我有像www.example.com网站,我们有几个网页,应该打开与https通过.htaccess和网站的其余部分应打开http。打开几个网站的网站与https和网站的其他部分与http
下页应该是开放的HTTPS
1. www.example.com/site/orders/checkout
2. www.example.com/myaccountarea/checkoutlogin
我没有在.htaccess
RewriteEngine on
#this page has to be on https
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{HTTPS} !on
RewriteCond %{REQUEST_URI} ^/orders/checkout$ [NC]
RewriteRule ^(.*)$ https//www.example.com/$1 [L,R=301]
#this page has to be on https
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{HTTPS} !on
RewriteCond %{REQUEST_URI} ^/myaccountarea/checkoutlogin$ [NC]
RewriteRule ^(.*)$ https//www.example.com/$1 [L,R=301]
#all other pages have to be on http
RewriteCond %{SERVER_PORT} ^443$ [OR]
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/orders/checkout$ [NC]
RewriteCond %{REQUEST_URI} !^/myaccountarea/checkoutlogin$ [NC]
RewriteRule ^(.*)$ http//www.example.com/$1 [L,R=301]
下面的代码当我试图打开它"https//www.example.com/myaccountarea/checkoutlogin"
重定向我"http//www.example.com/index.php"
。
请建议我如何得到欲望的结果。
完整的.htaccess
SetEnv APPLICATION_ENV development
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{THE_REQUEST} /(orders/checkout|myaccount/checkoutlogin|orders/getshippingadds/shippingId|orders/getbillingadds/billingId|search/userstats)[\s/?] [NC]
RewriteRule^https//%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
these page has to be on http
RewriteCond %{HTTPS} on
RewriteCond %{THE_REQUEST} !/(orders/checkout|myaccount/checkoutlogin|orders/getshippingadds/shippingId|orders/getbillingadds/billingId|search/userstats)[\s/?] [NC]
RewriteRule^http//%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Now, rewrite any request to the wrong domain to use www.
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http//www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ index.php [NC,L]
<FilesMatch "\.(ico|pdf|jpg|jpeg|png|gif|html|htm|xml|txt|xsl)$">
Header set Cache-Control "max-age=31536050"
</FilesMatch>
# BEGINNING of DEFLATE instructions
AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/css application/javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
Header append Vary User-Agent
<IfModule mod_headers.c>
Header set Connection keep-alive
</IfModule>
感谢 Simarjeet
你可能并不真的想这样做。从为用户分配与任何敏感流程(如电子商务结算)关联的会话cookie开始,所有未来请求都应通过HTTPS进行。仅仅保护有问题的表格是不够的;会话cookie也是敏感信息。 – 2014-12-06 15:52:39