duanan1228 2014-07-08 21:58
浏览 31
已采纳

禁止来自.htaccess文件的HTTPS流量

I've got a client site hosted on PagodaBox (Laravel 4) and it is serving https request with a certificate warning. The client's internal applications expect any https traffic to fail on the web host and follow through to their internal gateway.

Is it possible to disallow all HTTPS request from within an htaccess file? Redirecting will not work in this case. We cannot modify the httpd.conf so it looks like .htaccess is the only option.

So far, I've tried this and the site will still accept HTTPS request:

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTPS} off
  • 写回答

2条回答 默认 最新

  • donglou1866 2014-07-08 22:05
    关注

    This will never work. The SSL connection has to be established FIRST, before the HTTP layer is ever processed. That means your users will STILL get a certificate warning, and then get redirected.

    In real world terms, you've got a box giftwrapped with razor wire. They have to get through the razor wire (your cert warnings) so they can see that box contains a note saying "present is under bed".

    Your rewrite is basically saying "If https is off, then do nothing". You have no RewriteRule, which is where the actual rewriting occurs. And since on an SSL-enabled site HTTPS would never be off, the RewriteCond would never match to start with.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 在若依框架下实现人脸识别
  • ¥15 网络科学导论,网络控制
  • ¥100 安卓tv程序连接SQLSERVER2008问题
  • ¥15 利用Sentinel-2和Landsat8做一个水库的长时序NDVI的对比,为什么Snetinel-2计算的结果最小值特别小,而Lansat8就很平均
  • ¥15 metadata提取的PDF元数据,如何转换为一个Excel
  • ¥15 关于arduino编程toCharArray()函数的使用
  • ¥100 vc++混合CEF采用CLR方式编译报错
  • ¥15 coze 的插件输入飞书多维表格 app_token 后一直显示错误,如何解决?
  • ¥15 vite+vue3+plyr播放本地public文件夹下视频无法加载
  • ¥15 c#逐行读取txt文本,但是每一行里面数据之间空格数量不同