Avani shows you how to
redirect HTTP traffic to HTTPS
using a load balancer and Apache

redirect-http-https-elb-avani

I am using both HTTP and HTTPS listeners on my Elastic Load Balancing (ELB) load balancer. The ELB is offloading SSL, and the backend is listening only on a single HTTP port (HTTPS to HTTP). I want all traffic coming to my web server on port 80 to be redirected to HTTPS port 443, but I don’t want to change my backend listener to port 443. When I redirect traffic, my website stops working, and I receive this error message: ERR_TOO_MANY_REDIRECTS. How do I resolve this?

This error is commonly caused by the following:

  1. The rewrite rule on the web server for directing HTTP requests to HTTPS causes requests to use port 443 for HTTPS traffic on the load balancer.
  2. The load balancer still sends the requests to the backend web server on port 80.
  3. The backend web server redirects these requests to port 443 on the load balancer.

This causes an infinite loop of redirection between the load balancer and the backend web server, and the requests are never served.

Using the X-Forwarded-Proto header of the HTTP request, change your web server’s rewrite rule to apply only if the client protocol is HTTP. Ignore the rewrite rule for all other protocols used by the client.

This way, if clients use HTTP to access your website, they are redirected to an HTTPS URL, and if clients use HTTPS, they are served directly by the web server.

Note: This article provides examples for Apache, Nginx, and IIS web servers.

Apache

Use the mod_rewrite rule in either the virtual host or .htaccess file. We recommend using the virtual host file for the redirect rule as a best practice.

Virtual host file (recommended)

The rewrite rule must be included in your virtual host section of the configuration file. For example, with Apache httpd server, edit the /etc/httpd/conf/httpd.conf file, and for Apache 2.4, edit the conf file in the /etc/apache2/sites-enabled/ folder.

<VirtualHost *:80>

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]

</VirtualHost>

.htaccess file

Note: Using .htaccess is not recommended and should be used only if you do not have access to the main configuration file. For more information, see Apache HTTP Server Tutorial: .htaccess files.

To use .htaccess, you must enable it from the Apache configuration file from the directory directive. For example, with Apache httpd server, edit the /etc/httpd/conf/httpd.conf file. For Apache 2.4, edit the conf file in the /etc/apache2/sites-enabled/ folder. For more information, see Apache HTTP Server Tutorial: .htaccess files.

<Directory "/var/www/html">
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

The rewrite rule in the .htaccess file is similar to the following:

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]

Nginx

The rewrite rule for an Nginx backend in the ngnix.conf file is similar to the following:

Note: Applies to versions nginx/1.10.3 (Ubuntu) and nginx/1.12.1 (Amazon Linux).

server {
    listen   80;
    server_name    www.example.org;   
    if ($http_x_forwarded_proto = 'http') {
         return 301 https://$server_name$request_uri;   
    }
}

IIS

Before changing your web.config file, you must install the URL rewrite module from Microsoft IIS Downloads.

The rewrite rule for an IIS backend is similar to the following in the web.config file under the <system.webServer> section:

Note: Applies only to Microsoft Windows Server 2012 R2 and 2016 Base.

<rewrite> 
<rules> 
<rule name="Rewrite HTTP to HTTPS” stopProcessing=”true”> 
<match url="^(.*)$" /> 
<conditions logicalGrouping=”MatchAny”> 
<add input="{HTTP_X_FORWARDED_PROTO}" pattern="^http$" />
</conditions> 
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" /> 
</rule> 
</rules> 
</rewrite>

Open the IIS Manager and then refresh the default website. The rule should be visible in the ‘URL Rewrite’ section. Restart the website and then test it.


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2016-08-12

Updated: 2018-03-27