删除index.php并强制使用HTTP/HTTPS 我读过很多关于人们试图对某些视图强制使用HTTPS并为其他视图返回HTTP的帖子。我也为此苦苦挣扎了一段时间,但我认为这个解决方案非常可靠。第一个
删除index.php并强制使用HTTP/HTTPS
我读过很多关于人们试图对某些视图强制使用 HTTPS 而对其他视图返回 HTTP 的帖子。我也为此苦苦挣扎了一段时间,但我认为这个解决方案非常可靠。
首先,让你的 base_url 在 http 和 https 之间自动调整让一切变得更加容易。这样您的所有 base_url() 和 site_url() 调用都具有正确的协议。
<code><span><span>$config[</span><span>'base_url'</span><span>] </span><span>= </span><span>"http"</span><span>.((isset(</span><span>$_SERVER[</span><span>'HTTPS'</span><span>]</span><span>) && </span><span>$_SERVER[</span><span>'HTTPS'</span><span>] </span><span>== </span><span>"on"</span><span>) ? </span><span>"s" </span><span>: </span><span>""</span><span>).</span><span>"://"</span><span>.</span><span>$_SERVER[</span><span>'HTTP_HOST'</span><span>]</span><span>.</span><span>str_replace</span><span>(</span><span>basename</span><span>(</span><span>$_SERVER[</span><span>'SCRIPT_NAME'</span><span>]</span><span>),</span><span>""</span><span>,</span><span>$_SERVER[</span><span>'SCRIPT_NAME'</span><span>]</span><span>); </span></span>
<span><span><</span><span>IfModule mod_rewrite</span><span>.</span><span>c</span><span>><br>
</span><span>RewriteEngine on<br>
Options </span><span>+</span><span>FollowSymLinks<br>
RewriteBase </span><span>/<br>
<br>
</span><span>RewriteCond </span><span>%</span><span>{REQUEST_FILENAME} </span><span>!-</span><span>f<br>
RewriteCond </span><span>%</span><span>{REQUEST_FILENAME} </span><span>!-</span><span>d<br>
RewriteRule </span><span>^(.*)$ </span><span>index</span><span>.</span><span>php</span><span>/$</span><span>1<br>
</span><span></</span><span>IfModule</span><span>><br>
<br>
<</span><span>IfModule </span><span>!</span><span>mod_rewrite</span><span>.</span><span>c</span><span>><br>
</span><span>ErrorDocument 404 </span><span>/</span><span>index</span><span>.</span><span>php<br>
</span><span></</span><span>IfModule</span><span>> </span></span>]
=
"http"<span><span>RewriteCond </span><span>%</span><span>{HTTPS} off<br>
RewriteCond </span><span>%</span><span>{HTTPS} on </span></span>
<span><span>RewriteCond </span><span>%</span><span>{HTTPS} off<br>
RewriteRule </span><span>^(.*)$ </span><span>https</span><span>:</span><span>//%{SERVER_NAME}%{REQUEST_URI} [R=301] </span></span>'HTTPS'
]
) && <span><span>RewriteCond </span><span>%</span><span>{HTTPS} off<br>
RewriteCond </span><span>%</span><span>{REQUEST_URI} </span><span>(</span><span>auth</span><span>|</span><span>register</span><span>|</span><span>secure</span><span>)<br>
</span><span>RewriteRule </span><span>^(.*)$ </span><span>https</span><span>:</span><span>//%{SERVER_NAME}%{REQUEST_URI} [R=301] </span></span>
'HTTPS'
<span><span>RewriteCond </span><span>%</span><span>{HTTPS} on<br>
RewriteRule </span><span>^(.*)$ </span><span>http</span><span>:</span><span>//%{SERVER_NAME}%{REQUEST_URI} [R=301] </span></span>]
==
“开启”) ? “s” : "")。"://"。$_SERVER[ 'HTTP_HOST'].str_replace(基本名称($_SERVER['SCRIPT_NAME']),"",$_SERVER['SCRIPT_NAME']); 从通常的 htaccess 文件开始:
IfModule mod_rewrite.c><br>
RewriteEngine 开启<br>
选项 +FollowSymLinks<br>
RewriteBase /<br>
<br>
RewriteCond %{REQUEST_FILENAME} !-f<br>
RewriteCond %{REQUEST_FILENAME} !-d<br>
RewriteRule ^(.*)$ 索引.php/$1
IfModule><br>
<br>
IfModule !mod_rewrite.c><br>
错误文档 404 /索引.php<br>
</<🎜><🎜>IfModule<🎜><🎜>>
然后您可以使用以下命令检查 HTTPS 是否已打开:
RewriteCond %{HTTPS} 关闭<br>
RewriteCond %{HTTPS},位于
例如,要在所有页面上强制使用 HTTPS,您可以使用以下命令:
RewriteCond %{HTTPS} 关闭<br>
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301]
在某些页面上强制使用 HTTPS:
RewriteCond %{HTTPS} 关闭<br>
RewriteCond %{REQUEST_URI} (身份验证|注册|安全)<br>
重写规则 ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [ R=301]
返回 HTTP:
RewriteCond %{HTTPS} 上<br>
RewriteRule ^(.*)$ http://%{SERVER_NAME}%{REQUEST_URI} [R=301]
要在所有其他页面上返回 HTTP,您需要为安全页面添加例外:
<span><span>RewriteCond </span><span>%</span><span>{HTTPS} off<br>
RewriteCond </span><span>%</span><span>{REQUEST_URI} </span><span>(</span><span>auth</span><span>|</span><span>register</span><span>|</span><span>secure</span><span>)<br>
</span><span>RewriteRule </span><span>^(.*)$ </span><span>https</span><span>:</span><span>//%{SERVER_NAME}%{REQUEST_URI} [R=301]<br>
<br>
</span><span>RewriteCond </span><span>%</span><span>{HTTPS} on<br>
RewriteCond </span><span>%</span><span>{REQUEST_URI} </span><span>!(</span><span>auth</span><span>|</span><span>register</span><span>|</span><span>secure</span><span>)<br>
</span><span>RewriteRule </span><span>^(.*)$ </span><span>http</span><span>:</span><span>//%{SERVER_NAME}%{REQUEST_URI} [R=301] </span></span>
为了避免部分加密的页面,您需要为您可能使用的任何其他 URI(例如图像或脚本文件夹)添加例外。我喜欢将所有内容放在名为“static”的文件夹中 (‘static/images’、‘static/js’等)所以我只添加一个例外。
<span><span>RewriteCond </span><span>%</span><span>{REQUEST_URI} </span><span>!(static|</span><span>auth</span><span>|</span><span>register</span><span>|</span><span>secure</span><span>) </span></span>
成品:
<span><span><</span><span>IfModule mod_rewrite</span><span>.</span><span>c</span><span>><br>
</span><span>RewriteEngine on<br>
Options </span><span>+</span><span>FollowSymLinks<br>
RewriteBase </span><span>/<br>
<br>
</span><span>RewriteCond </span><span>%</span><span>{REQUEST_FILENAME} </span><span>!-</span><span>f<br>
RewriteCond </span><span>%</span><span>{REQUEST_FILENAME} </span><span>!-</span><span>d<br>
RewriteRule </span><span>^(.*)$ </span><span>index</span><span>.</span><span>php</span><span>/$</span><span>1<br>
<br>
RewriteCond </span><span>%</span><span>{HTTPS} off<br>
RewriteCond </span><span>%</span><span>{REQUEST_URI} </span><span>(</span><span>auth</span><span>|</span><span>register</span><span>|</span><span>secure</span><span>)<br>
</span><span>RewriteRule </span><span>^(.*)$ </span><span>https</span><span>:</span><span>//%{SERVER_NAME}%{REQUEST_URI} [R=301]<br>
<br>
</span><span>RewriteCond </span><span>%</span><span>{HTTPS} on<br>
RewriteCond </span><span>%</span><span>{REQUEST_URI} </span><span>!(static|</span><span>auth</span><span>|</span><span>register</span><span>|</span><span>secure</span><span>)<br>
</span><span>RewriteRule </span><span>^(.*)$ </span><span>http</span><span>:</span><span>//%{SERVER_NAME}%{REQUEST_URI} [R=301]<br>
</span><span></</span><span>IfModule</span><span>><br>
<br>
<</span><span>IfModule </span><span>!</span><span>mod_rewrite</span><span>.</span><span>c</span><span>><br>
</span><span>ErrorDocument 404 </span><span>/</span><span>index</span><span>.</span><span>php<br>
</span><span></</span><span>IfModule</span><span>> </span></span>
HTTPS 和 XmlHttpRequest(Ajax)
当您尝试在域之间加载内容时,XHR 调用不仅会引发安全错误,而且还会在 HTTP 和 HTTPS 之间加载内容。其次,apache 传递的标头允许浏览器自动 重定向,但 XmlHttpRequest 对象不重定向。
要解决此问题,您必须为计划从一种协议访问另一种协议的任何 URI 添加例外。
示例:
<code><span><span>RewriteCond </span><span>%</span><span>{REQUEST_URI} </span><span>!(static|</span><span>auth</span><span>|</span><span>register</span><span>|</span><span>secure</span><span>|</span><span>categories</span><span>/</span><span>get_list</span><span>|</span><span>products</span><span>/</span><span>get_types</span><span>)<br>
<br>
</span><span><?</span><span>=</span><span>site_url</span><span>(</span><span>'categories/get_list'</span><span>);</span><span>?> </span></span>
<span><span>$route[</span><span>'xhr/(:any)'</span><span>] </span><span>= </span><span>''</span><span>; </span></span>!(静态|
$route['xhr/(:any)'] = '$1'; 并将“xhr”添加到您的例外列表中;现在,您可以在应用程序中调用任何 URI,而无需更改协议,同时仍然允许浏览器使用另一个控制器查看该控制器 协议。
<span><span>RewriteCond </span><span>%</span><span>{REQUEST_URI} </span><span>!(static|</span><span>xhr</span><span>|</span><span>auth</span><span>|</span><span>register</span><span>|</span><span>secure</span><span>)<br>
<br>
</span><span><?</span><span>=</span><span>site_url</span><span>(</span><span>'xhr/categories/get_list'</span><span>);</span><span>?> </span></span>
希望这对您有所帮助!
菲尔
