I have a website that needs to force HTTPS except when a particular URL begins with a pattern.
我有一个网站需要强制HTTPS,除非特定的URL以模式开头。
The problem is I have a redirection to index.php to load a PHP Controller in my system. When it redirects to index.php rewrite rules are applied again but %{REQUEST_URI} becomes index.php after the redirection and URL that can use http is redirected to https.
问题是我有一个重定向到index.php来加载我的系统中的PHP控制器。当它重定向到index.php时,重写规则再次应用,但%{REQUEST_URI}在重定向后变为index.php,可以使用http的URL重定向到https。
Is there a way around that ? Maybe not reading the rules again after internal redirection or keeping REQUEST_URI the same.
有办法吗?在内部重定向或保持REQUEST_URI相同之后,可能不会再次读取规则。
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/ok_with_http
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php [QSA,L]
1 个解决方案
#1
%{THE_REQUEST} could be used instead of %{REQUEST_URI} to test the original request even after internal redirect to index.php.
即使在内部重定向到index.php之后,也可以使用%{THE_REQUEST}代替%{REQUEST_URI}来测试原始请求。
According to the manual:
根据手册:
THE_REQUEST
The full HTTP request line sent by the browser to the server (e.g.,
GET /index.html HTTP/1.1). This does not include any additional headers sent by the browser. This value has not been unescaped (decoded), unlike most other variables below.浏览器向服务器发送的完整HTTP请求行(例如,GET /index.html HTTP / 1.1)。这不包括浏览器发送的任何其他标头。与以下大多数其他变量不同,此值尚未转义(解码)。
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{THE_REQUEST} !^[A-Z]+\ /ok_with_http(/\S*)?\s
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php [QSA,L]
See answer that I used as a reference.
请参阅我用作参考的答案。
#1
%{THE_REQUEST} could be used instead of %{REQUEST_URI} to test the original request even after internal redirect to index.php.
即使在内部重定向到index.php之后,也可以使用%{THE_REQUEST}代替%{REQUEST_URI}来测试原始请求。
According to the manual:
根据手册:
THE_REQUEST
The full HTTP request line sent by the browser to the server (e.g.,
GET /index.html HTTP/1.1). This does not include any additional headers sent by the browser. This value has not been unescaped (decoded), unlike most other variables below.浏览器向服务器发送的完整HTTP请求行(例如,GET /index.html HTTP / 1.1)。这不包括浏览器发送的任何其他标头。与以下大多数其他变量不同,此值尚未转义(解码)。
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{THE_REQUEST} !^[A-Z]+\ /ok_with_http(/\S*)?\s
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php [QSA,L]
See answer that I used as a reference.
请参阅我用作参考的答案。