ApacheAWSWebserver

How to Force HTTPS Behind AWS ELB

By July 30, 2017 No Comments

When using https with an AWS ELB the normal redirect of http requests to  https can cause a redirect loop.  We have to look at the request, make sure it’s not already https.

The Amazon Elastic Load Balancer (ELB) supports a HTTP header called X-FORWARDED-PROTO.  All the HTTPS requests going through the ELB will have the value of X-FORWARDED-PROTO equal to “HTTPS“.  For the HTTP requests, you can force HTTPS by adding a simple rewrite rule, as follows:

1. Nginx

In your nginx site config file check if the value of X_FORWARDED_PROTO is https, if not, rewrite it:

server { listen 80; .... location / { if ($http_x_forwarded_proto != 'https') { rewrite ^ https://$host$request_uri? permanent; } .... } }

 

2. Apache

Same goes for Apache, add this rewrite rule to your site’s config file: (Centos location /etc/httpd/conf.d/)

<VirtualHost *:80> ... RewriteEngine On RewriteCond %{HTTP:X-Forwarded-Proto} !https RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} ... </VirtualHost>

 

3. IIS Windows

Install IIS Url- Rewrite module, using the configuration GUI add these settings

<rewrite xdt:Transform="Insert"> <rules> <rule name="HTTPS rewrite behind ELB rule" stopProcessing="true"> <match url="^(.*)$" ignoreCase="false" /> <conditions> <add input="{HTTP_X_FORWARDED_PROTO}" pattern="^http$" ignoreCase="false" /> </conditions> <action type="Redirect" redirectType="Found" url="https://{SERVER_NAME}{URL}" /> </rule> </rules> </rewrite>

Leave a Reply