AWS Elasticbeanstalk single instance Force SSL Redirect loop

Question

I'm having issues by forcing ssl. I'm using codeigniter and deployed it in AWS single instance with elasticbeanstalk. My htaccess rules below:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule !/status https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]

But browser gets in a redirect loop. Whatever i tried didnt solve this problem.

Answer 1

As I mentioned in my comment:

in the ssl.conf every call from port 443 is "proxyed" to port 80, so you never get https = on.

I did some tests and I found out that the ProxyPass directive in ssl.conf does not simply redirect every request from port 443 to localhost:80, but basically repeats the request to Apache from scratch, through the port 80 (at least, that's what I understood).

I checked the value of $_SERVER and found out that HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED_HOST and HTTP_X_FORWARDED_SERVER are set during a HTTPS request (but they are NOT set during a HTTP request), meanwhile SERVER_ADDR and REMOTE_ADDR are set to 127.0.0.1 during a HTTPS request (but they are set to different values for HTTP requests).

I assume you can easily check if your request was plain HTTP with something like this (check the syntax, I'm rubbish with Apache):

RewriteCond %{ENV:HTTP_X_FORWARDED_SERVER}   !^$

or

RewriteCond %{ENV:SERVER_ADDR}   !^127\.0\.0\.1

BEWARE: I couldn't find any reference in AWS documentation, it's just an empiric result... they can easily change this behavior!

Happy coding! :)