大佬教程收集整理的这篇文章主要介绍了php – 虽然存在规则而未发送HSTS标头且已启用mod_headers,大佬教程大佬觉得挺不错的,现在分享给大家,也给大家做个参考。
<IfModule mod_headers.c> Header set Strict-Transport-Security "max-age=10886400; includeSubDomains" </IfModule>
但是服务器不在响应中包含标头.以下是来自httpS的curl:
> GET / http/1.1 > Host: www.cryPTOPp.com > User-Agent: curl/7.51.0 > Accept: */* > < http/1.1 200 OK < Date: Sat,05 Nov 2016 22:49:25 GMT < Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips < Last-Modified: Wed,02 Nov 2016 01:27:08 GMT < ETag: "8988-5404756e12afc" < Accept-Ranges: bytes < Content-Length: 35208 < Vary: Accept-Encoding < Content-Type: text/html; charset=UTF-8
httpd.conf的相关部分如下所示. cURL成绩单如下所示. Apache@L_345_2@mod_header被加载,并且grepping所有日志不会显示错误.
Apache版本是Apache / 2.4.6(CentOS). PHP版本是5.4.16(cli)(内置:2016年8月11日21:24:59). Mediawiki版本是1.26.4.
这可能是什么问题,我怎么能解决这个问题?
<VirtualHost *:80> ServerName www.cryPTOPp.com ServerAlias *.cryPTOPp.com *.cryPTOPp.* cryPTOPp.com <IfModule mod_rewrite.c> RewriteENGIne On RewriteCond %{requEST_METHOD} ^TRACE RewriteRule .* - [F] RewriteCond %{requEST_METHOD} ^TRACK RewriteRule .* - [F] #redirect all port 80 traffic to 443 RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^/?(.*) https://www.cryPTOPp.com/$1 [L,R] </IfModule> </VirtualHost> <VirtualHost *:443> ServerName www.cryPTOPp.com ServerAlias *.cryPTOPp.com *.cryPTOPp.* cryPTOPp.com <IfModule mod_headers.c> Header set Strict-Transport-Security "max-age=10886400; includeSubDomains" </IfModule> </VirtualHost>@H_3_3@mod_headers中
# cat /etc/httpd/conf.modules.d/00-base.conf | grep headers LoadModule headers_module modules/mod_headers.so # httpd -t -D DUMP_MODULES | grep header headers_module (shared)
错误日志
# grep -IR "Strict-Transport-Security" /etc /etc/httpd/conf/httpd.conf: Header set Strict-Transport-Security "max-age=10886400; includeSubDomains" env=httpS # grep -IR "Strict-Transport-Security" /var/log/ # grep -IR "mod_headers" /var/log/ #
的.htaccess
# find /var/www -name '.htaccess' -printf '%p\n' -exec cat {} \; /var/www/html/w/cache/.htaccess Deny from all /var/www/html/w/languages/.htaccess Deny from all /var/www/html/w/extensions/MobileFrontend/dev-scripts/.htaccess Deny from all /var/www/html/w/maintenance/archives/.htaccess Deny from all /var/www/html/w/maintenance/.htaccess Deny from all /var/www/html/w/serialized/.htaccess Deny from all /var/www/html/w/images/temp/.htaccess # Protect against bug 28235 <IfModule rewrite_module> RewriteENGIne On RewriteCond %{QUERY_StriNG} \.[^\\/:*?\x22<>|%]+(#|\?|$) [nocase] RewriteRule . - [forbidden] </IfModule> /var/www/html/w/images/.htaccess # Protect against bug 28235 <IfModule rewrite_module> RewriteENGIne On RewriteCond %{QUERY_StriNG} \.[^\\/:*?\x22<>|%]+(#|\?|$) [nocase] RewriteRule . - [forbidden] # Fix for bug T64289 Options +FollowSymLinks </IfModule> /var/www/html/w/images/deleted/.htaccess Deny from all /var/www/html/w/includes/.htaccess Deny from all /var/www/html/.htaccess RewriteENGIne on RewriteRule ^wiki/?(.*)$/w/index.PHP?title=$1 [L,QSA] <IfModule mod_deflate.c> <Filesmatch "\.(js|css|html)$"> SetOutputFilter DEFLATE </Filesmatch> </IfModule>
卷曲成绩单
$/usr/local/bin/curl -Lv cryPTOPp.com * Rebuilt URL to: cryPTOPp.com/ * Trying 192.210.150.121... * TCP_NODELAY set * Connected to cryPTOPp.com (192.210.150.121) port 80 (#0) > GET / http/1.1 > Host: cryPTOPp.com > User-Agent: curl/7.51.0 > Accept: */* > < http/1.1 302 Found < Date: Sat,05 Nov 2016 22:49:25 GMT < Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips < LOCATIOn: https://www.cryPTOPp.com/ < Content-Length: 209 < Content-Type: text/html; charset=iso-8859-1 < * Ignoring the response-body * Curl_http_done: called premature == 0 * Connection #0 to host cryPTOPp.com left intact * Issue another request to this URL: 'https://www.cryPTOPp.com/' * Trying 192.210.150.121... * TCP_NODELAY set * Connected to www.cryPTOPp.com (192.210.150.121) port 443 (#1) * ALPN,offering http/1.1 * Cipher SELEction: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify LOCATIOns: * CAfile: /opt/local/share/curl/curl-ca-bundle.crt CApath: none * TLSv1.2 (OUT),TLS header,Certificate Status (22): * TLSv1.2 (OUT),TLS handshake,Client Hello (1): * TLSv1.2 (IN),Server Hello (2): * TLSv1.2 (IN),Certificate (11): * TLSv1.2 (IN),Server key exchange (12): * TLSv1.2 (IN),Server finished (14): * TLSv1.2 (OUT),Client key exchange (16): * TLSv1.2 (OUT),TLS change cipher,Client Hello (1): * TLSv1.2 (OUT),Finished (20): * TLSv1.2 (IN),Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN,server did not agree to a protocol * Server certificate: * subject: OU=Domain Control Validated; OU=COMODO SSL Unified Communications * start date: Sep 17 00:00:00 2015 GMT * expire date: Sep 16 23:59:59 2018 GMT * subjectAltName: host "www.cryPTOPp.com" matched cert's "www.cryPTOPp.com" * issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Server CA * SSL certificate verify ok. > GET / http/1.1 > Host: www.cryPTOPp.com > User-Agent: curl/7.51.0 > Accept: */* > < http/1.1 200 OK < Date: Sat,02 Nov 2016 01:27:08 GMT < ETag: "8988-5404756e12afc" < Accept-Ranges: bytes < Content-Length: 35208 < Vary: Accept-Encoding < Content-Type: text/html; charset=UTF-8 < <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <Meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Crypto++ Library 5.6.5 | Free C++ Class Library of Cryptographic scheR_32_11845@es</title> <Meta name="description" content= "free C++ library for cryptography: includes ciphers,message authentication codes,one-way hash functions,public-key cryptosystems,key agreement scheR_32_11845@es,and deflate compression"> <link rel="stylesheet" type="text/css" href="cryPTOPp.css"> </head> ...
以上是大佬教程为你收集整理的php – 虽然存在规则而未发送HSTS标头且已启用mod_headers全部内容,希望文章能够帮你解决php – 虽然存在规则而未发送HSTS标头且已启用mod_headers所遇到的程序开发问题。
如果觉得大佬教程网站内容还不错,欢迎将大佬教程推荐给程序员好友。
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。