htaccess剥离www并强制SSL
我拥有一个精心设计的.htaccess文件:
I have what I believe to be a rather well crafted .htaccess file:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L,NE]
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
这对我说将www.剥离到URL并强制使用https".除了碰巧输入 https://www.somedomain.com/的人之外,它都可以正常工作.向这些人显示警告,表明站点证书有问题.在这种情况下,似乎www不会被剥夺.
This says to me "strip the www. off the url and force https." And it works fine except for those people who happen to type in https://www.somedomain.com/. Those people are presented with a warning that there is a problem with the site certificate. It seems that the www is not getting stripped in this particular case.
您实际上可以将两个规则组合为一个:
You can actually combine both rules into one:
RewriteCond %{HTTP_HOST} ^www\. [NC,OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=302,L,NE]
然后确保清除浏览器缓存以进行测试.
Then make sure to clear your browser cache to test this.
不过,请记住,在调用mod_rewrite之前,Web服务器和浏览器之间的证书协商已经发生.
However just remember that certificate negotiation between web server and browser happens before mod_rewrite is invoked.