有什么更好的方法来强制用户拥有 https 而不是使用 www?

【问题标题】:What is better way to force user to have https and not use www?有什么更好的方法来强制用户拥有 https 而不是使用 www?
【发布时间】:2021-09-12 18:01:50
【问题描述】:

我希望任何用户的 URL 为 https://sample.com

条件:

用户需要在https://sample.com

以下代码正在运行,但似乎有更好的方法来改进这些。

## code from www to non-www
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

## code from http to https
RewriteEngine On 
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-SSL} !on
RewriteCond %{HTTP_HOST} ^sample\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.sample\.com$
RewriteRule ^/?$ "https\:\/\/sample\.com\/" [R=301,L]

更新:

# Cache Control Settings
<FilesMatch ".(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
Header set Cache-Control "max-age=31536000, public"
</FilesMatch>
<FilesMatch ".(xml|txt)$">
Header set Cache-Control "max-age=31536000, public, must-revalidate"
</FilesMatch>
<FilesMatch ".(html|htm)$">
Header set Cache-Control "max-age=31536000, must-revalidate"
</FilesMatch>

Options -Indexes
DirectoryIndex index.php
DefaultLanguage en-US
AddDefaultCharset UTF-8
ServerSignature off
SetEnv TZ Asia/Hong_Kong
SetEnv SERVER_ADMIN hello@sample.com

<files ~ "^.*\.([Hh][Tt][Aa])">
    order allow,deny
    deny from all
    satisfy all
</files>

RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]

<FilesMatch "\.(flv|gif|jpg|jpeg|png|ico|ttf|otf|eot|woff)$">
Header set Cache-Control "max-age=2419200"
</FilesMatch>
<FilesMatch "\.(js|css|pdf|swf)$">
Header set Cache-Control "max-age=604800"
</FilesMatch>
<FilesMatch "\.(html|htm|txt)$">
Header set Cache-Control "max-age=600"
</FilesMatch>
<FilesMatch "\.(pl|php|cgi|spl|scgi|fcgi)$">
Header unset Cache-Control
</FilesMatch>

<FilesMatch "^php5?\.(ini|cgi)$">
Order Deny,Allow
Deny from All
Allow from env=REDIRECT_STATUS
</FilesMatch>

RedirectMatch 404 ^/templates/.+\.(html|php)
RedirectMatch 404 ^/space/.+\.(html|php)

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?sample.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bing.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yahoo.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?facebook.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?twitter.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?linkedin.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [F]

RewriteCond %{HTTP_USER_AGENT} ^.*(Alexibot|Art-Online|asterias|BackDoorbot|Black.Hole|BlackWidow|BlowFish|botALot|BuiltbotTough|Bullseye|BunnySlippers|Cegbfeieh|Cheesebot|CherryPicker|ChinaClaw|CopyRightCheck|cosmos|Crescent|Custo|DISCo|DittoSpyder|DownloadsDemon|eCatch|EirGrabber|EmailCollector|EmailSiphon|EmailWolf|EroCrawler|ExpresssWebPictures|ExtractorPro|EyeNetIE|FlashGet|Foobot|FrontPage|GetRight|GetWeb!|Go-Ahead-Got-It|Go!Zilla|GrabNet|Grafula|Harvest|hloader|HMView|httplib|HTTrack|humanlinks|ImagesStripper|ImagesSucker|IndysLibrary|InfonaviRobot|InterGET|InternetsNinja|Jennybot|JetCar|JOCsWebsSpider|Kenjin.Spider|Keyword.Density|larbin|LeechFTP|Lexibot|libWeb/clsHTTP|LinkextractorPro|LinkScan/8.1a.Unix|LinkWalker|lwp-trivial|MasssDownloader|Mata.Hari|Microsoft.URL|MIDownstool|MIIxpc|Mister.PiX|MistersPiX|moget|Mozilla/3.Mozilla/2.01|Mozilla.*NEWT|Navroad|NearSite|NetAnts|NetMechanic|NetSpider|NetsVampire|NetZIP|NICErsPRO|NPbot|Octopus|Offline.Explorer|OfflinesExplorer|OfflinesNavigator|Openfind|Pagerabber|PapasFoto|pavuk|pcBrowser|ProgramsSharewares1|ProPowerbot/2.14|ProWebWalker|ProWebWalker|psbot/0.1|QueryN.Metasearch|ReGet|RepoMonkey|RMA|SiteSnagger|SlySearch|SmartDownload|Spankbot|spanner|Superbot|SuperHTTP|Surfbot|suzuran|Szukacz/1.4|tAkeOut|Teleport|TeleportsPro|Telesoft|The.Intraformant|TheNomad|TightTwatbot|Titan|toCrawl/UrlDispatcher|toCrawl/UrlDispatcher|True_Robot|turingos|Turnitinbot/1.5|URLy.Warning|VCI|VoidEYE|WebAuto|WebBandit|WebCopier|WebEMailExtrac.*|WebEnhancer|WebFetch|WebGosIS|Web.Image.Collector|WebsImagesCollector|WebLeacher|WebmasterWorldForumbot|WebReaper|WebSauger|WebsiteseXtractor|Website.Quester|WebsitesQuester|Webster.Pro|WebStripper|WebsSucker|WebWhacker|WebZip|Wget|Widow|[Ww]eb[Bb]andit|WWW-Collector-E|WWWOFFLE|XaldonsWebSpider|Xenu's|Zeus|craftbot|download|extract|stripper|sucker|ninja|clshttp|webspider|leacher|collector|grabber|webpictures|archive.org|binlar|casper|checkpriv|choppy|clshttp|cmsworld|diavol|dotbot|feedfinder|flicky|g00g1e|heritrix|kmccrew|loader|miner|nikto|nutch|planetwork|postrank|purebot|pycurl|python|seekerspider|siclab|skygrid|sqlmap|turnit|vikspider|winhttp|xxxyy|youda|zmeu|zune).*$ [NC]
RewriteRule . - [F,L]

## DENY REQUEST BASED ON REQUEST METHOD
RewriteCond %{REQUEST_METHOD} ^(CONNECT|DEBUG|DELETE|MOVE|PUT|TRACE|TRACK|OPTIONS|HEAD)$ [NC]
RewriteRule ^.*$ - [F]

<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresDefault "access plus 10 days"
    ExpiresByType text/css "access plus 1 week"
    ExpiresByType text/plain "access plus 1 month"
    ExpiresByType image/gif "access plus 1 month"
    ExpiresByType image/png "access plus 1 month"
    ExpiresByType image/jpeg "access plus 1 month"
    ExpiresByType application/x-javascript "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 week"
    ExpiresByType application/x-icon "access plus 1 year"
</IfModule>
<IfModule mod_rewrite.c>
    RewriteCond %{QUERY_STRING} (\|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
    RewriteRule .* index.php [F,L]
</IfModule>

# Custom error page for error 403, 404 and 500
#ErrorDocument 404 /404_NOT_FOUND
ErrorDocument 404 /error.html
ErrorDocument 500 /error.html

php_value post_max_size 20M

【问题讨论】:

    标签: .htaccess url redirect url-rewriting


    【解决方案1】:

    根据您显示的尝试,样品请尝试以下规则。确保将这些规则放在您的 htaccess 文件的顶部。

    确保在测试您的 URL 之前清除您的浏览器缓存。

    RewriteEngine ON
##NO https with/without www --> https.
RewriteCond %{HTTPS} !on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R=301,L]

##With/without https with www --> NO www with https.
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.*)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [NE,R=301,L]

#####All rest of your Rules coming here......

    【讨论】:

    • 我厌倦了你的代码,但是当我尝试访问像 sample.com/about-us 这样的其他页面时,我得到 404 Not Found
    • @Bry,您能否确认一下您是否已将这些规则放在您的 htaccess 文件的顶部?
    • 是的,我确认将您的代码复制到我的 htaccess 的最顶部。
    • @Bry,我想请您在您的问题中添加完整的 htaccess 文件以使其更清楚。
    • 更新了我的问题。您可以查看我的完整 htaccess 代码。请忽略第一行代码,因为它来自 Anubhava
    【解决方案2】:

    您可以使用单个规则来删除 http -&gt; httpswww

    ## code from http to https and www removal
RewriteEngine On

RewriteCond %{HTTP_HOST} ^(?:www\.)?sample\.com$ [NC,OR]
RewriteCond %{HTTPS} !on
RewriteCond %{HTTP:X-Forwarded-SSL} !on
RewriteRule ^(.*)$ https://sample.com/$1 [NE,R=301,L]

    【讨论】:

    • 我厌倦了你的代码,但是当我尝试访问像 sample.com/about-us 这样的其他页面时,我得到 404 Not Found @anubhava
    • 是的重定向是正确的,但我不知道为什么我得到 404 页面...
    • 更新了我的问题。您可以查看我的完整 htaccess 代码。
    • 是的,我删除了您的代码,我的网站运行良好。但条件不满足(例如www)
    • 我认为我的网站在我的服务器主机中启用了 https,所以我认为它总是会重定向到 https ...在 htaccess 中有或没有 https 的力量
    【解决方案3】: 
    # remove first www
RewriteEngine On 
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

# change to https
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-SSL} !on
RewriteCond %{HTTP_HOST} ^sample\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.sample\.com$
RewriteRule ^/?$ "https\:\/\/sample\.com\/" [R=301,L]

    【讨论】:

      猜你喜欢
      • 2017-06-06
      • 2016-06-02
      • 2014-06-16
      • 1970-01-01
      • 1970-01-01
      • 2016-03-27
      • 1970-01-01
      • 2015-12-25
      • 1970-01-01
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode