使用mod_rewrite在某些页面上从强制SSL切换回来的问题

时间:2022-12-12 11:21:58

Client wants login pages to load via https. This is easily accomplished, but since the site uses pretty url's, we now stay in https mode when clicking around after login is finished. This breaks secure files which are uploaded in the CMS, stored above webroot, and downloaded by streaming through a php script if user has the appropriate permissions. So, we need to switch back to regular http when we're no longer on a login page. Here's what I have in my .htaccess file:

客户希望通过https加载登录页面。这很容易实现,但由于网站使用漂亮的URL,我们现在在登录完成后点击时保持https模式。如果用户具有适当的权限,这会破坏上传到CMS中的安全文件,存储在webroot上方,并通过php脚本流下载。因此,当我们不再登录页面时,我们需要切换回常规http。这是我在.htaccess文件中的内容:

RewriteEngine On
Options +FollowSymLinks

RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^www\.domain\.com [NC]
RewriteRule ^(login\.php|members\.php)$ https://%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{HTTP_HOST} ^domain\.com$ [NC]
RewriteRule ^(login\.php|members\.php)$ https://www.%{HTTP_HOST}%{REQUEST_URI}

RewriteCond %{HTTPS} on
RewriteCond %{IS_SUBREQ} false
RewriteRule !^(login\.php|members\.php)$ http://%{HTTP_HOST}%{REQUEST_URI}

Everything is working fine except the last line, which is getting confused by the pretty url's and redirecting to view.php (which handles translating pretty url lookup codes to database id's that are used in the querystring) if I use {REQUEST_URI}, and the homepage if I use $1 or the path.

一切都工作正常,除了最后一行,它被迷人的url混淆并重定向到view.php(它处理将漂亮的url查找代码转换为查询字符串中使用的数据库id)如果我使用{REQUEST_URI},主页如果我使用$ 1或路径。

I need to figure out a way to make this rewrite to switch back to http mode bypass the pretty url rewrite, but I don't know how to get the actual address that was typed in rather than what it was rewritten to by Apache.

我需要想办法让这个重写切换回http模式绕过漂亮的url重写,但我不知道如何获取输入的实际地址而不是Apache重写的内容。

Please help and thanks in advance!

请提前帮助和感谢!

1 个解决方案

#1

0  

You could grab the original requested URI path from the request line in THE_REQUEST:

您可以从THE_REQUEST中的请求行获取原始请求的URI路径:

RewriteCond %{HTTPS} on
RewriteCond %{IS_SUBREQ} false
RewriteCond %{THE_REQUEST} ^[A-Z]+\ ([^ ]+)
RewriteRule !^(login|members)\.php$ http://%{HTTP_HOST}%1

#1

0  

You could grab the original requested URI path from the request line in THE_REQUEST:

您可以从THE_REQUEST中的请求行获取原始请求的URI路径:

RewriteCond %{HTTPS} on
RewriteCond %{IS_SUBREQ} false
RewriteCond %{THE_REQUEST} ^[A-Z]+\ ([^ ]+)
RewriteRule !^(login|members)\.php$ http://%{HTTP_HOST}%1
标签:

相关文章