如何使用 .htaccess 在除一个目录 /images 之外的所有 URL 上强制使用 HTTPS?
How to force HTTPS on all URL's except one directory /images using .htaccess?
我正在使用 WordPress,我们有一个不是 WordPress 目录 /images 的目录,我们需要这个目录是 HTTP,只有其他所有内容都应该强制为 HTTPS。
在 WordPress 设置中,我们将域设置为 HTTP
在 .htaccess 文件中我们有以下内容。
我似乎无法让它工作。如果对任何人有帮助,我们的主人就是云
# This file was updated by Duplicator on 2018-09-10 16:52:27. See .htaccess.orig for the original .htaccess file.
# Please note that other plugins and resources write to this file. If the time-stamp above is different
# than the current time-stamp on the file system then another resource has updated this file.
# Duplicator only writes to this file once during the install process while running the installer.php file.
#RewriteEngine On
#RewriteCond %{HTTP:X-Forwarded-SSL} !on
#RewriteCond %{REQUEST_URI} ^\/(images)
#RewriteRule (.*) https://%{HTTP_HOST}/ [L,R=301]
#RewriteCond %{HTTP:X-Forwarded-SSL} =on
#RewriteCond %{REQUEST_URI} !^\/(images)
#RewriteRule (.*) http://%{HTTP_HOST}/ [L,R=301]
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
# BEGIN WordPress
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# MalCare WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
# END MalCare WAF
In the wordpress settings we have the domain set to http
如果您想在除“WordPress 之外”的一个目录之外的所有地方强制使用 HTTPS,则 WP 仪表板中的“WordPress 地址”和“站点地址”都应设置为 HTTPS,而不是 HTTP .
#RewriteCond %{HTTP:X-Forwarded-SSL} !on
#RewriteCond %{REQUEST_URI} ^\/(images)
#RewriteRule (.*) https://%{HTTP_HOST}/ [L,R=301]
#RewriteCond %{HTTP:X-Forwarded-SSL} =on
#RewriteCond %{REQUEST_URI} !^\/(images)
#RewriteRule (.*) http://%{HTTP_HOST}/ [L,R=301]
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
在根 .htaccess 文件中,您可以重定向到 HTTPS 任何地方 ,但如果 /images/ 目录(第一个应保留为请求 HTTP)。
例如:
# Prevent further processing if the "/images" directory is requested
RewriteRule ^images($|/) - [L]
# Redirect everything else to HTTPS
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# BEGIN WordPress
:
不需要重复 RewriteEngine On 指令,因为这已经出现在文件的后面(在 WP 部分)。
确保在测试前清除浏览器缓存并使用 302(临时)重定向进行测试以避免缓存问题。
这假定 SSL 证书已安装在您的应用程序服务器上,并且您没有使用可能正在管理 SSL 连接的 proxy/CDN/load 平衡器。
更新: 由于上述仍然导致重定向循环,因此您可能在某种代理服务器后面(CloudWays - 您的网络主机 - 或者 Cloudflare)即管理 SSL 连接。对于第二条规则(从 HTTP 到 HTTPS 的重定向),尝试以下代替:
# Redirect everything else to HTTPS
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
我正在使用 WordPress,我们有一个不是 WordPress 目录 /images 的目录,我们需要这个目录是 HTTP,只有其他所有内容都应该强制为 HTTPS。
在 WordPress 设置中,我们将域设置为 HTTP
在 .htaccess 文件中我们有以下内容。
我似乎无法让它工作。如果对任何人有帮助,我们的主人就是云
# This file was updated by Duplicator on 2018-09-10 16:52:27. See .htaccess.orig for the original .htaccess file.
# Please note that other plugins and resources write to this file. If the time-stamp above is different
# than the current time-stamp on the file system then another resource has updated this file.
# Duplicator only writes to this file once during the install process while running the installer.php file.
#RewriteEngine On
#RewriteCond %{HTTP:X-Forwarded-SSL} !on
#RewriteCond %{REQUEST_URI} ^\/(images)
#RewriteRule (.*) https://%{HTTP_HOST}/ [L,R=301]
#RewriteCond %{HTTP:X-Forwarded-SSL} =on
#RewriteCond %{REQUEST_URI} !^\/(images)
#RewriteRule (.*) http://%{HTTP_HOST}/ [L,R=301]
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
# BEGIN WordPress
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# MalCare WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
# END MalCare WAF
In the wordpress settings we have the domain set to http
如果您想在除“WordPress 之外”的一个目录之外的所有地方强制使用 HTTPS,则 WP 仪表板中的“WordPress 地址”和“站点地址”都应设置为 HTTPS,而不是 HTTP .
#RewriteCond %{HTTP:X-Forwarded-SSL} !on #RewriteCond %{REQUEST_URI} ^\/(images) #RewriteRule (.*) https://%{HTTP_HOST}/ [L,R=301] #RewriteCond %{HTTP:X-Forwarded-SSL} =on #RewriteCond %{REQUEST_URI} !^\/(images) #RewriteRule (.*) http://%{HTTP_HOST}/ [L,R=301] RewriteEngine On RewriteCond %{HTTPS} on RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
在根 .htaccess 文件中,您可以重定向到 HTTPS 任何地方 ,但如果 /images/ 目录(第一个应保留为请求 HTTP)。
例如:
# Prevent further processing if the "/images" directory is requested
RewriteRule ^images($|/) - [L]
# Redirect everything else to HTTPS
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# BEGIN WordPress
:
不需要重复 RewriteEngine On 指令,因为这已经出现在文件的后面(在 WP 部分)。
确保在测试前清除浏览器缓存并使用 302(临时)重定向进行测试以避免缓存问题。
这假定 SSL 证书已安装在您的应用程序服务器上,并且您没有使用可能正在管理 SSL 连接的 proxy/CDN/load 平衡器。
更新: 由于上述仍然导致重定向循环,因此您可能在某种代理服务器后面(CloudWays - 您的网络主机 - 或者 Cloudflare)即管理 SSL 连接。对于第二条规则(从 HTTP 到 HTTPS 的重定向),尝试以下代替:
# Redirect everything else to HTTPS
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]