0

我想通过 HSTS Preload 的所有测试。

我目前有 2 个错误,我需要解决:

第一的:

`http://example.com` (HTTP) should immediately redirect to
`https://example.com` (HTTPS) before adding the www subdomain. 
Right now, the first redirect is to `https://www.example.com/`.

我的 htaccess 看起来像这样:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^example.com$ [NC]
RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/ [R=302,L]

第二:

Response error: No HSTS header is present on the response.

我的 htaccess 看起来像这样:

<ifModule mod_headers.c>
    Header add Strict-Transport-Security "max-age=84600; includeSubDomains"
</IfModule>

我缺少什么以及如何通过测试?

我使用这个测试站点;https://hstspreload.appspot.com/

4

2 回答 2

2

这是正确的:

RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

<ifModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"   
</ifModule>
于 2016-08-20T15:28:22.767 回答
0

你可以试试这个以通过测试。

RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L,E=HTTPS:1]
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS
于 2019-05-09T16:52:04.337 回答