さくらレンタルサーバでhttps強制転送(+Basic認証)とサーバ変数一覧

http で接続してきたら Basic認証せずに https へリダイレクトさせて、httpsでは Basic認証をおこなう .htaccess の設定

さくら側の仕様変更による経緯
  • X_SAKURA_FORWARDED_FOR を利用(リダイレクトループ回避) → 2018/3に仕様変更
  • X-FORWARDED-PROTO を利用 → 2020/5中頃に廃止??
  • REQUEST_SCHEME を利用 (2020/5/27現在)

https へのリダイレクト
RewriteEngine On
RewriteCond %{ENV:HTTPS} !^on$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
https のみ Basic認証をかける
<If "%{REQUEST_SCHEME} == 'https'">
AuthType Basic
AuthName "Auth Access"
Require valid-user
AuthUserFile パスワードファイル
</If>
判定に "%{ENV:HTTPS} == 'on'" を用いたところ、ルートのみ認証がかかってしまい、それ以下に認証がかからなかった


2018/08/21 の独自ドメイン(SNI) で接続 + php の print_r($_SERVER) による情報
※以下の環境変数を.htaccessで利用する場合 _(アンダーバー)と-(ハイフン)の違いに注意

http:// リクエスト
[REDIRECT_STATUS] => 200
[PHPRC] => /home/さくらユーザー名/www
[PATH] => /usr/local/bin:/usr/bin:/bin
[HTTP_HOST] => www.example.com
[HTTP_X_REAL_IP] => リモートホストIP
[HTTP_X_FORWARDED_PROTO] => http ←2020/5中頃廃止
[HTTP_LISTEN_IPADDR] => サーバIP
[HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0
[HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
[HTTP_ACCEPT_LANGUAGE] => ja,en-US;q=0.8,en;q=0.5,zh-CN;q=0.3
[HTTP_ACCEPT_ENCODING] => gzip, deflate
[HTTP_DNT] => 1
[HTTP_UPGRADE_INSECURE_REQUESTS] => 1
[SERVER_SIGNATURE] =>
[SERVER_SOFTWARE] => Apache
[SERVER_NAME] => www.example.com
[SERVER_ADDR] => 100.64.0.93
[SERVER_PORT] => 80
[REMOTE_HOST] => リモートホスト名
[REMOTE_ADDR] => リモートホストIP
[DOCUMENT_ROOT] => /home/さくらユーザー名/www/example.com
[REQUEST_SCHEME] => http
[CONTEXT_PREFIX] =>
[CONTEXT_DOCUMENT_ROOT] => /home/さくらユーザー名/www/example.com
[SERVER_ADMIN] => support@sakura.ad.jp
[SCRIPT_FILENAME] => /home/さくらユーザー名/www/example.com/check/index.php
[REMOTE_PORT] => 62823
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.1
[REQUEST_METHOD] => GET
[QUERY_STRING] =>
[REQUEST_URI] => /check/
[SCRIPT_NAME] => /check/index.php
[PHP_SELF] => /check/index.php
[REQUEST_TIME_FLOAT] => 1534814528.2287
[REQUEST_TIME] => 1534814528

https:// リクエスト
[REDIRECT_STATUS] => 200
[PHPRC] => /home/さくらユーザー名/www
[PATH] => /usr/local/bin:/usr/bin:/bin
[HTTPS] => on
[HTTP_HOST] => www.example.com
[HTTP_X_REAL_IP] => リモートホストIP
[HTTP_X_FORWARDED_PROTO] => https ←2020/5中頃廃止
[HTTP_X_SAKURA_FORWARDED_FOR] => リモートホストIP
[HTTP_LISTEN_IPADDR] => サーバIP
[HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0
[HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
[HTTP_ACCEPT_LANGUAGE] => ja,en-US;q=0.8,en;q=0.5,zh-CN;q=0.3
[HTTP_ACCEPT_ENCODING] => gzip, deflate, br
[HTTP_DNT] => 1
[HTTP_UPGRADE_INSECURE_REQUESTS] => 1
[HTTP_CACHE_CONTROL] => max-age=0
[SERVER_SIGNATURE] =>
[SERVER_SOFTWARE] => Apache
[SERVER_NAME] => www.example.com
[SERVER_ADDR] => サーバIP
[SERVER_PORT] => 443
[REMOTE_HOST] => リモートホスト名
[REMOTE_ADDR] => リモートホストIP
[DOCUMENT_ROOT] => /home/さくらユーザー名/www/ルートパス
[REQUEST_SCHEME] => https
[CONTEXT_PREFIX] =>
[CONTEXT_DOCUMENT_ROOT] => /home/さくらユーザー名/www/example.com
[SERVER_ADMIN] => support@sakura.ad.jp
[SCRIPT_FILENAME] => /home/さくらユーザー名/www/example.com/check/index.php
[REMOTE_PORT] => 11490
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.1
[REQUEST_METHOD] => GET
[QUERY_STRING] =>
[REQUEST_URI] => /check/
[SCRIPT_NAME] => /check/index.php
[PHP_SELF] => /check/index.php
[REQUEST_TIME_FLOAT] => 1534814441.4968
[REQUEST_TIME] => 1534814441

コメント