Avani shows you how to
redirect HTTP traffic to HTTPS
using a load balancer and Apache

redirect-http-https-elb-avani

I am using Elastic Load Balancing (ELB), and I have both HTTP and HTTPS listeners on my Classic Load Balancer. When I add redirection logic to my web servers, my website stops working and I receive the error ERR_TOO_MANY_REDIRECTS. The load balancer is offloading SSL and the backend is only listening on a single HTTP port. I want all traffic coming to my web server on port 80 via the load balancer to be redirected to HTTPS port 443, but I don’t want to change my backend listener to port 443. How do I resolve this issue?

If you're using Classic Load Balancers, you can’t redirect HTTP traffic to HTTPS at the load balancer level. Instead, implement any redirection logic in the web servers behind the load balancers.

The following leads to an infinite loop of redirection between the load balancer and the backend web server:

  1. The rewrite rule on the web server for directing HTTP requests to HTTPS forces requests to use port 443 for HTTPS traffic on the load balancer.
  2. The load balancer still sends requests to the backend web server on port 80.
  3. The backend web server redirects requests to port 443 on the load balancer.

The error ERR_TOO_MANY_REDIRECTS is returned, and the requests are never served.

To resolve this, change your web server’s rewrite rule using the X-Forwarded-Proto header of the HTTP request to apply only if the client protocol is HTTP. Ignore the rewrite rule for all other protocols used by the client.

Note: If you're using Application Load Balancers, use redirect actions to redirect traffic instead.

The following examples for Apache, NGINX, and IIS web servers do the following:

  • When clients use HTTP to access your website, they are redirected to an HTTPS URL.
  • When clients use HTTPS to access your website, they are served directly by the web server.

Apache servers: virtual host file method (recommended)

Include the rewrite rule in your virtual host section of the configuration file. For example, with an Apache httpd server, edit the /etc/httpd/conf/httpd.conf file, and for Apache 2.4, edit the .conf file in the /etc/apache2/sites-enabled/ folder.

<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
</VirtualHost>

Apache servers: .htaccess file method (not recommended)

Warning: Using .htaccess is not recommended and should be used only if you do not have access to the main configuration file. See Apache HTTP Server Tutorial: .htaccess files.

1. Enable .htaccess from the Apache configuration file from the directory directive. For example, with an Apache httpd server, edit the /etc/httpd/conf/httpd.conf file. For Apache 2.4, edit the conf file in the /etc/apache2/sites-enabled/ folder. See Apache HTTP Server Tutorial: .htaccess files.

<Directory "/var/www/html">
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

2. Add the following rewrite rule to your .htaccess file:

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]

NGINX servers

Note: Applicable to nginx/1.10.3 (Ubuntu) and nginx/1.12.1 (Amazon Linux).

Modify the following example rewrite rule (nginx.conf):

server {
    listen 80;
    server_name _;
    if ($http_x_forwarded_proto = 'http'){
    return 301 https://$host$request_uri;
    }
}

IIS servers

Note: Applicable only to Microsoft Windows Server 2012 R2 and 2016 Base.

1. Install the URL rewrite module from Microsoft IIS Downloads.

2. Modify the following example rewrite rule for an IIS backend under the <system.webServer> section of web.config:

<rewrite>
    <rules>
        <rule name="Rewrite HTTP to HTTPS" stopProcessing="true">
            <match url="^(.*)$"/>
            <conditions logicalGrouping="MatchAny">
                <add input="{HTTP_X_FORWARDED_PROTO}" pattern="^http$"/>
            </conditions>
            <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}"/>
        </rule>
    </rules>
</rewrite>

3. Open the IIS Manager and then refresh the default website. The rule should be visible in the URL Rewrite section.

4. Restart the website and confirm the redirection works.


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2016-08-12

Updated: 2018-08-31