how in htaccess can i redirect the user to https from http and back again

2018-06-10 13:22:12

I'm trying to get a login page to redirect to https and all other pages revert to standard http. When I have /login as the address, it shows up as /index.php?page=login and isn't displayed on a secure page.

The htaccess code in question is below :

RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} ^/login$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L]

RewriteCond %{REQUEST_URI} !^/login$
RewriteCond %{SERVER_PORT} 443 
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L]

RewriteRule ^([a-zA-Z0-9_-()]+)[/]?$ /index.php?page=$1

It's probably better to do this at the application level, that is, send the "login" link as an HTTPS link directly.

The problem with redirects from HTTP to HTTPS is that the client first makes the request over plain HTTP. In the case where it's only going to the HTTPS initial page, it's not necessarily a problem, but if you send the credentials in an HTTP request that's transparently redirected to an HTTPS page, they'll have been leaked anyway.

链接地址: http://www.djcxy.com/p/31170.html

上一篇: 如果调用者未使用HTTPS，如何防止访问PHP文件？

下一篇: 如何在htaccess中，我可以将用户重定向到http，然后再从http返回