AWS HTTPS Redirects
and why understanding the Stack Overflow answers are just as important as knowing they are there
I love Azure. Like a lot. As primarily a .NET guy, Azure makes everything pretty much easy. I think AWS wants to be .NET friendly, but they just don't seem to be there yet.
Recently, I was tasked with forcing HTTPS on a .NET Framework site that lives on AWS in Elastic Beanstalk. After some digging and some false starts, I found this answer on Stack Overflow which essentially boils down to this:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="Redirect to https" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
Great, problem solved!
Not so much. Now the server gives a 302: too many redirects error
"What?"
I took a minute to think about the error "too many redirects" and revisited the rewrite rule. Sure enough I noticed that all traffic was being forwarded. Including the HTTPS traffic. One minor modification for the url definition: ` and I was off and running. The final solution being:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="Redirect to https" stopProcessing="true">
<!--This is the updated line-->
<match url="http://.*" />
<!----------------------------------->
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
This ensures only HTTP requests are forwarded and HTTPS requests are left unmolested.
Software Development Nerd