How do you use IIS's url rewrite module to force users to use ssl while you are behind an elastic beanstalk load balancer?
Without considering the security of your website, just remove the Https binding and add an Http binding in the site binding module in IIS. The website will work only over the HTTP protocol. Besides, Also, IIS URL Rewrite Extension is another choice to achieve this. Install the IIS URL Rewrite Extension .
This is more difficult than it sounds for a few reasons. One, the load balancer is taking care of ssl so requests passed from the load balancer are never using ssl. If you use the traditional rewrite rule you will get an infinite loop of redirects. Another issue to contend with is that the AWS healthcheck will fail if it receives a redirect response.
Add the rewrite rule below in your web.config's <system.webServer><rewrite><rules>
section:
<rule name="Force Https" stopProcessing="true"> <match url="healthcheck.html" negate="true" /> <conditions> <add input="{HTTP_X_FORWARDED_PROTO}" pattern="https" negate="true" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" /> </rule>
Notice that the rule match is on anything but our healthcheck file. This makes sure the load balancer's health check will succeed and not mistakenly drop our server from the load.
The load balancer passes the X-Forwarded-Proto value in the header which lets us know if the request was through https or not. Our rule triggers if that value is not https and returns a permanent redirect using https.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With