Force HTTP to HTTPS through an AWS EC2 load-balancer

Question

We have an AWS EC2 load-balancer and it has SSL certificate installed on it. But the servers in the pool are still running on port 80 and non-SSL protocol.

The issue is that i do not have access to the load-balancer, but i still have to route the non-SSL traffic to secure HTTPS. I tried adding following in the htaccess but it did not work and understandable that is because the servers are still running on HTTP.

RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

I tried the same thing in PHP code, that did not work either.

if (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on") {
        $url = "https://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
        redirect($url);
        exit;
    }

So, i get that servers are still running on HTTP and the certificate is only applied on load-balancer. What would be the best solution to forc such redirect in this scenario. One solution i could think of is parsing URL in the code to see if it has http:// in there and redirect. This might work but i dont really think it as a clean and final solution. Is there a way AWS EC2 can redirect in such manner? I am not familiar with AWS EC2.

Also, are there any server parameters that might suggest that the server is running on port 80 but the HTTPS is still on?

Check whether this helps http://stackoverflow.com/questions/5309910/https-setup-in-amazon-ec2 — Shri.harry, Aug 20 '15 at 05:39
@Shri.harry Is there any other way i can do it through server side code? — xmaestro, Aug 20 '15 at 05:40
@Shri.harry HTTPS is already enabled. I just need to force redirect http -> https. — xmaestro, Aug 20 '15 at 05:41

score 5 · Accepted Answer · answered Aug 20 '15 at 06:43

I was able to find a solution in AWS docs here.

It says that AWS load-balancer forwards following server vars to the pool.

X-Forwarded-Proto specifies the protocol (“http” or “https”) of the original request made to the Elastic Load Balancer.
X-Forwarded-Port specifies the port of the original request.

So, since we are using AWS EC2, it solves the problem but be careful using in case you are using some other environment since they might not be present there.

The complete code is:

if(isset($_SERVER['HTTP_X_FORWARDED_PROTO'])){

        if ($_SERVER['HTTP_X_FORWARDED_PROTO']=="http") {
            $url = "https://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
            redirect($url);
            exit;
        }

    }

score 2 · Answer 2 · answered Oct 02 '16 at 12:22

2

Use the following rule:

RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]

answered Oct 02 '16 at 12:22

Ravi Shanker

159
1
4

score 0 · Answer 3 · answered Nov 27 '17 at 01:07

https://stackoverflow.com/questions/5106313/redirecting-from-http-to-https-with-php

So, from the link above, I used this PHP code in the header.php file that all of the other files call:

<?php
if (!(isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on' || 
   $_SERVER['HTTPS'] == 1) ||  
   isset($_SERVER['HTTP_X_FORWARDED_PROTO']) &&   
   $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'))
{
   $redirect = 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
   header('HTTP/1.1 301 Moved Permanently');
   header('Location: ' . $redirect);
   exit();
}
?>

This changed all requests to HTTPS and seems to cover all bases

Force HTTP to HTTPS through an AWS EC2 load-balancer

3 Answers3