在htaccess中确定设置环境的HTTPS

时间:2021-01-30 16:53:24

I want to redirect the user to the authentication page only if the request is 'https'.

我希望仅在请求为“https”时将用户重定向到验证页面。

Currently I have written the following in my .htaccess file to do the same, but it doesn't work.

目前,我已经在.htaccess文件中编写了以下内容,以完成相同的操作,但它不能工作。

SetEnvIf Request_Protocol ^HTTPS.* IS_HTTPS

AuthType shibboleth
AuthName "Login"
ShibRequireSession on
require user abcd
Allow from env=IS_HTTPS

Is the regex for determining HTTPS correct? Earlier I had the SetEnvIf statement as follows. This too didn't work.

用于确定HTTPS的regex是否正确?之前我有SetEnvIf声明如下。这也没有工作。

SetEnvIf %{SERVER_PORT} ^80$ IS_NON_SSL

AuthType shibboleth
AuthName "Login"
ShibRequireSession on
require user abcd
Allow from env=!IS_NON_SSL

But as per the documentation for SetEnvIf directive (http://httpd.apache.org/docs/2.2/mod/mod_setenvif.html), the SERVER_PORT variable is not available.

但是根据SetEnvIf指令的文档(http://httpd.apache.org/docs/2.2/mod/mod_setenvif.html), SERVER_PORT变量不可用。

2 个解决方案

#1


3  

I don’t think that the value Request_Protocol can be used to determine this – according to the docs page you linked, that contains something like (e.g., "HTTP/0.9", "HTTP/1.1", etc.) – so the protocol itself will always be HTTP; and that makes sense, as HTTPS is not a real “protocol”, but only the common name for HTTP with TLS “wrapped around it”, on the OSI level below it (6).

我不认为可以使用值Request_Protocol来确定这一点——根据您链接的docs页面,它包含类似于(例如“HTTP/0.9”、“HTTP/1.1”等)的内容——因此协议本身将始终是HTTP;这是有意义的,因为HTTPS并不是一个真正的“协议”,只是HTTP的通用名称“包裹在它周围”,在它下面的OSI级别(6)。

I’m not sure about the actual order of request processing (and don’t know where to find it right now off the top of my head) – but maybe you could combine this with mod_rewrite to achieve what you want? A RewriteCond is able to check whether HTTPS is used by checking the variable HTTPS for the value on – and a RewriteRule following that condition could set an environment variable for you using the [E] flag – something like this:

我不确定请求处理的实际顺序(也不知道现在在我的脑海中从哪里找到它)——但是也许您可以将它与mod_rewrite结合以实现您想要的?RewriteCond可以通过检查变量HTTPS是否被使用来检查其值是否为on -然后根据该条件的RewriteRule可以使用[E]标志为您设置一个环境变量—类似如下:

RewriteCond %{HTTPS} ^on$
RewriteRule . - [E=IS_HTTPS]

This will set the environment variable IS_HTTPS with an empty value, but that should be enough to check it with Allow from env=IS_HTTPS.

这将为环境变量IS_HTTPS设置一个空值,但这应该足以检查它与Allow from env=IS_HTTPS。

Mind giving this a try? As I said, I’m not sure if this will work because of processing order – but tryin’ cost nuffin, right?

介意试试这个吗?就像我说的,我不确定这是否会因为加工顺序而起作用——但是尝试一下“成本松饼”,对吧?

#2


0  

You can try:

你可以尝试:

SetEnvIf Request_Protocol ^HTTPS.* IS_HTTPS

AuthType shibboleth
AuthName "Login"
ShibRequireSession on
require user abcd
Satisfy    any
Order      deny,allow
Deny from  all
Allow from env=IS_HTTPS

#1


3  

I don’t think that the value Request_Protocol can be used to determine this – according to the docs page you linked, that contains something like (e.g., "HTTP/0.9", "HTTP/1.1", etc.) – so the protocol itself will always be HTTP; and that makes sense, as HTTPS is not a real “protocol”, but only the common name for HTTP with TLS “wrapped around it”, on the OSI level below it (6).

我不认为可以使用值Request_Protocol来确定这一点——根据您链接的docs页面,它包含类似于(例如“HTTP/0.9”、“HTTP/1.1”等)的内容——因此协议本身将始终是HTTP;这是有意义的,因为HTTPS并不是一个真正的“协议”,只是HTTP的通用名称“包裹在它周围”,在它下面的OSI级别(6)。

I’m not sure about the actual order of request processing (and don’t know where to find it right now off the top of my head) – but maybe you could combine this with mod_rewrite to achieve what you want? A RewriteCond is able to check whether HTTPS is used by checking the variable HTTPS for the value on – and a RewriteRule following that condition could set an environment variable for you using the [E] flag – something like this:

我不确定请求处理的实际顺序(也不知道现在在我的脑海中从哪里找到它)——但是也许您可以将它与mod_rewrite结合以实现您想要的?RewriteCond可以通过检查变量HTTPS是否被使用来检查其值是否为on -然后根据该条件的RewriteRule可以使用[E]标志为您设置一个环境变量—类似如下:

RewriteCond %{HTTPS} ^on$
RewriteRule . - [E=IS_HTTPS]

This will set the environment variable IS_HTTPS with an empty value, but that should be enough to check it with Allow from env=IS_HTTPS.

这将为环境变量IS_HTTPS设置一个空值,但这应该足以检查它与Allow from env=IS_HTTPS。

Mind giving this a try? As I said, I’m not sure if this will work because of processing order – but tryin’ cost nuffin, right?

介意试试这个吗?就像我说的,我不确定这是否会因为加工顺序而起作用——但是尝试一下“成本松饼”,对吧?

#2


0  

You can try:

你可以尝试:

SetEnvIf Request_Protocol ^HTTPS.* IS_HTTPS

AuthType shibboleth
AuthName "Login"
ShibRequireSession on
require user abcd
Satisfy    any
Order      deny,allow
Deny from  all
Allow from env=IS_HTTPS