모든 HTTP 및 HTTPS 요청을 단일 HTTPS URL로 리디렉션

Question

사용자는 모든 HTTP 및 HTTPS 요청을 단일 HTTPS URL로 리디렉션하므로 사용자는이 URL을 통해 애플리케이션에만 액세스 할 수 있습니다. HTTP 요청을 HTTPS로 리디렉션 할 수 있지만 두 번째 부분과 어려움을 겪고 있습니다.

지금까지, 내 ​​버추얼 호스트는 다음과 같다 :

<VirtualHost 10.201.100.81:80> 
    ServerName sdvlirp 
    ServerAlias sdvlirp.si.intra.net irp-dev 
    <IfModule rewrite_module> 
     RewriteEngine On 
     RewriteRule ^(.*)$ https://irp-dev.intra.net%{REQUEST_URI} [R=301] 
    </IfModule> 
</VirtualHost> 

<VirtualHost 10.201.100.81:443> 
    ServerName irp-dev.intra.net 
    ErrorLog "logs/https_irp-dev.intra.net-error_log" 
    CustomLog "logs/https_irp-dev.intra.net-access_log" common 

    SSLEngine On 
    SSLProtocol -ALL +TLSv1.1 +TLSv1.2 
    SSLHonorCipherOrder On 
    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK 
    SSLSessionCacheTimeout 300 
    SSLCompression Off 
    SSLCertificateFile "/applis/irpdev/certs/irp-dev.intra.net.pem" 
    SSLCertificateKeyFile "/applis/irpdev/certs/irp-dev.intra.net.key" 
    SSLCACertificateFile "/applis/irpdev/certs/cacerts.pem" 
    Header Set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;" 

    <Files ~ "\.(cgi|shtml|phtml|php3?)$"> 
     SSLOptions +StdEnvVars 
    </Files> 

    # SSL Protocol Adjustments: 
    # The safe and default but still SSL/TLS standard compliant shutdown 
    # approach is that mod_ssl sends the close notify alert but doesn't wait for 
    # the close notify alert from client. When you need a different shutdown 
    # approach you can use one of the following variables: 
    # o ssl-unclean-shutdown: 
    # This forces an unclean shutdown when the connection is closed, i.e. no 
    # SSL close notify alert is send or allowed to received. This violates 
    # the SSL/TLS standard but is needed for some brain-dead browsers. Use 
    # this when you receive I/O errors because of the standard approach where 
    # mod_ssl sends the close notify alert. 
    # o ssl-accurate-shutdown: 
    # This forces an accurate shutdown when the connection is closed, i.e. a 
    # SSL close notify alert is send and mod_ssl waits for the close notify 
    # alert of the client. This is 100% SSL/TLS standard compliant, but in 
    # practice often causes hanging connections with brain-dead browsers. Use 
    # this only for browsers where you know that their SSL implementation 
    # works correctly. 
    # Notice: Most problems of broken clients are also related to the HTTP 
    # keep-alive facility, so you usually additionally want to disable 
    # keep-alive for those clients, too. Use variable "nokeepalive" for this. 
    # Similarly, one has to force some clients to use HTTP/1.0 to workaround 
    # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and 
    # "force-response-1.0" for this. 
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 

    # Per-Server Logging: 
    # The home of a custom SSL log file. Use this when you want a 
    # compact non-error SSL logfile on a virtual host basis. 
    CustomLog "logs/ssl_request_log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" 
</VirtualHost> 

당신이 그것을 어떻게 할 것인가?

미리 도움을 주셔서 감사합니다.

Answer 1

모든 트래픽을 단일 URL로 리디렉션하면 웹 사이트를 탐색 할 수 없으며이 URL 만 탐색 할 수 있으므로 필요하지는 않은지 확인하십시오.

포트 80의 VirtualHost는 괜찮지 만 RewriteRule이 하나의 단일 URL로 리디렉션하지 않지만 각각 하나의 http URL을 해당 https에 리디렉션합니다. 포트 443의 VirtualHost에는 다시 쓰기 블록이 없습니다. https를 https로 리디렉션하도록하려는 경우 추가해야 할 사항입니다.