How to force HTTPS redirection behind AWS ELB

Please share it on

Few days back I was trying to redirect all my http traffic to https by default with help of an elastic loadbalancer mounted with two webservers. I have enabled both 80 and 443 port numbers in listener section and added SSL certificate.

My DNS records are

A w3bootstrap.com webserver1 ip
CNAME www aws-elastic-loadbalancer-url

elb, loadbalacner
In WebServer 1 – I’m using apache HTTP web server, redirects all http root domain traffic to https with www

RewriteEngine on
RewriteCond %{HTTP_HOST} ^w3bootstrap\.com
RewriteRule ^(.*)$ https://www.w3bootstrap.com$1 [R=permanent,L]

Now, I’m redirecting all http://www.w3bootstrap.com traffic to https://www.w3bootstrap.com . In DNS, WWW CNAME record is directly pointing towards elastic loadbalacner.

Elastic loadbalancer supports HTTP X-Forwarded-Proto headers. By using that we can forward all http requests to https. ELB frequently checks the health status of attached servers. So while setup redirect, we must bypass the health check links

#Bypass ELB-Healthchecker from redirection. It will provide 301 output in the logs, that causes server shows out of service in elb
RewriteCond %{HTTP_USER_AGENT} !^ELB-HealthChecker
#By using HTTP:X-Forwarded-Proto does not contains HTTPS
RewriteCond %{HTTP:X-Forwarded-Proto} !https
#Request forward option
RewriteRule !/status https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

Save the configuration and restart apache webserver.

Type to load root domain, it should redirect to https://www.yourdomain.com

If it’s not works, please leave the errors in comments or if you have any other method for redirction, please let me know through comments.

Please share it on

7 Comments for “How to force HTTPS redirection behind AWS ELB”

says:

Hello Sathish,

I am getting following error after applying above mentioned configuration. Currently i am using http protocol with default / for health check

HTTP/1.1 503 Service Unavailable: Back-end server is at capacity
Content-Length: 0
Connection: keep-alive

eitanw

says:

is this valid in the ELB / ESB setup ?
were would you place the directive ? in the ELB or in the EC2 instances ? and where ?
What about auto-scaling ? how do you make sure this directive is in effect in all newely craeted instances ?

thx

Laxman

says:

Hi Satish,

i have one question, why you using https behind ELB. Because ELB provide SSL termination functionality. ELB is good place to deploy SSL and provide security for certain attack.

80 ================ 80

443===============80

if you want to diffrentiate http/https request on backend. you need to implement header capture on code on application side.

Leave a Reply

Your email address will not be published. Required fields are marked *