1

Setup within the AWS ecosystem is multiple web sites across 2 domains using ELB, SSL, IIS & ASP.NET across 2 EC2 instances.

After a security audit, we discovered our cookies weren't set to secure, so I setup a URL rewrite to look for the appropriate header from ELB and set HTTPS to true. The problem is, users started getting emails stating https://www.test.com:80/ as the domain and unfortunately, we have too many references to Request.Url to make a change quickly.

Obviously IIS requires a different IP address (or port number) to host 2 SSL certificates. If we change the port number, we'll still have the same issue, so we were hoping to add a secondary IP address and point ELB to use it, but that doesn't appear to be supported. I'm fairly new to AWS, so I was hoping someone could give me some direction in terms of getting SSL to terminate within IIS on ELB.

So what I am asking is, is there a way to get ELB to use a specific IP Address instead of a generic EC2 instance which uses the primary IP Address?

Thank you in advance,

Andrew

Andrew Boyd
  • 171
  • 1
  • 12

1 Answers1

0

If we change the port number, we'll still have the same issue,

No, you wouldn't.

Set up a second ELB using standard ports toward the Internet and custom ports toward the instance(s).

Michael - sqlbot
  • 169,571
  • 25
  • 353
  • 427
  • In ASP.NET wouldn't Request.Url return https://www.test.com:44300 if you used 44300 as the port number? – Andrew Boyd Apr 12 '16 at 23:50
  • Well, it *shouldn't* be, because the port used for connecting to the instance by the balancer shouldn't appear in the `Host:` header, because the balancer shouldn't put it there -- unlike what would be expected if you pointed a browser directly at `example.com:43000`, in which case [it would](http://stackoverflow.com/a/3364396/1695906). Probably worth investigating. I run non-MS web servers behind ELB on strange ports and have never even considered this something to expect to be broken. – Michael - sqlbot Apr 13 '16 at 00:22
  • However, this follow up does potentially explain what you were talking about with regard to `https://www.test.com:80/`, which, previously, made no sense to me at all. – Michael - sqlbot Apr 13 '16 at 00:24