Avani shows you how to
redirect HTTP traffic to HTTPS
using a load balancer and Apache

redirect-http-https-elb-avani

I am using both HTTP and HTTPS listeners on my Elastic Load Balancing (ELB) load balancer. The ELB is offloading SSL, and the backend is listening only on a single HTTP port (HTTPS to HTTP). I want all traffic coming to my web server on port 80 to be redirected to HTTPS port 443, but I don’t want to change my backend listener to port 443. When I redirect traffic, my website stops working, and I receive this error message: ERR_TOO_MANY_REDIRECTS. How do I resolve this?

This error is commonly caused by the following:

  1. The rewrite rule on the web server for directing HTTP requests to HTTPS causes requests to use port 443 for HTTPS traffic on the load balancer.
  2. The load balancer still sends the requests to the backend web server on port 80.
  3. The backend web server redirects these requests to port 443 on the load balancer.

This causes an infinite loop of redirection between the load balancer and the backend web server, and the requests are never served.

Using the X-Forwarded-Proto header of the HTTP request, change your web server’s rewrite rule to apply only if the client protocol is HTTP. Ignore the rewrite rule for all other protocols used by the client.

This way, if clients use HTTP to access your website, they are redirected to an HTTPS URL, and if clients use HTTPS, they are served directly by the web server.

Note: This article provides examples for Apache, Nginx, and IIS web servers.

Apache

For example, the rewrite rule for an Apache backend would look similar to the following in .htaccess:

<VirtualHost *:80>
...
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule . https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
...
</VirtualHost>

Nginx

The rewrite rule for an Nginx backend in the ngnix.conf file would look similar to the following:

server {
      listen         80;
      server_name    www.example.org;
      if ($http_x_forwarded_proto != "https") {
          rewrite ^(.*)$ https://$server_name$REQUEST_URI permanent;
      }
}

IIS

Before making changes to your web.config file, you must install the URL rewrite module from Microsoft IIS Downloads.

The rewrite rule for an IIS backend would look similar to the following in the web.config file under <system.webServer> section:

Note: Applies to Microsoft Windows Server 2012 R2 and 2016 Base only.

<rewrite> 
<rules> 
<rule name="Rewrite HTTP to HTTPS” stopProcessing=”true”> 
<match url="^(.*)$" /> 
<conditions logicalGrouping=”MatchAny”> 
<add input="{HTTP_X_FORWARDED_PROTO}" pattern="^http$" />
</conditions> 
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" /> 
</rule> 
</rules> 
</rewrite>

Open the IIS Manager and refresh the default web site. The rule should be visible in the ‘URL Rewrite’ section. Restart the web site and test it.


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2016-08-12

Updated: 2017-10-27