将所有 HTTP 和 HTTPS 请求重定向到单个 HTTPS URL

Posted 2023-02-25

【中文标题】将所有 HTTP 和 HTTPS 请求重定向到单个 HTTPS URL

【英文标题】：Redirect all HTTP and HTTPS request to a single HTTPS URL

【发布时间】：2018-05-05 00:12:28

【问题描述】：

我想，因此用户只能通过此 URL 访问应用程序。 将 HTTP 请求重定向到 HTTPS 可以正常工作，但我正在努力处理第二部分。

到目前为止，我的虚拟主机看起来像这样：

<VirtualHost 10.201.100.81:80>
    ServerName sdvlirp
    ServerAlias sdvlirp.si.intra.net irp-dev
    <IfModule rewrite_module>
        RewriteEngine On
        RewriteRule ^(.*)$ https://irp-dev.intra.net%REQUEST_URI [R=301]
   </IfModule>
</VirtualHost>

<VirtualHost 10.201.100.81:443>
    ServerName irp-dev.intra.net
    ErrorLog "logs/https_irp-dev.intra.net-error_log"
    CustomLog "logs/https_irp-dev.intra.net-access_log" common

    SSLEngine On
    SSLProtocol -ALL +TLSv1.1 +TLSv1.2
    SSLHonorCipherOrder On
    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
    SSLSessionCacheTimeout 300
    SSLCompression Off
    SSLCertificateFile "/applis/irpdev/certs/irp-dev.intra.net.pem"
    SSLCertificateKeyFile "/applis/irpdev/certs/irp-dev.intra.net.key"
    SSLCACertificateFile "/applis/irpdev/certs/cacerts.pem"
    Header Set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;"

    <Files ~ "\.(cgi|shtml|phtml|php3?)$">
        SSLOptions +StdEnvVars
    </Files>

    # SSL Protocol Adjustments:
    # The safe and default but still SSL/TLS standard compliant shutdown
    # approach is that mod_ssl sends the close notify alert but doesn't wait for
    # the close notify alert from client. When you need a different shutdown
    # approach you can use one of the following variables:
    # o ssl-unclean-shutdown:
    #   This forces an unclean shutdown when the connection is closed, i.e. no
    #   SSL close notify alert is send or allowed to received. This violates
    #   the SSL/TLS standard but is needed for some brain-dead browsers. Use
    #   this when you receive I/O errors because of the standard approach where
    #   mod_ssl sends the close notify alert.
    # o ssl-accurate-shutdown:
    #   This forces an accurate shutdown when the connection is closed, i.e. a
    #   SSL close notify alert is send and mod_ssl waits for the close notify
    #   alert of the client. This is 100% SSL/TLS standard compliant, but in
    #   practice often causes hanging connections with brain-dead browsers. Use
    #   this only for browsers where you know that their SSL implementation
    #   works correctly.
    # Notice: Most problems of broken clients are also related to the HTTP
    # keep-alive facility, so you usually additionally want to disable
    # keep-alive for those clients, too. Use variable "nokeepalive" for this.
    # Similarly, one has to force some clients to use HTTP/1.0 to workaround
    # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
    # "force-response-1.0" for this.
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

    # Per-Server Logging:
    # The home of a custom SSL log file. Use this when you want a
    # compact non-error SSL logfile on a virtual host basis.
    CustomLog "logs/ssl_request_log" "%t %h %SSL_PROTOCOLx %SSL_CIPHERx \"%r\" %b"
</VirtualHost>

你会怎么做？

提前感谢您的帮助。

【参考方案1】：

您的需求不清楚，因为如果您将所有流量重定向到一个 URL，这意味着您无法浏览该网站，而只能浏览该 URL。

您在端口 80 上的 VirtualHost 没问题，但 RewriteRule 不会重定向到一个 URL，而是分别将一个 http URL 重定向到其等效的 https。 端口 443 上的 VirtualHost 没有任何重写块。如果您还想将 https 重定向到 https，这就是您需要添加的内容。