Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Redirect to https through url rewrite in IIS within elastic beanstalk's load balancer

How do you use IIS's url rewrite module to force users to use ssl while you are behind an elastic beanstalk load balancer?

like image 289
Ross Pace Avatar asked Nov 05 '13 14:11

Ross Pace


People also ask

How do I redirect https request to HTTP in IIS?

Without considering the security of your website, just remove the Https binding and add an Http binding in the site binding module in IIS. The website will work only over the HTTP protocol. Besides, Also, IIS URL Rewrite Extension is another choice to achieve this. Install the IIS URL Rewrite Extension .


1 Answers

This is more difficult than it sounds for a few reasons. One, the load balancer is taking care of ssl so requests passed from the load balancer are never using ssl. If you use the traditional rewrite rule you will get an infinite loop of redirects. Another issue to contend with is that the AWS healthcheck will fail if it receives a redirect response.

  1. The first step in the solution is to create a healthcheck.html page and set it in the root directory. It doesn't matter what the content is.
  2. Set your load balancer to use the healthcheck.html file for health checks.
  3. Add the rewrite rule below in your web.config's <system.webServer><rewrite><rules> section:

    <rule name="Force Https" stopProcessing="true">    <match url="healthcheck.html" negate="true" />    <conditions>        <add input="{HTTP_X_FORWARDED_PROTO}" pattern="https" negate="true" />    </conditions>    <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" /> </rule> 

Notice that the rule match is on anything but our healthcheck file. This makes sure the load balancer's health check will succeed and not mistakenly drop our server from the load.

The load balancer passes the X-Forwarded-Proto value in the header which lets us know if the request was through https or not. Our rule triggers if that value is not https and returns a permanent redirect using https.

like image 116
Ross Pace Avatar answered Sep 23 '22 11:09

Ross Pace