首先日常婊一下长城宽带:毁我青春费我钱财
什么都劫持一发(不过基本上天朝的ISP都是这个尿性
HTTPS是个不错的解决方法,但是

但是HTTP301/302转跳还是得走HTTP啊(
那就上HSTS咯,第一次访问之后在指定的时间内浏览器全自动变成HTTPS
爽爽爽
部署好SSL证书之后,打开你虚拟主机的conf,在最后面加几行

Header always set Strict-Transport-Security "max-age=15552000; includeSubdomains;preload"
SSLProtocol             all -SSLv2 -SSLv3
SSLCipherSuite          ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-
POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-
AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-
AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-
AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-
SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-
AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-
RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-
SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder     on

保存,重启apache,然后就可以了。然后还可以上SSLlab检查一下你证书哪里有不对
如果你还有强迫症的话,就去一起申请HSTS Preload List咯
HSTS算是大招了,不要随便开。。冷却时间到了的话就GG

比如本站:
QQ截图20170111222304.png

A+!A+!A+!【激动个屁啊又不是作业本上的(打飞
现在加入了HSTS Preload List的.tokyo域名只有两个
我会不会是第三个呢OvO