HTTP_HOST} !^www. RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L] RewriteCond %{HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] 

这将同时适用于https和www

 RewriteCond %{HTTPS} !=on # This checks to make sure the connection is not already HTTPS RewriteRule ^/?(.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]