使用的.htaccess将HTTP重定向到https时,会出现一些奇怪的网址401错误重定向、奇怪、错误、网址
确定,这里是unsuccessfull试图寻找一个答案,为什么会出现401错误的第7天...
OK, here is the 7th day of unsuccessfull attempt to find an answer why 401 error appears...
现在, htaccess的根文件夹中包含的只有3串(被简化),并有项目没有更多的.htaccess文件:
Now, .htaccess in the root folder contains the only 3 strings (was simplified) and there are NO more .htaccess files in the project:
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
所以,它重定向为HTTPS所有请求。它工作正常的任何网址,即使/管理目录。
So, it redirects all requests to be https. It works fine for any urls, even for /administration directory.
因此,
http://mydomain.com
变为
https://mydomain.com
如果 https://mydomain.com 输入了,没有重定向。
If https://mydomain.com was entered, there are no redirections.
http://mydomain.com/administration/index.php
变为
https://mydomain.com/administration/index.php
如果 https://mydomain.com/administration/index.php 输入了,没有重定向。
If https://mydomain.com/administration/index.php was entered, there are no redirections.
这是明确的,这个问题在下面。
That's clear, and the problem is below.
我想/管理目录进行密码保护。我的共享主机控制面板可保护目录没有的.htaccess和htpasswd的手工制作(您选择保护,创建用户名和密码,和.htaccess目录和htpasswd的是自动创建的)。因此,出现的.htaccess在/管理文件夹。 htpasswd的出现在其他地方,以htpasswd的路径是正确的,一切看起来是正确的(它的工作原理相同的方式手动创建它)。因此,有项目2 .htaccess文件,一个在根目录中,一个在/管理目录(在目录中的.htaccess与htpasswd的知道它在哪里)。
I want /administration directory to be password protected. My Shared Hosting Control Panel allows to protect directories without manual creating of .htaccess and .htpasswd (you choose a directory to protect, create username and password, and .htaccess and .htpasswd are created automatically). So, .htaccess appears in the /administration folder. .htpasswd appears somewhere else, the path to .htpasswd is correct, and everything looks correct (it works the same way as to create it manually). So, there are 2 .htaccess files in the project, one in the root directory and one in the /administration directory (with .htpasswd at the directory .htaccess knows where it is).
在被创建的密码, 结果是:
Once the password is created, the results are:
您输入:
https://mydomain.com/administration/index.php
然后,它会要求输入密码。
如果你输入正确,
https://mydomain.com/administration/index.php 显示。
结果:完美的作品
Then it asks to enter a password.
If you enter it correctly,
https://mydomain.com/administration/index.php is displayed.
The result: works perfect.
但是,如果你输入
http://mydomain.com/administration/index.php (是的,HTTP,没有S)
然后,代替重定向到相同的,但HTTPS页面,
它重定向到
But, if you enter
http://mydomain.com/administration/index.php (yes, http, without S)
then instead of redirecting to the same,but https page,
it redirects to
https://mydomain.com/401.shtml (starts with httpS)
由不明原因,甚至不要求输入密码。 为什么?
我已经联系了一个客户支持对于这个问题,他们肯定问题出在.htaccess文件,他们不解决.htaccess文件(这是明确的,他们不这样做,我不介意)。
I've contacted a customer support regarding this question and they are sure the problem is in .htaccess file, and they do not fix .htaccess files (that's clear, they do not, I don't mind).
为什么会出现这种情况? 难道我忘了把一些标志,或一些选项来更改.htaccess文件默认设置?
Why does this happen? Did I forget to put some flags, or some options to change default settings in the .htaccess file?
PSCreating的.htaccess和手动htpasswd的(而不是从主机控制面板)的文件夹/管理导致相同的401错误的情况下,如果没有HTTPS,但是HTTP输入。
P.S.Creating .htaccess and .htpasswd manually (not from hosting Control Panel) for the folder /administration causes the same 401 error in case if not https, but http was entered.
和出现的问题,网址/管理目录而已。
And the problem appears with URLs to /administration directory only.
感谢你。
推荐答案
尝试而不是使用此。不是L和R标志
Try using this instead. Not the L and R flag.
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
也很清楚你的浏览器缓存首先,删除旧的不正确的重定向。
Also clear your browsers cache first, to remove the old incorrect redirect.
如果不行尝试使用此。
RewriteCond %{HTTPS} !on
RewriteCond %{THE_REQUEST} ^(GET|HEAD) ([^ ]+)
RewriteRule ^ https://%{HTTP_HOST}%2 [L,R=301]
我觉得有点不好写它,因为它似乎有点hackish的在我看来。
I feel a bit bad about writing it, as it seems kind of hackish in my view.
修改 似乎是第二选择固定的问题。因此,这里是解释为什么它的工作原理。
EDIT Seems the 2nd option fixed the problem. So here is the explanation as to why it works.
认证模块重写模块之前执行。由于用户名和密码是不是在第一次请求页面发送的验证模块内部重写的请求URL到401页的URL。在此之后的mod_rewrite来和%{} THE_REQUEST现在包含 401.shtml 代替了原来的URL。因此,所产生的重定向包含401.shtml,而不是你想要的网址。
The authentication module is executed before the rewrite module. Because the username and password is not send when first requesting the page, the authentication module internally 'rewrites' the request url to the 401 page's url. After this mod_rewrite comes and %{THE_REQUEST} now contains 401.shtml instead of the original url. So the resulting redirect contains the 401.shtml, and not the url you want.
在到达原来的(而不是'改写')的网址,您需要从%{} THE_REQUEST提取它。 THE_REQUEST的形式为 [requestmethod] [URL] HTTP [的versionNumber] 。该提取的RewriteCond只是中间部分( [URL] )。
The get to the original (not 'rewritten') url, you need to extract it from %{THE_REQUEST}. THE_REQUEST is in the form [requestmethod] [url] HTTP[versionnumber]. The RewriteCond extracts just the middle part ([url]).
有关完整性我加了 [L,R = 301] 标记的第二个解决方案。
For completeness I added the [L,R=301] flags to the second solution.
