1. 首頁
  2. 問答
  3. 如何使用htaccess重寫保護子域上的SSL?

如何使用htaccess重寫保護子域上的SSL?

2014-09-19 102 views
0 
RewriteEngine On 
RewriteCond %{HTTP_HOST} !^(piwik|www)\.domain\.com$ [NC] 
RewriteRule ^(.*)$ http://www.domain.com/$1 [L,R=301]

我想在domain.com的根目錄上強制「www」。使用上面的方法,我可以不安全地訪問piwik.domain.com(http://),但不能通過SSL。當我嘗試訪問https://piwik.domain.com時,我被重定向到https://www.domain.com如何使用htaccess重寫保護子域上的SSL?

SSL證書安裝到* .domain.com

編輯:子域配置

  • * .domain.com - >的public_html
  • piwik.domain.com - >的public_html /子/ piwik

編輯:htaccess的的全部內容

suphp_configpath /home/moninsha/public_html 

###Redirect non-www urls to it's exact match www URL 
<IfModule mod_rewrite.c> 
RewriteEngine On 
RewriteCond %{HTTP_HOST} !^(piwik|www)\.moninstore\.com$ [NC] 
RewriteRule ^(.*)$ http://www.moninstore.com/$1 [L,R=301] 
</IfModule> 

############################################ 
## uncomment these lines for CGI mode 
## make sure to specify the correct cgi php binary file name 
## it might be /cgi-bin/php-cgi 

# Action php5-cgi /cgi-bin/php5-cgi 
# AddHandler php5-cgi .php 

############################################ 
## GoDaddy specific options 

# Options -MultiViews 

## you might also need to add this line to php.ini 
##  cgi.fix_pathinfo = 1 
## if it still doesn't work, rename php.ini to php5.ini 

############################################ 
## this line is specific for 1and1 hosting 

    #AddType x-mapp-php5 .php 
    #AddHandler x-mapp-php5 .php 

############################################ 
## default index file 

    DirectoryIndex index.php 

<IfModule mod_php5.c> 

############################################ 
## adjust memory limit 

# php_value memory_limit 64M 
    php_value memory_limit 256M 
    php_value max_execution_time 18000 

############################################ 
## disable magic quotes for php request vars 

    php_flag magic_quotes_gpc off 

############################################ 
## disable automatic session start 
## before autoload was initialized 

    php_flag session.auto_start off 

############################################ 
## enable resulting html compression 

    #php_flag zlib.output_compression on 

########################################### 
# disable user agent verification to not break multiple image upload 

    php_flag suhosin.session.cryptua off 

########################################### 
# turn off compatibility with PHP4 when dealing with objects 

    php_flag zend.ze1_compatibility_mode Off 

</IfModule> 

<IfModule mod_security.c> 
########################################### 
# disable POST processing to not break multiple image upload 

    SecFilterEngine Off 
    SecFilterScanPOST Off 
</IfModule> 

<IfModule mod_deflate.c> 

############################################ 
## enable apache served files compression 
## http://developer.yahoo.com/performance/rules.html#gzip 

    # Insert filter on all content 
    SetOutputFilter DEFLATE 
    # Insert filter on selected content types only 
    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript 

    # Netscape 4.x has some problems... 
    BrowserMatch ^Mozilla/4 gzip-only-text/html 

    # Netscape 4.06-4.08 have some more problems 
    BrowserMatch ^Mozilla/4\.0[678] no-gzip 

    # MSIE masquerades as Netscape, but it is fine 
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html 

    # Don't compress images 
    #SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary 

    # Make sure proxies don't deliver the wrong content 
    Header append Vary User-Agent env=!dont-vary 

</IfModule> 

<IfModule mod_ssl.c> 

############################################ 
## make HTTPS env vars available for CGI mode 

    SSLOptions StdEnvVars 

</IfModule> 

<IfModule mod_rewrite.c> 

############################################ 
## enable rewrites 

    Options +FollowSymLinks 
    RewriteEngine on 
############################################ 
## you can put here your magento root folder 
## path relative to web root 

    #RewriteBase /magento/ 

############################################ 
## uncomment next line to enable light API calls processing 

# RewriteRule ^api/([a-z][0-9a-z_]+)/?$ api.php?type=$1 [QSA,L] 

############################################ 
## rewrite API2 calls to api.php (by now it is REST only) 

    RewriteRule ^api/rest api.php?type=rest [QSA,L] 

############################################ 
## workaround for HTTP authorization 
## in CGI environment 

    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] 

############################################ 
## TRACE and TRACK HTTP methods disabled to prevent XSS attacks 

    RewriteCond %{REQUEST_METHOD} ^TRAC[EK] 
    RewriteRule .* - [L,R=405] 

############################################ 
## redirect for mobile user agents 

    #RewriteCond %{REQUEST_URI} !^/mobiledirectoryhere/.*$ 
    #RewriteCond %{HTTP_USER_AGENT} "android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile" [NC] 
    #RewriteRule ^(.*)$ /mobiledirectoryhere/ [L,R=302] 

############################################ 
## always send 404 on missing files in these folders 

    RewriteCond %{REQUEST_URI} !^/(media|skin|js)/ 

############################################ 
## never rewrite for existing files, directories and links 

    RewriteCond %{REQUEST_FILENAME} !-f 
    RewriteCond %{REQUEST_FILENAME} !-d 
    RewriteCond %{REQUEST_FILENAME} !-l 

############################################ 
## rewrite everything else to index.php 

    RewriteRule .* index.php [L] 

</IfModule> 


############################################ 
## Prevent character encoding issues from server overrides 
## If you still have problems, use the second line instead 

    AddDefaultCharset Off 
    #AddDefaultCharset UTF-8 

<IfModule mod_expires.c> 

############################################ 
## Add default Expires header 
## http://developer.yahoo.com/performance/rules.html#expires 
    ExpiresActive On 
    ExpiresDefault "modification plus 2 weeks" 
</IfModule> 

############################################ 
## By default allow all access 

    Order allow,deny 
    Allow from all 

########################################### 
## Deny access to release notes to prevent disclosure of the installed Magento version 

    <Files RELEASE_NOTES.txt> 
     order allow,deny 
     deny from all 
    </Files> 

############################################ 
## If running in cluster environment, uncomment this 
## http://developer.yahoo.com/performance/rules.html#etags 

    #FileETag none

來源

2014-09-19 TylersSN

+0

顯示你的規則,重定向'http - > https' – anubhava 2014-09-19 19:06:49

+0

@anubhava,我已經添加了我的htaccess文件和子域設置。控制重定向的唯一其他事情是domain.conm上的magento商店中的PHP。不安全的URL設置爲http://www.domain.com和安全的URL設置爲https://www.domain.com – TylersSN 2014-09-19 19:17:01

+0

好的我不知道magento也在那裏。我相信,magento需要一些URL配置,比如'magento preferences'中的https或http。 – anubhava 2014-09-19 19:25:17

回答

1

看起來,默認情況下,HTTPS協議將默認爲一個域。如果你有任何想要映射通配符SSL證書的子域名,你需要使用.htaccess重寫,如下所示:

因爲,對於我來說,domain.com映射到〜/ public_html /並且假設piwik.domain.com被映射到〜/的public_html /子/ piwik /你會使用以下方法:

RewriteEngine On 
RewriteCond %{REQUEST_URI} !^/subdomain/piwik/ 
RewriteCond %{HTTPS} =on 
RewriteCond %{HTTP_HOST} ^piwik.domain.com 
RewriteRule ^(.*)$ /subdomain/piwik/$1 [NC,L,NS]

然後,只需明確本地瀏覽器的緩存。

來源

2014-09-22 14:50:57 TylersSN

相關問題

 相關問題