Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

RequireHttps causes redirect loop on Amazon Elastic Load Balancer

I have an ASP.NET MVC 4 application running behind Amazon's elastic load balancer. Everything works OK when I install my SSL certificate on the load balancer and the web server and terminate SSL at the web server layer.

However, when I attempt to terminate at the load balancer layer, forwarding internal traffic from the load balancer to web servers un-encrypted on port 80, the RequireHttps attribute causes a redirect loop. This seemingly makes sense as it is requesting an encrypted channel and doesn't know that it is getting one (between the browser and load balancer). Has anyone run into this same issue? Any suggestions would be appreciated!

Edit: The solution

The following links may be useful to anyone else who runs into this issue:

MVC3, RequireHttps and custom handler result in http 310

https://gist.github.com/915869

like image 402
JP. Avatar asked Aug 27 '12 14:08

JP.


2 Answers

It seems that to use this functionality on AWS, you look at the "X-Forwarded-Proto" HTTP header item. If the initial request is HTTPS, the load balancer injects the header and it says "https". If it's HTTP, it says, "http".

Answer found here: http://aws.typepad.com/aws/2010/10/keeping-customers-happy-another-new-elastic-load-balancer-feature.html

like image 154
Tom Ligda Avatar answered Sep 29 '22 11:09

Tom Ligda


I was experiencing the same issue I found that the following RequireHttpsAttribute filter worked for me.

public class SSLFilter : RequireHttpsAttribute
{
    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        if (filterContext == null)
        {
            throw new ArgumentNullException("filterContext");
        }

        if (filterContext.HttpContext.Request.IsLocal ||
            (filterContext.RequestContext.HttpContext.Request.Headers.AllKeys.Contains("X-Forwarded-Proto") &&
            filterContext.RequestContext.HttpContext.Request.Headers.Get("X-Forwarded-Proto").ToLower().Equals("https")))
        {
            return;
        }

        base.OnAuthorization(filterContext);
    }
}
like image 20
James Parker Avatar answered Sep 29 '22 12:09

James Parker