当前位置:首页-全部动态

HTTPS用于网站安全防护的原因是什么?

来源:http://www.daoshangbao.cn 时间:2019/11/27

  HTTPS (超文字平安传输通讯协议) 是一种网络通讯协议,可确保材料在运用者的电脑和网站之间传输时,保有完好性和秘密性。运用者造访任何网站时,都希望能享有平安而私密的线上体验。因而,无论网站的内容为何,我们济阳网站建设公司都倡议您采用HTTPS 来确保网站运用者的连线平安性。

  HTTPS (Hypertext safe transmission communication protocol) is a kind of network communication protocol, which can ensure the integrity and confidentiality of materials when they are transmitted between users' computers and websites. When users visit any website, they hope to enjoy a safe and private online experience. Therefore, no matter what the content of the website is, our Jiyang website construction company proposes that you use HTTPS to ensure the connection safety of website users.

济阳网站建设

  透过HTTPS传送的材料十分平安,由于HTTPS会透过「传输层平安性」通讯协议( TLS )提供以下三道重要的资安防护网:

  The materials transmitted through HTTPS are very safe, because HTTPS will provide the following three important data security protection networks through the transport layer security communication protocol (TLS):

  加密:对交流的材料进行加密,避免材料遭到窃取。也就是说,当运用者在阅读网站时,任何人都无法「窃听」其对话、追踪他们在多个网页之间转换的活动,或窃取其资讯。

  Encryption: encrypting the communication materials to avoid stealing the materials. That is to say, when users are reading the website, no one can "eavesdrop" their conversations, track their activities of switching between multiple pages, or steal their information.

济阳网站建设

  材料完好性:系统会侦测出材料在传输过程中能否遭到有意或无意的修正或毁坏。

  Material integrity: the system will detect whether the material can be modified or destroyed intentionally or unintentionally during transmission.

  考证:考证您的运用者能否与预期的网站停止通讯。这能预防拦截式攻击并树立运用者的信任感,进而促进其他商业利益。

  Research: check whether your users can stop communicating with the expected website. This can prevent intercepting attacks and build the user's trust, thus promoting other business interests.

  实作HTTPS 的更佳做法

  Better way to implement HTTPS

  运用牢靠的平安性凭证

  Use reliable safety certificate

  在您为网站启用HTTPS时,必需获得平安性凭证。此凭证是由凭证受权单位 (CA)所核发,会透过几个步骤来考证您的网址的确是贵机构一切,借此维护客户免于遭受拦截式攻击。设定凭证时请务必选择2048位元金钥,以确保较高等级的平安性。假如您原有的凭证运用平安性较弱的金钥(1024位元),请将金钥晋级至2048位元。选择网站凭证时,请留意下列事项:

  When you enable HTTPS for a website, you must obtain a security certificate. This certificate is issued by the authorized certificate authority (CA). It will verify your website through several steps, so as to protect customers from blocking attacks. When setting credentials, you must select a 2048 bit key to ensure a higher level of security. If your original certificate uses a less secure key (1024 bits), please upgrade the key to 2048 bits. Please pay attention to the following items when selecting website credentials:

  向可提供技术援助的牢靠CA 获得凭证。

  Obtain certification from a strong CA that can provide technical assistance.

  决议您需求的凭证品种:

  Determine the type of certificate you need:

  单一平安来源适用的单一凭证(例如www.ccxcn.com)。

  A single certificate applicable to a single Ping An source (for example, www.ccxcn. Com).

  多个知名平安来源适用的多重网域凭证(例如www.ccxcn.com、cdn.ccxcne.com、ccxcn.co.uk)。

  Multiple domain credentials applicable to multiple well-known Ping An sources (such as www.ccxcn.com, cdn.ccxcne.com, ccxcn. Co.uk).

  具有多个动态子网域的平安来源适用的万用字元凭证(例如a.ccxcn.com、b.ccxcn.com)。

  A universal character certificate (such as a.ccxcn.com, b.ccxcn. Com) applicable to a secure source with multiple dynamic subdomains.

济阳网站建设

  运用伺服器端301 重新导向

  Using server 301 to redirect

  透过伺服器端301 HTTP 重新导向将您的运用者和搜索引擎重新导向至HTTPS 网页或资源。

  Redirect your users and search engines to HTTPS pages or resources through server-side 301 HTTP redirection.

  确认Google 可以检索您的HTTPS 网页并树立索引

  Confirm that Google can retrieve and index your HTTPS pages

  请勿运用robots.txt 档案制止搜索引擎检索您的HTTPS 网页。

  Do not use the robots.txt file to prevent search engines from retrieving your HTTPS pages.

  请勿在您的HTTPS 网页中参加noindex 中继标志。

  Do not participate in the Noindex relay flag in your HTTPS page.

  您能够运用Google 模仿器测试Googlebot 能否能存取您的网页。

  You can use Google emulator to test whether Google bot can access your web page.

  援助HSTS

  Assistance HSTS

  倡议您让HTTPS网站援助HSTS ( HTTP严厉传输平安性 )。HSTS会让阅读器自动请求HTTPS网页,即便运用者在阅读器网址列中输入http亦然。此外,它也会指示Google在搜索结果中提供平安网址。这些措施能够尽可能降低运用者接触到不平安内容的风险。

  It is suggested that you let HTTPS website assist HSTs (HTTP strict transmission security). HSTs enables the reader to automatically request HTTPS pages, even if the user enters HTTP in the URL column of the reader. In addition, it will instruct Google to provide a safe website in its search results. These measures can reduce the risk of users' access to unsafe content as much as possible.

  如要援助HSTS,请运用援助HSTS 的网路伺服器,并启用这项功用。

  To assist HSTs, use the network server that supports HSTs and enable this function.

  固然HSTS 的平安性较高,但也会让恢复战略变得更为复杂,因而倡议您采用下列办法启用HSTS:

  Although the safety of HSTs is high, it will also make the recovery strategy more complex. Therefore, we suggest that you use the following methods to enable HSTs:

  先推出HTTPS 网页,再启用HSTS。

  First launch HTTPS page, then enable HSTs.

  开端传送含有简短max-age 的HSTS 标头。监控来自运用者和其他用户端的流量,以及其他相关内容的效果(例如广告)。

  Starts the HSTs header with a short Max age. Monitor traffic from users and other clients, as well as the effect of other related content (such as advertising).

  渐渐增加HSTS max-age 长度。

  Gradually increase the length of HSTs Max age.

  假如HSTS不会对您的运用者和搜索引擎产生负面影响,您就能够视需求让网站参加各大阅读器的HSTS预载清单中。

  If HSTs does not have a negative impact on your users and search engines, you will be able to include the site in the HSTs preload list of major readers as required.

  思索运用HSTS 预先载入机制

  Thinking about HSTs Preloading Mechanism

  假如您启用了HSTS,能够选择能否要援助HSTS预先载入机制来进步平安性和效能。如要启用预先载入机制,则必需前往hstspreload.org并按照规则提交您的网站。

  If you enable HSTs, you can choose whether you can assist with HSTs preloading to improve security and performance. To enable the preload mechanism, you must go to hstspreload.org and submit your website according to the rules.

  防止常见错误

  Prevent common errors

  在透过TLS 增强网站平安性的过程中,请防止下列错误:

  In the process of enhancing website security through TLS, please prevent the following errors:

  问题因应做法

  Solutions to problems

  凭证过时确保您的凭证一概处于更新状态。

  Obsolete credentials ensure that your credentials are always up to date.

  凭证的注册网站称号错误确认您已为放置网站的一切主机称号获得凭证。举例来说,假如您的凭证只适用于www.ccxcn.com,当运用者透过ccxcn.com (不含「www.」前置字串) 载入您的网站时,就会发作凭证称号不符的错误,因此无法存取网站。

  The registered website title of the certificate is wrong. Confirm that you have obtained the certificate for all the host titles of the website. For example, if your certificate is only applicable to www.ccxcn.com, when the user loads your website through ccxcn.com (excluding "www." prefix string), the error of inconsistent certificate title will occur, so the website cannot be accessed.

  短少伺服器称号指示 (SNI)援助确认您的网路伺服器援助SNI,而且您的运用者普遍运用援助的阅读器。一切新型阅读器均援助SNI,但假如您必需援助旧型阅读器,则需求一组专属IP。

  The short server designation indicator (SNI) helps to confirm that your web server supports SNI and that your users generally use assisted readers. SNI is supported by all new readers, but if you need to support older readers, you need a set of dedicated IPS.

  检索问题请勿运用robots.txt制止搜索引擎检索您的HTTPS网站。

  Do not use robots.txt to prevent search engines from retrieving your HTTPS website.

  索引问题尽可能允许搜索引擎为您的网页树立索引。请防止运用noindex中继标志。

  Indexing issues allow search engines to index your pages as much as possible. Please prevent using the Noindex relay flag.

  通讯协议版本过旧过旧的通讯协议版本会有平安性破绽,请的确运用更新版的TLS 程式库,并实作更新的通讯协议版本。

  The communication protocol version is too old and the old one will have security flaws. Please do use the updated TLS library and implement the updated version.

  混合式平安性元素HTTPS 网页上只能嵌入HTTPS 内容。

济阳网站建设

  Only HTTPS content can be embedded in HTTPS pages.

  HTTP 和HTTPS 网站上的内容不同请确保您HTTP 网站和HTTPS 网站上的内容分歧。

  The content on HTTP and HTTPS sites is different please make sure the content on your HTTP and HTTPS sites is different.

  HTTPS的HTTP状态码错误检查您的网站能否传回正确的HTTP状态码。例如,200 OK代表可存取的网页,404或410则代表网页不存在。

  HTTPS HTTP status code error check if your website can return the correct HTTP status code. For example, 200 OK represents an accessible web page, and 404 or 410 represents that the web page does not exist.

  其他提示

  Other tips

  如要进一步理解如何在网站上运用HTTPS网页,请参阅HTTPS迁移常见问题。

  To learn more about using HTTPS pages on your site, see HTTPS migration FAQ.

  从HTTP 迁移至HTTPS

  Migrating from HTTP to HTTPS

  假如将网站从HTTP迁移至HTTPS,Google会视为变卦网址的网站迁移作业,并可能对您的流量带来暂时性影响。详情请参阅网站迁移概要网页的阐明。

  If you migrate your website from HTTP to HTTPS, Google will consider it a website migration job for changing your URL, and it may have a temporary impact on your traffic. Please refer to the website migration summary page for details.

  请将HTTPS 资源新增到Search Console。Search Console 会分别处置HTTP 和HTTPS;上述资源的材料在Search Console 中并不会共用。因而,假如您有分属于这两种通讯协议的网页,必需分别树立不同的Search Console 资源。

  Please add HTTPS resource to search console. The search console will handle HTTP and HTTPS respectively; the materials of the above resources will not be shared in the search console. Therefore, if you have web pages that belong to these two communication protocols, you must set up different search console resources.

  以上是济阳网站建设公司为大家介绍的HTTPS用于网站安全防护的原因,想要了解更多内容,欢迎访问网站:http://www.daoshangbao.cn

  The above is the reason why HTTPS is used for website security protection introduced by Jiyang website construction company. For more information, please visit http://www.daohangbao.cn