Article Directory
httpd redirection
First, redirection
1.1 format:
Redirect [status] URL-path URL
2.2 Parameters
status status:
- Permanent: Returns the status code 301 permanent redirection
- Temp: returns temporary redirect status code 302. This is the default value
2.3 Example:
When accessing http://www.a.com Jump to https://www.a.com
Environment: Achieving visit the https (see a)
2.3.1 Method One
By way of the virtual host
<virtualhost *:80>
documentroot /data/asite
servername www.a.com
<Directory "/data/asite">
Require all granted
</Directory>
redirect temp / https://www.a.com
</virtualhost>
test:
[root@node1 ~]# curl -I www.a.com
HTTP/1.1 302 Found
Date: Sat, 22 Feb 2020 18:32:57 GMT
Server: Apache
Location: https://www.a.com
Content-Type: text/html; charset=iso-8859-1
[root@node1 ~]# curl -Lk www.a.com
a aa
2.3.2 does not use virtual host mode
conf
DocumentRoot "/var/www/html"
redirect temp / https://www.a.com
Tested and found incorrect report
[root@node1 ~]# curl www.a.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://www.a.com">here</a>.</p>
</body></html>
[root@node1 ~]# curl -Lk www.a.com
curl: (47) Maximum (50) redirects followed
Do not redirect, to put it differently, you can solve
DocumentRoot "/var/www/html"
RewriteEngine on
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=302]
test
[root@node1 ~]# curl -I www.a.com
HTTP/1.1 302 Found
Date: Sat, 22 Feb 2020 18:56:55 GMT
Server: Apache
Location: https://www.a.com/
Content-Type: text/html; charset=iso-8859-1
[root@node1 ~]# curl -Lk www.a.com
a aa
Two, HSTS:
HTTP Strict Transport Security
After the server configuration supports HSTS, will carry HSTS header field in the HTTP browser to return. The browser to get the information, will be accessible to all HTTP requests made within 307 Jump to HTTPS. Without any network process
HSTS role:
Redirection can be avoided because the process was hijacked
Disadvantages: can not be avoided for the first time during the hijack request. So with HSTS preload list
HSTS preload list
Chrome is a browser HSTS preloaded list of sites in the list, when accessed using Chrome browser will be automatically converted to HTTPS. Firefox, Safari, Edge browser also uses this list
Implement HSTS example:
conf
vim /etc/httpd/conf/httpd.conf
Header always set Strict-Transport-Security "max-age=31536000" RewriteEngine on
RewriteEngine on
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=302]
verification
[root@node1 ~]# curl -I www.a.com
HTTP/1.1 302 Found
Date: Sat, 22 Feb 2020 19:32:47 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Location: https://www.a.com/
Content-Type: text/html; charset=iso-8859-1